Crowd 2.6 : Crowd 2.5.3 Release Notes

5th December 2012

The Atlassian Crowd team is pleased to present Crowd 2.5.3.

This release is a recommended upgrade for all customers which improves flexibility and fixes a number of bugs.

This release enhances security by preventing administrators from enabling secure SSO cookies over an insecure channel and by fixing a condition under which the user token key could be exposed. Maintainability is improved by means of more descriptive on-screen messages and logging. A new remote API is also included to kill user sessions.

Responding to your feedback:

(green star) 5 votes satisfied

Upgrading to Crowd 2.5.3

You can download Crowd from the Atlassian website. If upgrading from a previous version, please read the Crowd 2.5 Upgrade Notes.

Complete List of Improvements and Fixes

JIRA Issues (13 issues)

Key Summary Priority Status
CWD-2977 LDAP Delegated Authentication directories should not require a User Password Attribute Minor Resolved
CWD-2956 Default Crowd group memberships not added to JIRA/Confluence if directory sync has occurred Minor Resolved
CWD-2946 Improve LDAP logging for LDAP errors Minor Resolved
CWD-2988 please include license in pom files Minor Resolved
CWD-2876 Supply a REST user session resource with a DELETE operation Major Resolved
CWD-2991 Broken markup for creating delegated authentication directories Major Resolved
CWD-2396 Crowd doesn't manage Norwegian special characters Minor Resolved
CWD-1918 Make sure that the Admin will not enable *Secure SSO Cookie* if the web console is not being accessed via HTTPS Minor Resolved
CWD-1841 CrowdID Client does not trim spaces before and after the URL Minor Resolved
CWD-2940 User input in some fields of the Directory Connector form is lost when the connection test fails Minor Resolved
CWD-2970 Non-ASCII characters in email messages are transformed to ???? when the platform encoding is not UTF-8 Minor Resolved
CWD-2950 Crowd leaks the value of the HTTP only 'crowd.token_key' cookie on the crowd/console/500.jsp page Minor Resolved
CWD-2685 Better error handling when a user attribute cannot be added Minor Resolved