The 389 Directory Server project has announced new releases of versions 2.4.0, 2.3.3, 2.2.7, and 2.1.8. From the release announcements, it appears that the most significant changes include (note that not all changes apply to all versions):
- Fixed issues in which clear-text or encoded passwords could have been exposed to unprivileged users
- Fixed a couple of potential crashes
- Fixed a couple of potential memory leaks and other memory management issues
- Fixed a potential hang that could occur when rebuilding RUV information in the replication changelog
- Improved search performance when referral handling is needed
- Improved server behavior when a large number of connections are established
- Added an option to close client connections after a failed authentication attempt
- Fixed an a CLI issue when attempting to configure referral behavior
- Fixed an issue in which search statistics omitted some types of lookups
- Fixed an issue in which schema replication overwrote the X-ORIGIN extension
- Updated dsconf to make it possible to specify a timeout when running tasks
- Updated the logconv tool to support a new logging format
- Updated the ldifgen tool to use a common default directory for LDIF files
- Updated lib389 to perform better validation when importing certificates
- Fixed an issue in which the server used case-sensitive matching for Boolean values
- Fixed an issue in which user interfaces relied on a hard-coded set of password storage schemes
- Fixed an issue when running dscreate as a non-superuser account
- Fixed an issue in which dscreate ds-root did not properly normalize paths
- Fixed an issue that allowed attribute types to be defined with conflicting matching rules
- Improved search optimization logic
- Improved db2ldif error handling
- Improved UI support for importing and exporting certificates
- Updated dsrc support to make it possible to specify alternative locations for user and group entries
- Improved migration from OpenLDAP
- Updated the CLI to support subject alternative names in CSRs
- Deprecated support for the nsslapd-ldapimaprootdn attribute