Crowd 2.0.9 Release Notes
17 May 2012The Atlassian Crowd team presents Crowd 2.0.9.
This is a security release to fix a critical vulnerability in Crowd that may allow unauthorized access to data. The scale we use (published as Security Levels for Security Issues) allows us to rank the severity as critical, high, moderate or low.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
The vulnerability allows an attacker to
- execute denial of service attacks against the Crowd server, or
- read all local files readable to the system user under which Crowd runs
Crowd 2.0.8 was an internal release.
Upgrading to Crowd 2.0.9
Complete List of Improvements and Fixes