dependabot[bot] opened a new pull request, #8756: URL: https://github.com/apache/camel-quarkus/pull/8756
Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 7.0.4 to 7.0.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html";>com.unboundid:unboundid-ldapsdk's changelog</a>.</em></p> <blockquote> <pre><code> <div align="right"> </code></pre> <p>${TARGET="offline"} <!-- raw HTML omitted -->LDAP SDK Home Page<!-- raw HTML omitted --> ${TARGET="offline"} <!-- raw HTML omitted --> <!-- raw HTML omitted -->Product Information<!-- raw HTML omitted --> <!-- raw HTML omitted --></p> <pre><code> <h2>Release Notes</h2> <pre><code> &lt;h3&gt;Version 7.0.5&lt;/h3&gt; &lt;p&gt; The following changes were made between the 7.0.4 and 7.0.5 releases: &lt;/p&gt; &lt;ul&gt; &lt;li&gt; Updated the LDAP SDK's persistence framework to provide improved security validation when using Java serialization with the DefaultObjectEncoder. Relying on Java serialization is not recommended, especially when using the persistence framework (a) because it's not necessarily safe in general to load Java arbitrary Java objects from an external data store, and (b) because the resulting attribute values won't be usable by anything other than Java applications able to deserialize them. This is contrary to the intent of the persistence framework, which is meant to allow store objects in an LDAP server in a way that makes them generally accessible to other kinds of LDAP clients. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Updated an ldapdelete example usage to include --searchBaseDN argument that was mentioned in the example description but inadvertently omitted from the example arguments. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Updated the documentation to include the latest revisions of draft-bouchez-scram-mcf, draft-codere-ldapsyntax, draft-kaliski-asn1-layman-guide, draft-ietf-kitten-password-storage, draft-ietf-kitten-sasl-ht, draft-khan-ldap-bind-return-dn, and draft-sabadello-did-challenge-sasl. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt;&lt;/p&gt; &lt;h3&gt;Version 7.0.4&lt;/h3&gt; </code></pre> <p></code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/pingidentity/ldapsdk/commits";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
