Crowd 5.2 Release Notes
29 September, 2023
The Crowd team is proud to bring you Crowd 5.2.
Crowd 5.2.x is the last version that supports Server licenses. Learn what this means for you
Highlights
- Crowd 5.2.x is the last release to support Server licenses
- Self-project and sleep easy with rate limiting
- Notify users about their new accounts
- New events in the audit log
- New Tomcat version
- Security improvements
- Non-Marketplace apps upload disabled
More
Read the upgrade notes for important info about this release and see the full list of issues resolved.
Crowd 5.2.x is the last release to support Server licenses
Crowd 5.2 will be the last Crowd feature release available to download for Server, prior to the Server end of support date on Feb 15, 2024. All feature releases after Crowd 5.2 will only support our Data Center offering. Crowd 5.2 will continue to receive security and bug fixes in adherence to our Support policies.
We recommend that you upgrade to Data Center to remain secure and supported.
Self-protect and sleep easy with rate limiting
Without protections in place, automated integrations and scripts can hammer your Crowd instance with huge bursts of requests, leading to drops in performance and downtime. This creates unnecessary work for admins who get paged (often after hours) to fix issues, and then have to comb through logs to find the culprit so it doesn’t happen again.
Rate limiting changes all this by giving your Crowd instance the power to self-protect. Admins can now control how many REST API requests automations and scripts can make, and how often they can make them, meaning increased performance and team productivity (and hopefully for admins, more sleep too). Learn more about rate limiting
Notify users about their new accounts
You can now choose to send notifications to users once you create new accounts for them. This option is available only for users created in internal directories. Learn more about email notifications
New events in the audit log
The audit log now shows information about creating, modifying, or removing user attributes. Learn more about the audit log
New Tomcat version
We've upgraded Apache Tomcat to version 9.
Security improvements
In Crowd 5.2.1, we've added two new credential encoding mechanisms:
Argon2
Directories
Controlled directly from Crowd. It's a directory-wide feature so you can choose it for one directory, without affecting others. Can't be modified after a directory is created.
Advanced Atlassian-Security (PBKDF2-HMAC-SHA512)
Directories, Applications
Controlled by the crowd.advanced.security.password.encoder.enabled system property and disable by default. It's an instance-wide feature so it would affect all directories using Atlassian-Security and all applications.
Learn more about these improvements
Non-Marketplace apps upload disabled
Updated 22 April 2024
Starting from Crowd 5.2.4, manual uploads of non-Marketplace apps are disabled by default. Understand how to re-enable manual uploads
Complete list of changes and improvements
Here's a full list of issues resolved in this release:
Crowd 5.2.0 - 29 September 2023
Crowd 5.2.1 - 15 November 2023
Crowd 5.2.2 - 12 December 2023
Crowd 5.2.3 - 9 January 2024
Crowd 5.2.4 - 8 April 2024
Crowd 5.2.6 - 10 July 2024
Crowd 5.2.7 - 14 Aug 2024
This release doesn't include any resolved issues from our public instance, only small fixes and improvements.