This documentation relates to Crowd 2.4.
If you are using an earlier version, please view the previous versions of the Crowd documentation and select the relevant version.
Skip to end of metadata
Comment: Corrected links that should have been relative instead of absolute.
Go to start of metadata

14 October 2008
The Atlassian Crowd team is delighted to present Crowd 1.5.1.

Crowd 1.5.1 is a recommended upgrade which fixes a parameter injection vulnerability and other issues. Please refer to the security advisory for details of the security vulnerability, risk assessment and mitigation strategies.

When using Crowd for single sign-on (SSO), you can now specify that the 'secure' flag is set on the SSO cookie. This will enforce a secured connection, such as SSL, for all SSO requests. Note that if you set this flag, any applications not using a secure connection will not be able to participate in SSO. Potentially, this may make it impossible to log in to Crowd.

When generating session tokens, Crowd now includes a very large random number as part of the hash value. This makes it more difficult for a malicious third party to impersonate a legitimate Crowd user.

This release also brings a number of improvements to search functionality, particularly for LDAP directories and for Confluence instances integrated with Crowd.

Don't have Crowd 1.5 yet?
Take a look at the new features and other highlights in the Crowd 1.5 Release Notes.

Complete List of Fixes in Crowd 1.5.1

Labels:
None
Edit Labels