Crowd 5.1 Upgrade Notes

Here are some important notes on upgrading to Crowd 5.1. To learn about new features, see the release notes.

 Upgrade notes

Here's some important information you should know about:

Crowd 5.1.0: Critical Security Misconfiguration Vulnerability - CVE-2022-43782

CVE-2022-43782 was addressed in Crowd 4.4.4. No additional actions are needed after the upgrade.

However, we recommend that you review Remote Addresses of the crowd application (Crowd console) and remove addresses that are no longer needed. 

Crowd 5.1.0: Removing algorithms used for password encryption and migrating to the default one

In Crowd 5.1.0, we’ve removed the following algorithms used for password encryption: 

  • DES/CBC/PKCS5Padding

  • DESede/CBC/PKCS5Padding

The following one is still supported:

  • AES/CBC/PKCS5Padding

The removed algorithms will also be automatically migrated to the supported one during upgrade.

If you don’t want to migrate and instead keep using the removed algorithms, start Crowd with the following flag:

-Dcrowd.encryption.upgrade.disabled=true

For more info on password encryption, see Password encryption.

 Supported platforms

We're not making any changes to supported platforms in this release.

App developers

There aren't any important changes for app developers in this release.

Last modified on Nov 18, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.