Bump unboundid-ldapsdk from 6.0.5 to 6.0.6

[dependabot]

Bumps unboundid-ldapsdk from 6.0.5 to 6.0.6.

Release notes

Sourced from unboundid-ldapsdk's releases.

UnboundID LDAP SDK for Java 6.0.6

We have just released version 6.0.6 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes included in this version:

General Updates

• We fixed an issue that could cause request failures when closing a connection operating in asynchronous mode with outstanding operations.

• We fixed an issue that could interfere with the ability to get a default SSLContext on Java 17 when running in FIPS 140-2-compliant mode.

• We updated LDAPConnectionOptions to add support for a new system property that can enable certificate hostname verification by default without any code changes.

• We updated the LDAP command-line tool framework to add a new --verifyCertificateHostnames argument to enable hostname verification when performing TLS negotiation.

• We improved the class-level Javadoc documentation for the SSLUtil class to provide a better overview of TLS protocol versions, TLS cipher suites, key managers, trust managers, and certificate hostname verification, and to provide better examples that illustrate best practices for establishing secure connections.

• We fixed an issue in the JNDI compatibility support for controls, as well as extended requests and responses. Even though the implementation was based on the JNDI documentation, it appears that at least OpenJDK implementations do not abide by that documentation. The LDAP SDK is now compatible with the observed behavior rather than the documentation, although a system property can be used to revert to the former behavior.

• We updated the SearchRequest class to add constructors that allow you to provide the search base DN with a DN object (as an alternative to existing constructors that allow you to specify it as a String).

• We fixed an issue in the command-line tool framework in which an Error (for example, OutOfMemoryError) could cause the tool to report a NullPointerException rather than information about the underlying error.

• We fixed an issue in the IA5 argument value validator that could allow it to accept argument values with non-ASCII characters.

• We fixed an issue in the DNS hostname argument value validator that could prevent it from properly validating the last component of a fully qualified domain name, or the only component of an unqualified name.

• We updated the identify-references-to-missing-entries tool to provide an option to generate an LDIF file with changes that can be used to remove identified references.

• We updated the SelfSignedCertificateGenerator class to perform better validation for the subject alternative DNS names that it includes in a certificate.

• We updated the manage-certificates generate-self-signed-certificate command to rename the --replace-existing-certificate argument to be --use-existing-key-pair. The former argument name still works, but it is hidden from the usage.

• We included a native-image/resource-config.json file in the LDAP SDK jar file manifest, which can be used by the GraalVM native-image tool to ensure that appropriate resource files are included in the resulting image.

Updates Specific to Use With the Ping Identity Directory Server

• We updated the summarize-access-log tool to report on many more things, including the most common IP addresses for failed bind attempts, the most consecutive failed binds, information about work queue wait times, information about request and response controls, the number of components in search filters, and search filters that may indicate injection attempts.

• We updated support for the audit data security administrative task to make it possible to specify the number and/or age of previous reports to retain.

• We fixed issues that prevented specifying the criticality of the administrative operation and join request controls.

Changelog

Sourced from unboundid-ldapsdk's changelog.

          <div align="right">

${TARGET="offline"} LDAP SDK Home Page ${TARGET="offline"} Product Information

          <h2>Release Notes</h2>
      &lt;h3&gt;Version 6.0.6&lt;/h3&gt;
  &amp;lt;p&amp;gt;
    The following changes were made between the 6.0.5 and 6.0.6 releases:
  &amp;lt;/p&amp;gt;

  &amp;lt;ul&amp;gt;
    &amp;lt;li&amp;gt;
      Fixed an issue that could cause request failures when closing a connection that
      has outstanding operations in the default asynchronous mode, immediately
      re-establishing the connection (to the same or a different server), and sending
      a request on the newly established connection.  However, we generally recommend
      creating a new connection object (or using a connection pool) in these cases,
      rather than closing and re-establishing the same connection object.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Fixed an issue that could interfere with the ability to get a default SSLContext
      on modern versions of Java (e.g., Java 17) when using the LDAP SDK in FIPS
      140-2-compliant mode.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated the LDAPConnectionOptions class to add support for a new
      com.unboundid.ldap.sdk.LDAPConnectionOptions.defaultVerifyCertificateHostnames
      system property that can be used to enable certificate hostname verification by
      default.  This verification was previously available by calling the
      LDAPConnectionOptions.setSSLSocketVerifier method with a
      HostNameSSLSocketVerifier instance, but the new system property can be used to
      enable this verification by default without any code changes.  Even though
      hostname verification is strongly recommended, it is disabled by default in the
      LDAP SDK for backward compatibility purposes, and for compatibility with a wide
      range of development, test, and even production environments that are not
      properly set up with certificates that allow for hostname verification.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated the LDAP command-line tool framework to add a new
      &amp;quot;--verifyCertificateHostnames&amp;quot; argument that can be used to enable hostname

... (truncated)

Commits

• b8c6c46 Update the LDAP SDK release notes
• 3321398 Include resource-config.json in the jar manifest
• 46c0162 More updates to summarize-access-log
• 48a4d2f Update the release notes for the previous change
• f11dd79 Improve support for GraalVM native images
• 438b6a1 Secure connection improvements
• 0da3f7c Update identify-references-to-missing-entries
• 6b3f419 Fix a summarize-access-log failure count issue
• b6bff72 Add more checks to summarize-access-log
• f441e9f Fix ReplicationSummaryReplicationServerTestCase
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

Coverage remained the same at 77.498% when pulling 3070daa on dependabot/maven/com.unboundid-unboundid-ldapsdk-6.0.6 into 5b61872 on master.

[dependabot]

Superseded by #1165.