Crowd 4.4 Upgrade Notes

Here are some important notes on upgrading to Crowd 4.4. To learn about new features, see the release notes.

 Upgrade notes

Here's some important information you should know about:

Crowd 4.4.4: Critical Security Misconfiguration Vulnerability - CVE-2022-43782

CVE-2022-43782 was addressed in Crowd 4.4.4. No additional actions are needed after the upgrade. However, it is recommended to review Remote Addresses of crowd  application (Crowd console) and remove those addresses if no longer needed.

Applications are no longer allowed to change the email addresses of Crowd users

Crowd 4.4 requires that new email addresses are verified by their users. To avoid working around this requirement, Crowd will reject any requests for changing email addresses coming from connected applications.

This also means that admins will no longer be able to change email addresses of users through REST API.

 Supported platforms

We're ending support for the following platforms:

  • (error) PostreSQL 9.6
Last modified on Nov 18, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.