Crowd 6.3 Release Notes
10 April, 2025
The Crowd team is proud to bring you Crowd 6.3.
Highlights
- Keep your data secure with the secret storage
- Changes to encryption key storing
- Safer REST API access with OAuth 2.0 3LO
- Adoption of the UPM signature check
- Changes to supported platforms
- Complete list of changes and improvements
More
Read the upgrade notes for important info about this release and see the full list of issues resolved.
Keep your data secure with the secret storage
We’re introducing the secure secrets storage which provides a robust and centralized approach to managing sensitive information to minimize security exposure and vulnerabilities. This system uses a range of methods to encrypt and decrypt secrets, ensuring that confidential data is protected from unauthorized access.
This storage method is integrated with existing secret libraries, allowing for secure handling of credentials and other sensitive information within Crowd and other Data Center products.
Changes to encryption key storing
As part of the ongoing effort to make Crowd more secure, we've made several changes to the encryption of secrets used by Crowd. We'll now be using a more robust version of the AES algorithm as well as encrypting some sensitive values previously stored in plain-text. Encryption keys will still be stored in the {crowdHome}/shared/keys directory. These need to be backed up along with the secrets-config.yaml file present in the {crowdHome}/shared directory. Without the encryption keys and the configuration file, Crowd won't be able to use the encrypted secrets stored in the database.
Safer REST API access with OAuth 2.0 3LO
We’re now allowing users, scripts, and applications to access the Crowd REST API using the OAuth 2.0 protocol instead of basic authentication to enhance security and align with modern standards.
Adoption of the UPM signature check
We’ve adopted the new Universal Plugin Manager (UPM) functionality of checking app signatures. This helps ensure the security of apps by validating their integrity and origin before installation, requiring them to have a digital signature.
This functionality is disabled in 6.3.0 and hidden behind a feature flag in upm.properties (atlassian.upm.signature.check.enabled=false).
See Enabling and testing app signature check in UPM for additional information.
Changes to supported platforms
See what changes are in store for the supported platforms in Crowd. For more information about what the latest stable release of Crowd supports, see Supported platforms.
Added support for SQL Server 2022
Added Java 21 support
Crowd now supports Java 21, ensuring better performance, security, and future-proofing, aligning with modern development standards, and preparing for future Java updates.
Deprecated support for SQL Server 2017, MySQL 8.0, and Java 17
Complete list of changes and improvements
Here's a full list of issues resolved in this release: