Crowd 2.4 : Crowd 2.3.6 Release Notes

20th December 2011

 The Atlassian Crowd team is pleased to present Crowd 2.3.6.

This release is a recommended upgrade which fixes a security flaw with SSL connections.

LDAP server host names are now checked against the certificate when an SSL connection is used and 'Secure SSL' is checked. Crowd will now verify that the server's SSL certificate is valid for the host name in the connection URL. As a workaround for deployments where there is an expected difference, using an 'ldaps' connection URL and leaving 'Secure SSL' unchecked will preserve the previous behaviour and make an SSL connection but will not verify that the hostname and certificate match.

(info) Crowd 2.3.5 was an internal release.

Upgrading to Crowd 2.3.6

You can download Crowd from the Atlassian website. If upgrading from a previous version, please read the Crowd 2.3 Upgrade Notes.

Complete List of Improvements and Fixes

JIRA Issues (7 issues)
Key Summary Priority Status
CWD-2681 Crowd 2.3.3 does not sync user memberships Blocker Resolved
CWD-2699 NPE when we ask for the list of directories before the host app has initialised the "Crowd Application" Major Resolved
CWD-2479 soap call resetPrincipalCredential does not substitue the variable resetlink Minor Resolved
CWD-2706 Ability to distinguish creation events for synchronisation-created users Minor Resolved
CWD-2717 Remove com.atlassian.crowd.event.listener.ResetPasswordListener Minor Resolved
CWD-2711 IPv6 token comparisons should filter out the interface Minor Resolved
CWD-1883 Single quotes need to be escaped in translation files. Trivial Resolved