UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.0, which includes the following changes:
- Deprecated support for TLSv1 and TLSv1.1
- Deprecated support for TLS cipher suites that rely on the SHA-1 message digest or RSA key exchange
- Fixed an issue that could cause the LDAP SDK to use the default set of JVM-enabled TLS cipher suites instead of a recommended set identified by the LDAP SDK
- Updated the logic used when generating the string representations of DNs so that printable non-ASCII characters are no longer escaped by default
- Updated the logic used when generating the LDIF representations of entries and change records so that values with ASCII control characters are now base64-encoded by default
- Updated the LDIF reader to make it possible to disable support for reading change records with LDAP controls
- Updated the PKCS #11 key manager to make it easier to interact with a PKCS #11 token without altering the JVM configuration
- Updated the manage-certificates tool to support interacting with PKCS #11 tokens
- Updated the manage-certificates tool to add a new copy-keystore subcommand
- Updated the manage-certificates tool to add optional –output-file and –output-format arguments to the generate-self-signed-certificate subcommand
- Updated the manage-certificates tool to allow interacting with BCFKS key stores even when not operating in FIPS 140-2-compliant mode
- Updated the manage-certificates tool to display the key store type when using the list-certificates subcommand
- Updated the in-memory-directory-server tool to add a –doNotGenerateOperationalAttributes argument
- Added a new ThreadLocalSecureRandom class
- Updated the documentation to include the latest revisions of the draft-coretta-x660-ldap, draft-ietf-kitten-password-storage, and draft-melnikov-scram-2fa drafts
- Updated the use of the Bouncy Castle FIPS-compliant secure random number generator to reduce the potential for exhausting system entropy
- Added the ability to customize the set of providers that will be allowed when operating in FIPS 140-2-compliant mode
- Updated the command-line tool framework to check for FIPS 140-2-compliant mode as early as possible in the tool startup process
- Updated the collect-support-data tool to allow using the –keyStoreFormat and –trustStoreFormat arguments even if the –useRemoteServer argument was not provided
- Added client-side support for a new administrative task for safely removing an object class from the server schema