The 389 Directory Server project has released versions 3.1.1, 3.0.4, 2.5.2, and 2.4.6. Some of the changes in these releases appear to include:

• Fixed an issue that could allow an unauthenticated client to crash the server with a specially crafted search request (CVE-2024-6237, all versions)
• Fixed an issue that could allow an authenticated user to crash the server while attempting to perform a malformed password update (CVE-2024-2199, all versions)
• Fixed an issue that could allow a client to cause a denial of service with a specially crafted search request (CVE-2024-3657, all versions)
• Fixed an issue that could cause a denial of service while attempting to authenticate as a user with a malformed encoded password (CVE-2024-5953, all versions)
• Fixed an issue that could cause the server to crash while attempting to access referential integrity configuration (version 2.4.6)
• Fixed an issue that could prevent online backups from succeeding (version 3.1.1)
• Fixed an issue that could cause the server to crash while attempting to parse data in the referential integrity log file (version 3.1.1)
• Fixed an issue in which the audit log could include only partial records for large changes (all versions)
• Fixed an issue that could cause an incomplete import when using the LMDB database (versions 3.1.1, 3.0.4, and 2.5.2)
• Fixed an issue that could prevent the password history from being properly updated when a new password is provided in pre-encoded form (version 2.4.6)
• Fixed an issue that could result in an incorrect changelog when reindexing with an LMDB backend (version 2.5.2)
• Fixed an issue that could break replication after restoring a backup (version 2.4.6)
• Fixed an issue that could cause the server to return incorrect results to a VLV search when using an LMDB backend (version 2.5.2)
• Fixed an issue that could prevent adding entries with long RNDs when using an LMDB backend (version 2.5.2)
• Fixed an issue that could cause a web console error when enabling replication for a sub-suffix (all versions)
• Fixed an issue in which singleLevel would not return entries in subordinate backends (all versions)
• Fixed an issue that could prevent the server from responding to a bind attempt in which the target entry is not reachable (version 2.5.2)
• Fixed an issue that could prevent the nsslapd-numlisteners setting from being honored (all versions)
• Fixed an issue that could prevent the nsslapd-maxdescriptors setting from being honored (version 2.4.6)
• Fixed an issue that could prevent the server from properly mapping client certificates to user entries (versions 3.1.1 and 3.0.4)
• Fixed an issue that could prevent dscreate ds-root from working properly when using a relative path (version 2.4.6)
• Fixed an issue that could prevent dscreate from operating in interactive mode when using an LMDB backend (version 2.4.6)
• Fixed various issues with the logconv.pl script (version 2.4.6)
• Fixed an error message that could appear at startup if the server is configured with subordinate backends (all versions)
• Fixed an issue in which an SNMP agent could fail to start as a result of incorrect permissions (versions 3.1.1, 3.0.4, and 2.5.2)
• Fixed an issue in which dsconfig schema does not show the inChain matching rule (versions 2.5.2 and 2.4.6)
• Fixed an issue in which the server could incorrectly format UTC offsets in log messages (version 2.4.6)
• Fixed an issue that could cause a certificate lifetime to be displayed as NaN (version 2.4.6)
• Improved performance when evaluating a filter against an attribute with many values (all versions)
• Added support for JSON-formatted audit logging (version 3.1.1)
• Added support for a password storage scheme using the yescrypt KDF (version 3.1.1)
• Added support for LMDB-related health checks (version 2.5.2)
• Added support for buffered logging (version 2.4.6)
• Updated bind log messages to better indicate when MFA has been used (version 2.4.6)
• Updated the DNA plugin to support customizing the remote bind method and protocol (all versions)
• Updated the server to allow systemd to control the server user rather than using setuid (version 3.1.1)