dependabot[bot] opened a new pull request, #2183:
URL: https://github.com/apache/cxf/pull/2183
Bumps
[com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from
7.0.1 to 7.0.2.
Release notes
Sourced from https://github.com/pingidentity/ldapsdk/releases";>com.unboundid:unboundid-ldapsdk's
releases.
UnboundID LDAP SDK for Java 7.0.2
We have just released version 7.0.2 of the https://github.com/pingidentity/ldapsdk";>UnboundID LDAP SDK for Java.
It is available for download from https://github.com/pingidentity/ldapsdk/releases";>GitHub and https://sourceforge.net/projects/ldap-sdk/files/";>SourceForge, and it
is available in the https://central.sonatype.com/artifact/com.unboundid/unboundid-ldapsdk/7.0.2";>Maven
Central Repository. You can find the release notes for this release (and
all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html";>https://docs.ldap.com/ldap-sdk/docs/release-notes.html,
but here’s a summary of the changes:
We added support for using the 2.x version of the Bouncy Castle
FIPS-compliant security provider, which provides support for FIPS 140-3
compliance. The 1.x version of the library, offering FIPS 140-2 compliance, is
still supported. To use the LDAP SDK in this mode, you should ensure that the
necessary jar files are in the classpath, and then you should call
CryptoHelper.setUseFIPSMode("BCFIPS2") as early as
possible in the life of the application.
We added a new PropertyManager class that can be used to
retrieve the value of specified properties using either system properties or
environment variables. Values can be optionally parsed as Booleans, numbers, or
comma-delimited lists. Most uses of system properties within the LDAP SDK have
been updated to support the new PropertyManager mechanism so that
it’s possible to set values as environment variables as an alternative to
system properties.
We fixed a bug in the SSLUtil.certificateToString method
that prevented it from including the notBefore and notAfter timestamps in the
string representation.
We added client-side support for the Ping Identity Directory Server’s new
to-be-deleted accessibility state for use with the get subtree accessibility
and set subtree accessibility extended operations.
We updated the MoveSubtree utility class to provide the
ability to use the new to-be-deleted accessibility state (as an alternative to
the hidden state) for the target subtree before starting to remove entries from
the source server.
We added a new
SubtreeAccessibilityState.isMoreRestrictiveThan method that can be
used to determine whether one accessibility state is considered more
restrictive than another.
Updated the documentation to include the latest versions of the following
LDAP-related specifications:
draft-coretta-ldap-subnf-01
draft-coretta-oiddir-radit
draft-coretta-oiddir-radsa
draft-coretta-oiddir-radua
draft-coretta-oiddir-roadmap
draft-coretta-oiddir-schema
draft-ietf-kitten-scram-2fa
draft-melnikov-sasl2
draft-melnikov-scram-bis
draft-melnikov-scram-sha-512
draft-melnikov-scram-sha3-512
Changelog
Sourced from https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html";>com.unboundid:unboundid-ldapsdk's
changelog.
${TARGET="offline"}LDAP SDK Home Page
${TARGET="offline"}
Product Information
Release Notes
<h3>Version 7.0.2</h3>
<p>
The following changes were made between the 7.0.1 and 7.0.2 releases:
</p>
<ul>
<li>
Added support for using the 2.x version of the Bouncy Castle
FIPS-compliant
security provider, which offers support for FIPS 140-3 compliance.
Previously,
the LDAP SDK only supported the 1.x version of the library, which
offers FIPS
140-2 compliance. The necessary jar files must already be in the
CLASSPATH.
<br><br>
</li>
<li>
Added a new PropertyManager class that can be used to retrieve the
values of
system properties or environment variables, optionally parsing the
values as
Booleans, numbers, or comma-delimited lists. Most uses of system
properties
within the LDAP SDK have been updated to use the PropertyManager,
so those
properties can now be set as environment variables as an
alternative to Java
system properties.
<br><br>
</li>
<li>
Fixed a bug in the SSLUtil.certificateToString method that
prevented it from
including notBefore and notAfter timestamp values i
Hey Folks,
We have 7 +1 votes and no other votes, so this vote passes and I will
release the artifacts soon.
Thanks all for the vote!
Best Regards,
Andriy Redko
> +1.
> Colm.
> On Mon, Dec 2, 2024 at 5:52 PM wrote:
>> +1
>> Jeff
>>> On Dec 1, 2024, at 8:46 PM, Jim Ma wrote:
>>> +1
>>> On Sun, Dec 1, 2024 at 10:24 PM Andriy Redko wrote:
Hey folks,
In preparation for CXF releases, this is a vote to release cxf-xjc-utils
4.1.0.
Staging areas:
4.1.0:
https://repository.apache.org/content/repositories/orgapachecxf-1210
Tags:
4.1.0: https://github.com/apache/cxf-xjc-utils/tree/xjc-utils-4.1.0
Here is my +1
Thanks!
Best Regards,
Andriy Redko
dependabot[bot] opened a new pull request, #2182:
URL: https://github.com/apache/cxf/pull/2182
Bumps
[org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck)
from 11.1.0 to 11.1.1.
Release notes
Sourced from https://github.com/jeremylong/DependencyCheck/releases";>org.owasp:dependency-check-maven's
releases.
Version 11.1.1
Refer to the https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md#change-log";>CHANGELOG.md
for information about improvements and upgrade notes.
Changelog
Sourced from https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md";>org.owasp:dependency-check-maven's
changelog.
https://github.com/jeremylong/DependencyCheck/releases/tag/v11.1.1";>Version
11.1.1 (2024-12-04)
fix: re-enable issue locking (https://redirect.github.com/jeremylong/DependencyCheck/issues/7220";>#7220)
fix: add username/password properties to be able to authenticate for
central.content.url and analyzer.central.url again (https://redirect.github.com/jeremylong/DependencyCheck/issues/7169";>#7169)
fix: rework replaceOrAddVulnerability (https://redirect.github.com/jeremylong/DependencyCheck/issues/7177";>#7177)
fix: do not log loading of JDBC driver (https://redirect.github.com/jeremylong/DependencyCheck/issues/7155";>#7155)
fix: expose flag to disable version check (https://redirect.github.com/jeremylong/DependencyCheck/issues/7147";>#7147)
fix: Gracefully handle CVEs with bad configuration nodes missing CPE
match expressions (https://redirect.github.com/jeremylong/DependencyCheck/issues/7125";>#7125)
chore: cleanup base suppression (https://redirect.github.com/jeremylong/DependencyCheck/issues/7138";>#7138)
docs: update gradle configuration documentation (https://redirect.github.com/jeremylong/DependencyCheck/issues/7176";>#7176)
docs: update documentation for Gradle plugin (https://redirect.github.com/jeremylong/DependencyCheck/issues/7143";>#7143)
docs: improve false positive issue templat (https://redirect.github.com/jeremylong/DependencyCheck/issues/7130";>#7130)
See the full listing of https://github.com/jeremylong/DependencyCheck/milestone/90?closed=1";>changes.
Commits
https://github.com/jeremylong/DependencyCheck/commit/30acb30398910a585145a000e34a83a72ca3aaf2";>30acb30
build: prepare release v11.1.1
https://github.com/jeremylong/DependencyCheck/commit/0a4f570109695cc1f813750afb637f4133bf1ebe";>0a4f570
docs: update changelog for release 11.1.1
https://github.com/jeremylong/DependencyCheck/commit/cf08e94292a601bf66bd3df5a0ee3ed12e2eaebf";>cf08e94
fix: re-enable issue locking (https://redirect.github.com/jeremylong/DependencyCheck/issues/7220";>#7220)
https://github.com/jeremylong/DependencyCheck/commit/09f3fb96006b27c7fa6889583d5695fc8c6ca298";>09f3fb9
build(deps): bump JamesIves/github-pages-deploy-action from 4.7.1 to 4.7.2
(#...
https://github.com/jeremylong/DependencyCheck/commit/a65720f2e23b7bcf2bf382a40956521591cde8f0";>a65720f
fix: reenable issue locking (https://redirect.github.com/jeremylong/DependencyCheck/issues/7208";>#7208)
https://github.com/jeremylong/DependencyCheck/commit/20e344c91791c869d4638defeb5135d49e9c";>20e344c
fix: 7093 add username/password properties to be able to authenticate for
cen...
https://github.com/jeremylong/DependencyCheck/commit/6a13d58e031144a4ce887356369dbf31b651a059";>6a13d58
build(deps): bump org.jsoup:jsoup from 1.18.2 to 1.18.3 (https://redirect.github.com/jeremylong/DependencyCheck/issues/7205";>#7205)
https://github.com/jeremylong/DependencyCheck/commit/4655cc72bcc29dc3755dafbfe5223a051448ece7";>4655cc7
build(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0 (https://redirect.github.com/jeremylong/DependencyCheck/issues/7170";>#7170)
https://github.com/jeremylong/DependencyCheck/commit/f85b726e55adce0971060ec65c4c7c9b8916af4e";>f85b726
build(deps): bump jackson.version from 2.18.1 to 2.18.2 (https://redirect.github.com/jeremylong/DependencyCheck/issues/7200";>#7200)
https://github.com/jeremylong/DependencyCheck/commit/a3cfa4f6e9155b9136c29fa1e4415bbcb41bddfb";>a3cfa4f
build(deps): bump org.jsoup:jsoup from 1.18.1 to 1.18.2 (https://redirect.github.com/jeremylong/DependencyCheck/issues/7194";>#7194)
Additional commits viewable in https://github.com/jeremylong/DependencyCheck/compare/v11.1.0...v11.1.1";>compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot r
