dependabot[bot] opened a new pull request, #1745: URL: https://github.com/apache/cxf/pull/1745
Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 6.0.11 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/releases";>com.unboundid:unboundid-ldapsdk's releases</a>.</em></p> <blockquote> <h2>UnboundID LDAP SDK for Java 7.0.0</h2> <p>We have just released version 7.0.0 of the <a href="https://github.com/pingidentity/ldapsdk";>UnboundID LDAP SDK for Java</a>. It is available for download from <a href="https://github.com/pingidentity/ldapsdk/releases";>GitHub</a> and <a href="https://sourceforge.net/projects/ldap-sdk/files/";>SourceForge</a>, and it is available in the <a href="https://central.sonatype.com/artifact/com.unboundid/unboundid-ldapsdk/7.0.0";>Maven Central Repository</a>. You can find the release notes for this release (and all previous versions) at <a href="https://docs.ldap.com/ldap-sdk/docs/release-notes.html";>https://docs.ldap.com/ldap-sdk/docs/release-notes.html</a>, but here’s a summary of the changes:</p> <ul> <li> <p>The LDAP SDK now requires Java 8 or later. Java 7 is no longer supported.</p> </li> <li> <p>We improved the behavior of LDAP connection pools when they are configured to invoke a health check when checking out a connection from the pool. Previously, if a connection was found to be invalid during checkout, the LDAP SDK would create a new connection to replace it, but would continue iterating through other connections in the pool trying to find an existing valid connection. It will now return the newly created connection immediately without checking other existing connections, which can substantially reduce the time to check out a connection in a scenario where many connections have been invalidated (e.g., by a server shutdown).</p> </li> <li> <p>We added a new <code>compare-ldap-schemas</code> command-line tool that can be used to identify differences between the schemas of two LDAP servers.</p> </li> <li> <p>We improved the behavior that the LDAP SDK uses when authenticating with the GSSAPI SASL mechanism. Previously, if you didn’t explicitly provide a JAAS configuration file to use for the attempt, the LDAP SDK would create a new one for each bind attempt. This would create a lot of temporary files that would need to be cleaned up when the JVM exited, and they might not get cleaned up properly if they JVM exits abnormally (e.g., it’s killed or if the JVM crashes). It would also require a small amount of additional memory for each bind attempt, since it has to remember another file to be deleted. Now, the LDAP SDK will be able to reuse the same generated configuration file for all GSSAPI bind requests that use the same JAAS settings, which will slightly improve performance, reduce memory usage, and reduce disk space consumption.</p> </li> <li> <p>We added experimental client-side support for the relax rules support as defined in <a href="https://docs.ldap.com/specs/draft-zeilenga-ldap-relax-03.txt";>draft-zeilenga-ldap-relax-03</a>. This draft doesn’t specify an OID for the control, but at least a couple of servers (OpenLDAP and ForgeRock OpenDJ) have implemented support for the control with an OID of 1.3.6.1.4.1.4203.666.5.12, so the LDAP SDK uses that OID for the control.</p> </li> <li> <p>We added client-side support for a number of proprietary controls used by the ForgeRock OpenDJ directory server. These include:</p> <ul> <li>A transaction ID request control, which can be included in an operation request to provide a transaction ID that will appear in the access log message for that operation.</li> <li>A replication repair request control, which can be included in a write request to indicate that the associated change should not be replicated.</li> <li>Change sequence number request and response controls, which can be used with a write operation to obtain the replication CSN that the server assigned to that operation.</li> <li>Affinity request control, which can be included in related requests sent through an LDAP proxy server to consistently route them to the same LDAP server instance.</li> </ul> </li> <li> <p>We added connection pool health checks for use in conjunction with the Ping Identity Directory Server, including:</p> <ul> <li>One that will attempt to determine whether there are any active alerts in the server that cause it to consider itself to be either degraded or unavailable.</li> <li>One that will assess the replication backlog and can consider a server unavailable if it has too many outstanding changes, or if the oldest outstanding change was originally processed too long ago.</li> <li>One that will attempt to determine whether the server is in lockdown mode.</li> </ul> </li> <li> <p>We updated the <code>CryptoHelper</code> class to add convenience methods for generating SHA-256, SHA-384, and SHA-512 digests from byte arrays, strings, and files. There are also generic versions of these methods that can be used with user-specified digest algorithms.</p> </li> <li> <p>We added methods for normalizing JSON values and JSON object filters. This can help make it possible to compare two JSON object filters to determine whether two JSON object filters are equivalent.</p> </li> <li> <p>We updated the <code>BouncyCastleFIPSHelper</code> class to add a constant with the name of a system property that can be used to enable support for the MD5 digest algorithm, which may be needed if you’re using the 1.0.2.4 or later version of the bc-fips jar file and need to use the MD5 message digest for some reason.</p> </li> <li> <p>We updated the documentation to include new and updated versions of a number of LDAP-related Internet Drafts, including:</p> <ul> <li><a href="https://docs.ldap.com/specs/draft-ietf-kitten-scram-2fa-04.txt";>draft-ietf-kitten-scram-2fa-04</a></li> <li><a href="https://docs.ldap.com/specs/draft-melnikov-scram-bis-04.txt";>draft-melnikov-scram-bis-04</a></li> <li><a href="https://docs.ldap.com/specs/draft-melnikov-scram-sha-512-04.txt";>draft-melnikov-scram-sha-512-04</a></li> <li><a href="https://docs.ldap.com/specs/draft-melnikov-scram-sha3-512-04.txt";>draft-melnikov-scram-sha3-512-04</a></li> <li><a href="https://docs.ldap.com/specs/draft-coretta-oiddir-radit-00.txt";>draft-coretta-oiddir-radit-00</a></li> <li><a href="https://docs.ldap.com/specs/draft-coretta-oiddir-radsa-00.txt";>draft-coretta-oiddir-radsa-00</a></li> <li><a href="https://docs.ldap.com/specs/draft-coretta-oiddir-radua-00.txt";>draft-coretta-oiddir-radua-00</a></li> <li><a href="https://docs.ldap.com/specs/draft-coretta-oiddir-roadmap-00.txt";>draft-coretta-oiddir-roadmap-00</a></li> <li><a href="https://docs.ldap.com/specs/draft-coretta-oiddir-schema-01.txt";>draft-coretta-oiddir-schema-01</a></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html";>com.unboundid:unboundid-ldapsdk's changelog</a>.</em></p> <blockquote> <pre><code> <div align="right"> </code></pre> <p>${TARGET="offline"} <!-- raw HTML omitted -->LDAP SDK Home Page<!-- raw HTML omitted --> ${TARGET="offline"} <!-- raw HTML omitted --> <!-- raw HTML omitted -->Product Information<!-- raw HTML omitted --> <!-- raw HTML omitted --></p> <pre><code> <h2>Release Notes</h2> <pre><code> &lt;h3&gt;Version 7.0.0&lt;/h3&gt; &lt;p&gt; The following changes were made between the 6.0.11 and 7.0.0 releases: &lt;/p&gt; &lt;ul&gt; &lt;li&gt; Updated the LDAP SDK to require Java SE 8 or later. As of the 7.0.0 release, Java 7 is no longer supported. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Updated the LDAPConnectionPool behavior in the case that an attempt to check out a connection from the pool first encounters an existing connection that is deemed not valid by the configured health check. Previously, it would close that connection as defunct and try to create a new connection to replace it, but if that attempt was successful, the newly created connection would be added to the end of the pool's set of potentially available connections, and it would continue iterating through the set of connections to try to find one that is valid. Now, if the pool is able to successfully create a new connection to replace the existing defunct connection, it will immediately return that new connection without checking any of the other existing connections. This should substantially improve performance in the case that the pool has several connections that are already established but have become invalid for some reason in a way that does not prevent successfully establishing new connections. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Added a compare-ldap-schemas command-line tool that can be used to identify differences between the schemas of two LDAP servers. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Added the ability to reuse automatically generated JAAS configuration files if possible when attempting a SASL GSSAPI bind. Previously, if the caller didn't explicitly provide a JAAS config file, the LDAP SDK would generate one based on the provided bind request properties. It would do this for every GSSAPI bind attempt, even if they all used the same properties, which means that it could </code></pre> <p></code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pingidentity/ldapsdk/commit/323ff4fd3d622b96522298f300abc6915d0c209b";><code>323ff4f</code></a> Add JSON-related normalization methods</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/05ca9f579c9c22276ea0d4fa61c9cbb7101dd5fe";><code>05ca9f5</code></a> Documentation updates for LDAP-related specs</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/2b2d1dc26b481fc0c20e94794ebe0535dab30687";><code>2b2d1dc</code></a> Add an OID for a new alert type</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/d09a56155cbcb00e1fb4649506071d159f67bf2b";><code>d09a561</code></a> Add a property for enabling MD5 in BC FIPS mode</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/98ce42fcd6fe4fd6e6ee5aaf5dfa4dcc30505d65";><code>98ce42f</code></a> Add a replication backlog health check</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/faeb1a70138ab10bdd2007d319258692e7d84818";><code>faeb1a7</code></a> Update the replica monitor entry</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/8dfccb712fcc3ed545367187d315a9d6c3ecd587";><code>8dfccb7</code></a> Add a lockdown mode health check</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/0f1893c1dd4f04d79980a77033c017a2db9ae433";><code>0f1893c</code></a> Add an active alerts health check</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/08d3cb2d2b8d921b4563f6b4186d2676b407efa3";><code>08d3cb2</code></a> Update to getting pooled conn on HC failure</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/62aa718cdea635386849628730fd841a6c6cc1f9";><code>62aa718</code></a> Add a compare-ldap-schemas tool</li> <li>Additional commits viewable in <a href="https://github.com/pingidentity/ldapsdk/compare/6.0.11...7.0.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
