dependabot[bot] opened a new pull request, #1295: URL: https://github.com/apache/cxf/pull/1295
Bumps [unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 6.0.8 to 6.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/releases";>unboundid-ldapsdk's releases</a>.</em></p> <blockquote> <h2>UnboundID LDAP SDK for Java 6.0.9</h2> <p>We have just released version 6.0.9 of the <a href="https://github.com/pingidentity/ldapsdk";>UnboundID LDAP SDK for Java</a>. It is available for download from <a href="https://github.com/pingidentity/ldapsdk/releases";>GitHub</a> and <a href="https://sourceforge.net/projects/ldap-sdk/files/";>SourceForge</a>, and it is available in the <a href="https://central.sonatype.com/artifact/com.unboundid/unboundid-ldapsdk/6.0.9";>Maven Central Repository</a>.</p> <p>As announced in the previous release, the LDAP SDK source code is now maintained only at GitHub. The SourceForge repository is still available for its <a href="https://sourceforge.net/p/ldap-sdk/discussion/1001257/";>discussion forum</a>, <a href="https://sourceforge.net/p/ldap-sdk/mailman/";>mailing lists</a>, and <a href="https://sourceforge.net/projects/ldap-sdk/files/";>release downloads</a>, but the source code is no longer available there.</p> <p>You can find the release notes for the 6.0.9 release (and all previous versions) at <a href="https://docs.ldap.com/ldap-sdk/docs/release-notes.html";>https://docs.ldap.com/ldap-sdk/docs/release-notes.html</a>, but here’s a summary of the changes:</p> <ul> <li> <p>We made it possible to customize the set of result codes that the LDAP SDK uses to determine whether a connection may no longer be usable. Previously, we used a hard-coded set of result codes, and that is still the default, but you can now override that using the <code>ResultCode.setConnectionNotUsableResultCodes</code> method.</p> </li> <li> <p>We added a new <code>HTTPProxySocketFactory</code> class that can be used to establish LDAP and LDAPS connections through an HTTP proxy server.</p> </li> <li> <p>We added a new <code>SOCKSProxySocketFactory</code> class that can be used to establish LDAP and LDAPS connections through a SOCKSv4 or SOCKSv5 proxy server.</p> </li> <li> <p>We updated the <code>ldap-diff</code> tool to add a <code>--byteForByte</code> argument that can be used to indicate that it should use a byte-for-byte comparison when determining whether two attribute values are equivalent rather than using a schema-aware comparison (which may ignore insignificant differences in some cases, like differences in capitalization or extra spaces). Previously, the tool always used byte-for-byte matching, but we decided to make it a configurable option, and we determined that it is better to use schema-aware comparison by default.</p> </li> <li> <p>We fixed an issue in which a non-default channel binding type was not preserved when duplicating a GSSAPI bind request. We also added a <code>GSSAPIBindRequest.getChannelBindingType</code> method to retrieve the selected channel binding type for a GSSAPI bind request.</p> </li> <li> <p>We added a <code>ResultCode.getStandardName</code> method that can be used to retrieve the name for the result code in a form that is used to reference it in standards documents. Note that this may not be available for result codes that are not defined in known specifications.</p> </li> <li> <p>We added a mechanism for caching the derived secret keys used for passphrase-encrypted input and output streams so that it is no longer necessary to re-derive the same key each time it is used. This can dramatically improve performance when the same key is used multiple times.</p> </li> <li> <p>We updated the <code>StaticUtils.isLikelyDisplayableCharacter</code> method to consider additional character types to be displayable, including modifier symbols, non-spacing marks, enclosing marks, and combining spacing marks.</p> </li> <li> <p>We added a new <code>StaticUtils.getCodePoints</code> method that can be used to retrieve an array of the code points that comprise a given string.</p> </li> <li> <p>We added a new <code>StaticUtils.unicodeStringsAreEquivalent</code> method that can be used to determine whether two strings represent an equivalent string of Unicode characters, even if they use different forms of Unicode normalization.</p> </li> <li> <p>We added a new <code>StaticUtils.utf8StringsAreEquivalent</code> method that can be used to determine whether two byte arrays represent an equivalent UTF-8 string of Unicode characters, even if they use different forms of Unicode normalization.</p> </li> <li> <p>We added a new <code>StaticUtils.isValidUTF8WithNonASCIICharacters</code> method that can be used to determine whether a given byte array represents a valid UTF-8 string that contains at least one non-ASCII character.</p> </li> <li> <p>We updated the client-side support for the collect-support-data administrative task to make it possible to specify the start and end times for the set of log messages to include in the support data archive.</p> </li> <li> <p>We updated the documentation so that the latest versions of draft-melnikov-sasl2 and draft-melnikov-scram-sha-512 are included in the set of LDAP-related specifications.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html";>unboundid-ldapsdk's changelog</a>.</em></p> <blockquote> <pre><code> <div align="right"> </code></pre> <p>${TARGET="offline"} <!-- raw HTML omitted -->LDAP SDK Home Page<!-- raw HTML omitted --> ${TARGET="offline"} <!-- raw HTML omitted --> <!-- raw HTML omitted -->Product Information<!-- raw HTML omitted --> <!-- raw HTML omitted --></p> <pre><code> <h2>Release Notes</h2> <pre><code> &lt;h3&gt;Version 6.0.9&lt;/h3&gt; &lt;p&gt; The following changes were made between the 6.0.8 and 6.0.9 releases: &lt;/p&gt; &lt;ul&gt; &lt;li&gt; The LDAP SDK source code will now only be updated on GitHub and will no longer be maintained on SourceForge. The SourceForge repository will still be available for historical releases, but the trunk has been replaced with a README file indicating that updated code is now only on GitHub. It required effort to keep both repositories in sync, and GitHub is removing its support for acting as a Subversion repository, which that synchronization process relied upon. The SourceForge project will still be updated with downloads for new releases, and the discussion forums and mailing lists will remain available. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Added an option for customizing the set of result codes that the LDAP SDK may use to determine whether a connection may no longer be usable. Previously, it used a hard-coded set of result codes for this purpose, and that set is still the default, but it is now possible to override that with a provided set of result codes. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Added a new HTTPProxySocketFactory class that can be used to allow establishing LDAP and LDAPS connections through an HTTP proxy server, and added a new SOCKSProxySocketFactory class that can be used to allow establishing connections through a SOCKSv4 or SOCKSv5 proxy server. Communication with the proxy server itself must be unencrypted (although communication with the target LDAP server may optionally be end-to-end encrypted with TLS), and the proxy server must not require authentication. &lt;br&gt;&lt;br&gt; &lt;/li&gt; &lt;li&gt; Updated the ldif-diff tool to add a --byteForByte argument that can be used to indicate that it should not ignore differences between source and target entries </code></pre> <p></code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pingidentity/ldapsdk/commit/42839ddf0d77d954805fbbe3cce73a792af40474";><code>42839dd</code></a> Update the OID registry</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/c28215025c2fa52d5091543b4cee94005bd49b83";><code>c282150</code></a> Include channel binding type in GSSAPI duplicate</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/1c5e7aa44deb1e5757e034fe2896a703c5e60f41";><code>1c5e7aa</code></a> Fix a typo in ldap-diff</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/effd5ea0f6c94aeb2b1f1b1a2e92d5afb54d42e7";><code>effd5ea</code></a> Use a better filter for IMDS.getEntry</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/55b7740fff4e2b5e2797d7e025d3dcd9d64ede15";><code>55b7740</code></a> Add ResultCode.getStandardName</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/1ad2acd45b605e1101db17fc1cea9486aee49882";><code>1ad2acd</code></a> Fix a typo in oid-registry.json</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/e1f9c597ff67b34bac3ea4e6c22cbc25e5b5fdef";><code>e1f9c59</code></a> Add support for HTTP proxy servers</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/bad56ad22fedebaf0eacf8fc391adbed4aebbd0f";><code>bad56ad</code></a> Add support for using SOCKS proxies</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/46f087ea0b747851d86216e8f4f36f9584c01de8";><code>46f087e</code></a> Update the OID registry</li> <li><a href="https://github.com/pingidentity/ldapsdk/commit/cdc33af7dfd4604194a8c640d8f391bd80715178";><code>cdc33af</code></a> Update release notes with SourceForge repo update</li> <li>Additional commits viewable in <a href="https://github.com/pingidentity/ldapsdk/compare/6.0.8...6.0.9";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
