We have just released version 5.1.4 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository.
The release notes contain a more complete overview of the changes included since the 5.1.3 release, but here’s a quick overview:
- We fixed an issue with the fewest connections and round-robin server sets that could cause them to leave a background thread running if one of the servers it had been using goes away permanently.
- We updated the TLS cipher suite selector to improve compatibility with JVMs (like the one provided by IBM) that use an “SSL_” prefix for all cipher suite names, rather than using “TLS_” for suites associated with the TLS protocol and only using “SSL_” for suites associated with legacy SSL protocols.
- We have updated the TLS cipher suite selector to improve the order in which it returns the names of the recommended suites.
- We have added new key and trust manager implementations that can use X.509 certificates and PKCS #8 private keys read from PEM files. We have also added new utility classes for reading certificates and private keys from PEM files.
- We updated the LDAP SDK to support running in a FIPS 140-2-compliant mode using the Bouncy Castle FIPS provider (and the associated JSSE provider). The Bouncy Castle libraries are not provided as part of the LDAP SDK, but if they are separately obtained and included in the classpath, then the LDAP SDK can be configured to operate in a FIPS-compliant manner.
- We have updated the manage-certificates tool to support managing certificates in BCFKS (the Bouncy Castle FIPS-compliant key store format) files.
- We have updated the TLS cipher suite selector to exclude suites that rely on the SHA-1 digest algorithm from the recommended set of suites when running in FIPS-compliant mode.
- We improved an error message that could be used in an exception if a connection becomes invalid in the course of trying to send a request to the server.
- We updated the ldifmodify command-line tool to allow ignoring duplicate attempts to delete the same entry, and attempts to delete or modify entries that do not exist in the LDIF file.
- We have updated support for the proprietary get user resource limits request control to allow clients to request that the server not return information about the user’s group membership in the response control. This can help improve performance when using the control, especially in servers with large numbers of dynamic groups.
- We have updated the LDAP SDK documentation to include the latest versions of draft-coretta-x660-ldap and draft-ietf-kitten-password-storage in the set of LDAP-related specifications.