Crowd 4.4 Upgrade Notes
Here are some important notes on upgrading to Crowd 4.4. To learn about new features, see the release notes.
Upgrade notes
Here's some important information you should know about:
Crowd 4.4.4: Critical Security Misconfiguration Vulnerability - CVE-2022-43782
CVE-2022-43782 was addressed in Crowd 4.4.4. No additional actions are needed after the upgrade. However, it is recommended to review Remote Addresses of crowd application (Crowd console) and remove those addresses if no longer needed.
Applications are no longer allowed to change the email addresses of Crowd users
Crowd 4.4 requires that new email addresses are verified by their users. To avoid working around this requirement, Crowd will reject any requests for changing email addresses coming from connected applications.
This also means that admins will no longer be able to change email addresses of users through REST API.
Supported platforms
We're ending support for the following platforms:
PostreSQL 9.6