The 389 Directory Server project has announced new releases of versions 2.0.2 and 1.4.4.10. From the release announcements, it looks like some of the changes in these versions are:
- Fixed a security issue that could cause unexpected information to be returned in an LDAP request (both versions)
- Fixed a number of memory management issues that could cause crashes or potential security issues (both versions)
- Fixed a potential data corruption error in syncrepl processing (both versions)
- Fixed a potential crash when dereferencing an entry that exists but is not returned by an internal search (both versions)
- Fixed a potential crash resulting from a division-by-zero in disk monitoring code (both versions)
- Fixed a potential crash when using the simple paged results control with chaining (version 2.0.2)
- Fixed an out-of-bounds issue affecting the file descriptor table (both versions)
- Fixed an issue that may prevent entryUUID from being replicated properly (both versions)
- Fixed a replication issue that could cause an internal search to use an improperly escaped filter (version 2.0.2)
- Fixed an issue that affects interaction with OpenLDAP involving the entryUUID attribute (both versions)
- Fixed an issue that may cause the changelog cache to upload updates from the wrong starting point (both versions)
- Updated the server to log internal searches that are unindexed (version 2.0.2)
- Fixed an issue that could occur during migration from OpenLDAP (both versions)
- Fixed an issue with singleLevel searches below “cn=monitor” (both versions)
- Fixed a performance issue around the use of the TCP_NODELAY socket option (both versions)
- Added support for OpenLDAP-compatible password encodings (both versions)
- Added a warning for skipped entries during an online LDIF import (both versions)
- Fixed an LDIF import performance issue after an earlier failed import (version 2.0.2)
- Added cockpit enabling to dsctl (both versions)
- Added DN rewriting support for LDAPI authentication (both versions)
- Added support for encoding passwords with gost-yescrypt (both versions)
- Added the machine name as a subject alternative name when generating certificates (both versions)
- Fixed an issue that could cause the server to return referrals for servers with a different data generation (version 2.0.2)
- Fixed a DN normalization issue for escaped spaces (version 2.0.2)
- Fixed an ldifgen issue when using the –start-idx argument (version 2.0.2)
- Fixed an issue that could prevent dsidm from removing an organizationalUnit entry (version 2.0.2)
- Fixed systemd pin warnings (version 2.0.2)
- Fixed a UI issue that prevented it from handling object class definitions without an X-ORIGIN extension (version 2.0.2)
- Updated the client library to use the underlying system’s TLS policy (version 2.0.2)