Crowd 5.3 Release Notes

19 April, 2024

The Crowd team is proud to bring you Crowd 5.3.

Starting from 5.3, new releases of Crowd will be available only to Data Center customers. Learn what this means for you

Highlights

More

Read the upgrade notes for important info about this release and see the full list of issues resolved.



LDAP synchronization improvements

Crowd 5.3 brings improvements to the synchronization process which will affect both full and incremental synchronization.

  • Synchronization is now much faster
    We’ve improved the speed of full and incremental synchronization. The exact results will depend on the server performance and the performance/latency of the active directory.

  • Synchronization is now using less memory
    Crowd will now avoid duplicating objects that represent a group name or username from the active directory.

  • Synchronization issue with fallback on Microsoft Active Directory is now fixed
    We’ve fixed the issue of adding a group to an active directory while full synchronization was running that would cause the next incremental synchronization to fail and fall back to a full synchronization. This would log warnings "Failed to fetch groups by objectGUID" and "Problems while looking up groups by objectGUID in ActiveDirectory detected, falling back to a full sync".

The feature is turned on by default and will be automatically enabled after updating to Crowd 5.3.

Introducing Software Bill of Materials (SBOMs) in Crowd

Continuing our commitment to providing the most secure products for our customers, we’re introducing Software Bill of Materials (SBOMs) for Crowd.

More information

What is SBOM and why are we adding them?

SBOM is a detailed list or inventory of all the components in a piece of software. These components can include open-source software, proprietary code, libraries, frameworks, and other elements used in the software.

SBOM is essential for ensuring compliance with different regulations and standards; for example, the United States Executive Order on Improving the Nation's Cybersecurity, the European Union NIS 2 Directive and Cyber Resilience Act. It enhances transparency and facilitates a deeper understanding of software components, their versions, dependencies, and updates to their security vulnerabilities.

Furthermore, SBOM can help app developers and admins identify potential security risks, manage licenses, and maintain software more effectively. For example, if a vulnerability is discovered in a specific open-source component, anyone with access to SBOM can quickly check if their software is affected.

How SBOM is generated

We use Syft, an open-source tool, to automatically generate SBOM files during the product build process. Syft scans the code, identifies dependencies, and compiles a JSON file with the results. Syft supports various SBOM formats, with CycloneDX being Atlassian's current choice due to its popularity.

Where to find SBOM

To locate the SBOM, go to the json file located under the crowd-distribution/sbom/ directory.

Important to know

Due to the complex, plugin- and component-based architecture of our product suite, we are gradually revealing all front-end dependencies. Our current SBOMs cover a portion of these dependencies.

CrowdID removal

The end of support of the OpenID server and client was announced in August 2023 and they’re now completely removed from Crowd 5.3. This means that the Crowd distribution will no longer include openid-server-webapp and openid-client-webapp as these contain dependencies with vulnerabilities.

If you’re using these components, you can still use them from old Crowd distributions as a short-term solution. Longterm, we recommend to switch to another OpenID provider.

Migration to REST v2

Crowd 5.3 upgrades to Platform 6.5.5, which requires migration to REST v2. This feature meant substantial changes due to the migration of Crowd classes participating in REST API from Jackson/Jersey v1 to v2. The new implementation works in the same way as the original one.

Non-Marketplace apps upload disabled

Added on 22 April 2024

Starting from Crowd 5.3.0, manual uploads of non-Marketplace apps are disabled by default. Understand how to re-enable manual uploads

Complete list of changes and improvements

Here's a full list of issues resolved in this release:

Crowd 5.3.0 - 10 April, 2024

T Key Summary
Loading...
Refresh

Crowd 5.3.1 - 17 May, 2024

T Key Summary
Loading...
Refresh

Last modified on May 21, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.