UnboundID LDAP SDK for Java 2.3.4

We have just released the 2.3.4 version of the UnboundID LDAP SDK for Java. You can get the latest release online at the UnboundID website or the SourceForge project page, and it’s also available in the Maven Central Repository.

The main reason for this release is the disclosure of a security vulnerability (VU#225657) that affects the Oracle Javadoc tool and all Javadoc content generated with affected versions of that tool. This included Javadoc documentation included as part of earlier versions of the UnboundID LDAP SDK for Java. The 2.3.4 release of the LDAP SDK has been generated with an updated version of the Javadoc tool that should no longer be vulnerable to the referenced bug.

There are a few other updates in this release, including:

  • We have fixed a bug that could cause a pooled connection to be unnecessarily closed and re-established when performing a simple bind on a connection operating in synchronous mode.
  • We have fixed a bug in the schema parser that could prevent it from parsing certain schema elements from their string representations if the last element in those elements was an OBSOLETE, SINGLE-VALUE, or NO-USER-MODIFICATION token and there was no space between that token and the closing parenthesis that followed it.
  • We have updated the disconnect handler mechanism to provide more assurance that there would not be multiple notifications for a single disconnect.
  • We have added support for the Microsoft DirSync control, which may be used to discover information about changes processed in an Active Directory server.
  • We have fixed a bug in the entry validator (and the validate-ldif tool that uses the entry validator) that could incorrectly classify entries that had multiple structural object classes as entries that did not have any structural class.
  • We have updated the LDAP command-line tool API to make it possible to create tools that support establishing LDAP connections but without offering options to authenticate those connections. We have also updated the API to make it possible to provide passwords to the tool by interactively prompting for them rather than requiring them to be provided as command line arguments or included in clear-text files on the filesystem.