dependabot[bot] opened a new pull request, #2183: URL: https://github.com/apache/cxf/pull/2183
Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 7.0.1 to 7.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/releases";>com.unboundid:unboundid-ldapsdk's releases</a>.</em></p> <blockquote> <h2>UnboundID LDAP SDK for Java 7.0.2</h2> <p>We have just released version 7.0.2 of the <a href="https://github.com/pingidentity/ldapsdk";>UnboundID LDAP SDK for Java</a>. It is available for download from <a href="https://github.com/pingidentity/ldapsdk/releases";>GitHub</a> and <a href="https://sourceforge.net/projects/ldap-sdk/files/";>SourceForge</a>, and it is available in the <a href="https://central.sonatype.com/artifact/com.unboundid/unboundid-ldapsdk/7.0.2";>Maven Central Repository</a>. You can find the release notes for this release (and all previous versions) at <a href="https://docs.ldap.com/ldap-sdk/docs/release-notes.html";>https://docs.ldap.com/ldap-sdk/docs/release-notes.html</a>, but here’s a summary of the changes:</p> <ul> <li> <p>We added support for using the 2.x version of the Bouncy Castle FIPS-compliant security provider, which provides support for FIPS 140-3 compliance. The 1.x version of the library, offering FIPS 140-2 compliance, is still supported. To use the LDAP SDK in this mode, you should ensure that the necessary jar files are in the classpath, and then you should call <code>CryptoHelper.setUseFIPSMode("BCFIPS2")</code> as early as possible in the life of the application.</p> </li> <li> <p>We added a new <code>PropertyManager</code> class that can be used to retrieve the value of specified properties using either system properties or environment variables. Values can be optionally parsed as Booleans, numbers, or comma-delimited lists. Most uses of system properties within the LDAP SDK have been updated to support the new <code>PropertyManager</code> mechanism so that it’s possible to set values as environment variables as an alternative to system properties.</p> </li> <li> <p>We fixed a bug in the <code>SSLUtil.certificateToString</code> method that prevented it from including the notBefore and notAfter timestamps in the string representation.</p> </li> <li> <p>We added client-side support for the Ping Identity Directory Server’s new to-be-deleted accessibility state for use with the get subtree accessibility and set subtree accessibility extended operations.</p> </li> <li> <p>We updated the <code>MoveSubtree</code> utility class to provide the ability to use the new to-be-deleted accessibility state (as an alternative to the hidden state) for the target subtree before starting to remove entries from the source server.</p> </li> <li> <p>We added a new <code>SubtreeAccessibilityState.isMoreRestrictiveThan</code> method that can be used to determine whether one accessibility state is considered more restrictive than another.</p> </li> <li> <p>Updated the documentation to include the latest versions of the following LDAP-related specifications:</p> <ul> <li>draft-coretta-ldap-subnf-01</li> <li>draft-coretta-oiddir-radit</li> <li>draft-coretta-oiddir-radsa</li> <li>draft-coretta-oiddir-radua</li> <li>draft-coretta-oiddir-roadmap</li> <li>draft-coretta-oiddir-schema</li> <li>draft-ietf-kitten-scram-2fa</li> <li>draft-melnikov-sasl2</li> <li>draft-melnikov-scram-bis</li> <li>draft-melnikov-scram-sha-512</li> <li>draft-melnikov-scram-sha3-512</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html";>com.unboundid:unboundid-ldapsdk's changelog</a>.</em></p> <blockquote> <pre><code> <div align="right"> </code></pre> <p>${TARGET="offline"} <!-- raw HTML omitted -->LDAP SDK Home Page<!-- raw HTML omitted --> ${TARGET="offline"} <!-- raw HTML omitted --> <!-- raw HTML omitted -->Product Information<!-- raw HTML omitted --> <!-- raw HTML omitted --></p> <pre><code> <h2>Release Notes</h2> <pre><code> &lt;h3&gt;Version 7.0.2&lt;/h3&gt; &lt;p&gt; The following changes were made between the 7.0.1 and 7.0.2 releases: &lt;/p&gt; &lt;ul&gt; &lt;li&gt; Added support for using the 2.x version of the Bouncy Castle FIPS-compliant security provider, which offers support for FIPS 140-3 compliance. Previously, the LDAP SDK only supported the 1.x version of the library, which offers FIPS 140-2 compliance. The necessary jar files must already be in the CLASSPATH. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Added a new PropertyManager class that can be used to retrieve the values of system properties or environment variables, optionally parsing the values as Booleans, numbers, or comma-delimited lists. Most uses of system properties within the LDAP SDK have been updated to use the PropertyManager, so those properties can now be set as environment variables as an alternative to Java system properties. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Fixed a bug in the SSLUtil.certificateToString method that prevented it from including notBefore and notAfter timestamp values in the resulting string representation of the provided certificate. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Updated client-side support for the Ping Identity Directory Server's get subtree accessibility and set subtree accessibility extended operations to include a new to-be-deleted accessibility state. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Updated the MoveSubtree utility class to provide an option to use the new to-be-deleted subtree accessibility state when removing entries from the source </code></pre> <p></code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pingidentity/ldapsdk/commit/d3320e659d17d7b2f8ae0ec0a0b436314c49691a";><code>d3320e6</code></a> Allow to-be-deleted state in MoveSubtree</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/7dfba2b54766a771e8cf3614f092d43f77154aa6";><code>7dfba2b</code></a> Update the OID registry</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/0c846383e50f63649c9b80c83f8ab7c8c757e8d6";><code>0c84638</code></a> Add accessibility state isMoreRestrictiveThan</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/7e722bfac39fee7267377410887dd53bd0c7420a";><code>7e722bf</code></a> Add a to-be-deleted subtree accessibility state</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/e861c63c979deab2fb12869b5ef5a080621d2e9e";><code>e861c63</code></a> Fix an issue with loading the BC JSSE provider</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/8da9461b41e32bfa9a31a0ded93c6e3ad0d3e461";><code>8da9461</code></a> Add a method for getting FIPS provider name</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/61b12689cc5366092a54ec7b842d7abe95690e17";><code>61b1268</code></a> Add methods for getting FIPS provider by version</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/6c67fec5985d2e498c3f4124a73f91246ddd4691";><code>6c67fec</code></a> Fix a bug in SSLUtil.certificateToString</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/4906e7d01ac6650b8492a3548105ef1eeed9c402";><code>4906e7d</code></a> Add support for BCFIPS2</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/88de3f01c0516516eb3e891db12ca004bc022f0d";><code>88de3f0</code></a> Update to draft-coretta-ldap-subnf-02</li> <li>Additional commits viewable in <a href="https://github.com/pingidentity/ldapsdk/compare/7.0.1...7.0.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
