Crowd 5.0 Upgrade Notes

Here are some important notes on upgrading to Crowd 5.0. To learn about new features, see the release notes.

 Upgrade notes

Here's some important information you should know about:

Crowd 5.0.3: Critical Security Misconfiguration Vulnerability - CVE-2022-43782

CVE-2022-43782 was addressed in Crowd 5.0.3. No additional actions are needed after the upgrade. However, it is recommended to review Remote Addresses of crowd  application (Crowd console) and remove those addresses if no longer needed.

JDBCAppender has been removed (CVE-2022-23305)

Until now, you could use the JDBCAppender to forward the log files to the database. Due to a security vulnerability related to Log4j, we’ve made the decision to no longer support it.

If you’re using JDBCAppender, you’ll need to switch to a different monitoring tool, such as DailyLogAppender.

SOAP API has been removed

Crowd 5.0 doesn’t support SOAP API. If your custom scripts or apps rely on it, you’ll need to migrate to REST API. For more info on how to migrate, see SOAP to REST migration guide.

HTML rendering for email notifications

You can now enable HTML rendering for emails coming from Crowd. For more info, see Creating an email notification template.

Announcements on the login page

You can now inform your users about important changes by displaying an announcement banner on the login page. For more info, see Look and feel.

 Supported platforms

We've added support for the following databases:

  • PostgreSQL 13
  • PostgreSQL 14

App developers

See Preparing for Crowd 5.0 for any important changes regarding apps.

Last modified on Nov 18, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.