Crowd 2.3.6 Release Notes
20th December 2011
The Atlassian Crowd team is pleased to present Crowd 2.3.6.This release is a recommended upgrade which fixes a security flaw with SSL connections.
LDAP server host names are now checked against the certificate when an SSL connection is used and 'Secure SSL' is checked. Crowd will now verify that the server's SSL certificate is valid for the host name in the connection URL. As a workaround for deployments where there is an expected difference, using an 'ldaps' connection URL and leaving 'Secure SSL' unchecked will preserve the previous behavior and make an SSL connection but will not verify that the hostname and certificate match.
Crowd 2.3.5 was an internal release.
Upgrading to Crowd 2.3.6
Complete List of Improvements and Fixes