Crowd 2.7.2 Release Notes
The Atlassian Crowd team presents Crowd 2.7.2.
This release is a recommended upgrade for all customers. It brings important fixes, which are listed below.
Responding to your feedback:
69 votes satisfied
Update: 21 May 2014
A critical security vulnerability has been found in previous versions of Crowd, and has been fixed in Crowd 2.7.2. It is recommended for all customers to upgrade to Crowd 2.7.2 as soon as possible.
Full security advisory: Crowd Security Advisory 2014-05-21
Some customers have reported crashes in Crowd 2.7.0 and Crowd 2.7.1 caused by database deadlocks when using database-backed token storage, which is the default option in Crowd. The 2.7.2 release contains fixes that address this problem. Customers who have switched to in-memory token storage to improve the stability of their Crowd servers are invited to switch back to the database-backed token storage after the upgrade.
SOAP regression fix
Crowd 2.7.1 shipped with a change that created a regression that potentially affected some Crowd SOAP API clients. It did not affect those using the Crowd integration Java SOAP library and Crowd 2.7.2 fixes the regression. Maintainers who applied the workaround detailed in the Crowd 2.7.1 Release Notes may continue using that workaround in Crowd 2.7.2. See - CWD-3838Getting issue details... STATUS for further discussion.
This release adds compatibility with Java 8.
Complete list of improvements and fixes