Here are some important notes on upgrading to Crowd 5.2. To learn about new features, see the release notes.

 Upgrade notes

Here's some important information you should know about:

Security improvements

In Crowd 5.2.1, we've added two new credential encoding mechanisms:

Argon2

Directories

Controlled directly from Crowd. It's a directory-wide feature so you can choose it for one directory, without affecting others. Can't be modified after a directory is created.

Advanced Atlassian-Security (PBKDF2-HMAC-SHA512)

Directories, Applications

Controlled by the crowd.advanced.security.password.encoder.enabled system property and disable by default. It's an instance-wide feature so it would affect all directories using Atlassian-Security and all applications.

The mechanism can be modified and is backward compatible. You can enable or disable it by specifying the system property value and restarting Crowd.

Note that it significantly affects performance, because every single hashing operation, like user creation, application login, or user login, takes more resources. Consider scaling up your instance if you want to keep Crowd performance on the same level.

New version of the embedded HSQL database

In Crowd 5.2, we've upgraded the embedded HSQL database from version 1.8.x to 2.7.x.

If you're using the embedded HSQL database, you'll need to complete an additional step (due to HSQL limitations) if you'd like to use the Crowd's automatic upgrade. For details, see Upgrading Crowd via Automatic Database Upgrade.

However, the recommended method for upgrading is using the XML data transfer. For details, see Upgrading Crowd via XML Data Transfer.

Migrating from Log4j 1.x to 2.x

In Crowd 5.2, we’ve started using Log4j 2.x. If you haven’t used any custom logging configuration, you don’t need to take any action – you’ll start using the new version after upgrading.

However, if you customized your logging configuration, you’ll need to migrate it to the new format.

For more info on how to do this, see Migrating a custom logging configuration to Log4j 2.

Upgrading Tomcat connector 

If you customized the Tomcat connector in the server.xml file to be able to use the encrypted password, you can migrate your changes to Crowd 5.2 by adjusting them like in the following example:

com.atlassian.crowd.tomcat.Http11NioProtocolWithPasswordEncryption

com.atlassian.crowd.tomcat.Http11Nio2ProtocolWithPasswordEncryption

com.atlassian.crowd.tomcat.Http11AprProtocolWithPasswordEncryption

com.atlassian.crowd.tomcat.AjpNioProtocolWithPasswordEncryption

com.atlassian.crowd.tomcat.AjpNio2ProtocolWithPasswordEncryption

com.atlassian.crowd.tomcat.AjpAprProtocolWithPasswordEncryption

com.atlassian.secrets.tomcat.protocol.Http11NioProtocolWithPasswordEncryption

com.atlassian.secrets.tomcat.protocol.Http11Nio2ProtocolWithPasswordEncryption

com.atlassian.secrets.tomcat.protocol.Http11AprProtocolWithPasswordEncryption

com.atlassian.secrets.tomcat.protocol.AjpNioProtocolWithPasswordEncryption

com.atlassian.secrets.tomcat.protocol.AjpNio2ProtocolWithPasswordEncryption

com.atlassian.secrets.tomcat.protocol.AjpAprProtocolWithPasswordEncryption

For more information, see Encrypting Tomcat passwords.

Crowd 5.2.8: Name change from Azure Active Directory to Microsoft Entra ID

Due to Microsoft’s name change from Azure Active Directory (Azure AD) to Microsoft Entra ID, we’ve updated all the references to Azure AD. The changes include:

• Crowd console UI messages

• Crowd logs - atlassian-crowd.log

  If you have any integrations of log scanners that rely on the ‘Azure' keyword in a log message, consider updating these to 'Microsoft Entra ID’ to make sure they work correctly after upgrading Crowd.

  
  

• Product documentation

• Javadocs

• REST docs

 Supported platforms

We're deprecating CrowdID (OpenID server) and the OpenID client. They will be excluded from Crowd distributive in one of the upcoming platform or feature releases of Crowd.

App developers

There aren't any important changes for app developers in this release.