Crowd 2.4 : Crowd 2.0.5 Release Notes

This release fixes a security flaw. Please refer to the security advisory for details of the security vulnerability, risk assessment and mitigation strategies.

5 July 2010

The Atlassian Crowd team is delighted to present Crowd 2.0.5. This release is a recommended upgrade which fixes a security flaw and other bugs.

Crowd 2.0.5 includes a nice improvement for people who use the Crowd SOAP API: the active/inactive flag on users is now exposed via the API. This means that you can now perform mass updates to activate or deactivate users.

Please note: If you are upgrading to Crowd 2.0.5 and have not previously upgraded to Crowd 2.0.4, then you may experience the same problem as described for the Crowd 2.0.4 upgrade. That is, users with expired passwords will no longer be able to log in to Crowd-connected applications. Please refer to the Crowd 2.0.4 release notes for details.

Don't have Crowd 2.0 yet?
Take a look at the new features and other highlights in the Crowd 2.0 Release Notes.

Complete List of Fixes in This Release

JIRA Issues (11 issues)
Key Summary Priority Status
CWD-1978 Crowd 2.0.5 Code Release for http://my.atlassian.com does not contain folder *atlassian-crowd* Major Resolved
CWD-1952 Crowd login form may be vulnerable to XSS attacks Blocker Resolved
CWD-1946 In place upgrade will fail for Delegated directories where users do not have a credential in the database Critical Resolved
CWD-1931 The plugin persistent state store is throwing internal hibernate excpetions during startup Critical Resolved
CWD-1924 Even if the SMTP server port is changed, Crowd always contact port 25 Minor Resolved
CWD-1905 Search users page doesn't always show a name as a link Minor Resolved
CWD-1904 Bug in detecting supported databases - doesn't allow all MySQL database dialects Minor Resolved
CWD-1899 Can no longer retrieve users with attributes using the integration client Critical Resolved
CWD-1898 Can no longer save users (either singly or in batches) with attributes from integration client Critical Resolved
CWD-1873 Groups or Users with '&' character in the name don't have their memberships listed Minor Resolved
CWD-224 Control of user 'active' flag not exposed via soap interface Major Resolved