Hi, we have received the below link and checked our product versions
We are running on crowd version 3.4.4. Could you please let us know if we are affected by this vulnerability?
Yes. From the doc:
Versions < 4.3.8
@Ritaban Bhattacharjee - Crowd 3.4.4 was released in March 2019 - almost 3.5 years ago. This is a VERY long time in the IT/software space and there have been numerous other CVE's that your environment will be vulnerable to, not just the one you linked.
The Crowd upgrade process has always been relatively smooth for us (and we run a VERY complicated setup), so apart from the tiny downtime window you'll need to schedule to action the upgrade, it should be a smooth process. We run Crowd DC with multiple nodes and Puppet to manage our configuration files and we've got our total downtime for an upgrade to ~ 30 seconds (an A/B approach where we take one node offline, upgrade the application/apply the config changes, begin the outage by shutting down the second/final node and as soon as that node has completed, we start the app one the first node ending the outage, we then can action the same steps on the second node and bring it back online to bring us back in to a state of higher availability)
CCM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.