We have just released the 2.3.7 version of the UnboundID LDAP SDK for Java. You can get the latest release online at the UnboundID Website, the SourceForge project page, or in the Maven Central Repository.

Complete release note information is available online at on the UnboundID website, but some of the most significant changes include:

• Updated the logic used to select the TLS protocols to use for secure communication. SSLv3 is now disabled by default in response to the recent POODLE bug. On IBM JVMs, the set of enabled TLS protocols should be more broadly compatible with earlier TLS versions when support for TLSv1.1 or TLSv1.2 is enabled.
• Added the ability to perform improved SSLSocket validation, which makes it possible to perform certificate hostname validation in a more secure and convenient manner than was previously available. It is also now possible to get access to the SSL session associated with a connection secured via SSL/TLS or StartTLS.
• Added a new server set that can work in a DNS round-robin configuration, in which multiple IP addresses are associated with the same resolvable name.
• Added an LDAPConnectionPool.shrinkPool method that can be used to reduce the number of currently-available connections to a specified number.
• Improved support for class inheritance in the LDAP SDK persistence framework. If one class marked with @LDAPObject is a subclass of another class marked with @LDAPObject, then the logic used to construct the entry’s DN for instances of the subclass may be inherited from the superclass. Also, DN fields and entry fields will be properly handled in subclasses, and improvements have been made in requesting specific attributes to include in search result entries.
• Added a new interceptor API to the in-memory directory server. This API can be used to alter or reject an LDAP request before it is processed by the server, to alter or suppress search result entries or references, and to alter LDAP results before they are returned to the client.
• Updated the searchrate, modrate, authrate, and search-and-mod-rate tools to support altering the rate at which they process operations over time. Also, update these tools to make it possible to programmatically interrupt their processing.
• Improved support for automatic referral following and auto-reconnect to ensure that the newly-established connection will properly use StartTLS if the original connection had successfully used StartTLS to secure its communication.
• Fixed a bug in the Entry.applyModifications method that could cause valid modifications to be rejected if those modifications targeted attributes used in the entry’s DN but would not actually have resulted in a change to the entry DN.
• Fixed a bug in the Entry.diff method in which, if provided with a specific set of attributes to examine, the method would not examine variants of those attributes containing attribute options.
• Fixed a potential null pointer exception that could arise as a result of a race condition in the course of closing a connection. Fixed a potential illegal argument exception that could arise when closing a connection pool if multiple concurrent threads were used to close the connections but no connections were currently available in the pool.