Documentation for Crowd 2.4. Documentation for other versions of Crowd is available too.

This release fixes a security flaw. Please refer to the security advisory for details of the security vulnerability, risk assessment and mitigation strategies.

17 May 2012

The Atlassian Crowd team presents Crowd 2.0.9.

This is a security release to fix a critical vulnerability in Crowd that may allow unauthorised access to data. The scale we use (published as Security Levels for Security Issues) allows us to rank the severity as critical, high, moderate or low.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

The vulnerability allows an attacker to

  • execute denial of service attacks against the Crowd server, or
  • read all local files readable to the system user under which Crowd runs

We recommend that all customers upgrade. Please refer to the security advisory for details of the security vulnerability, risk assessment and mitigation strategies.

(info) Crowd 2.0.8 was an internal release.

Upgrading to Crowd 2.0.9

You can download Crowd from the Atlassian website. If upgrading from a previous version, please read the Crowd 2.0 Upgrade Notes.

Complete List of Improvements and Fixes

Key Summary P Status
Refresh

 

  • No labels



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.