The Apache Directory LDAP API version 1.0.2 has been released. The release announcement states that it’s a bugfix release, but doesn’t offer any additional information about the changes that it includes. There also don’t appear to be any release notes on the website or in the product download. The project website does suggest that it may include fixes for one or more critical security problems, including one that may result in clear-text communication when encrypted communication was expected, but that may be a copy-and-paste typo as identical text appears in the release announcement for the 1.0.1 version.

Editor’s note: I received a clarification on the contents of this release and have written a new post describing the primary security fix that it contains. Thanks to Emmanuel Lécharny for the update.