Skip to content

Bump com.unboundid:unboundid-ldapsdk from 7.0.4 to 7.0.5 in /modules/ldap#11907

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/modules/ldap/com.unboundid-unboundid-ldapsdk-7.0.5
Open

Bump com.unboundid:unboundid-ldapsdk from 7.0.4 to 7.0.5 in /modules/ldap#11907
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/modules/ldap/com.unboundid-unboundid-ldapsdk-7.0.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps com.unboundid:unboundid-ldapsdk from 7.0.4 to 7.0.5.

Release notes

Sourced from com.unboundid:unboundid-ldapsdk's releases.

UnboundID LDAP SDK for Java 7.0.5

We have just released version 7.0.5 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

  • We have updated the persistence framework to provide improved security validation when using Java serialization for certain fields. In general, we don’t recommend the use of Java serialization in the persistence framework, since there are security concerns, and since the persisted objects can only be used by Java applications. If you wish to store an object in an LDAP server that has fields of types that aren’t supported by the out-of-the-box persistence framework, we recommend creating a custom ObjectEncoder to handle the conversion to and from LDAP attributes.

  • We updated the usage information for the ldapdelete tool to include a --searchBaseDN argument that was mentioned in the description but omitted from the set of sample arguments.

  • We updated the documentation to include the latest revisions of a number of LDAP-related specifications, including draft-bouchez-scram-mcf, draft-codere-ldapsyntax, draft-kaliski-asn1-layman-guide, draft-ietf-kitten-password-storage, draft-ietf-kitten-sasl-ht, draft-khan-ldap-bind-return-dn, and draft-sabadello-did-challenge-sasl.

Changelog

Sourced from com.unboundid:unboundid-ldapsdk's changelog.

          <div align="right">

${TARGET="offline"} LDAP SDK Home Page ${TARGET="offline"} Product Information

          <h2>Release Notes</h2>
      &lt;h3&gt;Version 7.0.5&lt;/h3&gt;
  &amp;lt;p&amp;gt;
    The following changes were made between the 7.0.4 and 7.0.5 releases:
  &amp;lt;/p&amp;gt;

  &amp;lt;ul&amp;gt;
    &amp;lt;li&amp;gt;
      Updated the LDAP SDK's persistence framework to provide improved security
      validation when using Java serialization with the DefaultObjectEncoder.  Relying
      on Java serialization is not recommended, especially when using the persistence
      framework (a) because it's not necessarily safe in general to load Java arbitrary
      Java objects from an external data store, and (b) because the resulting attribute
      values won't be usable by anything other than Java applications able to
      deserialize them.  This is contrary to the intent of the persistence framework,
      which is meant to allow store objects in an LDAP server in a way that makes them
      generally accessible to other kinds of LDAP clients.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated an ldapdelete example usage to include --searchBaseDN argument that was
      mentioned in the example description but inadvertently omitted from the example
      arguments.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated the documentation to include the latest revisions of
      draft-bouchez-scram-mcf, draft-codere-ldapsyntax, draft-kaliski-asn1-layman-guide,
      draft-ietf-kitten-password-storage, draft-ietf-kitten-sasl-ht,
      draft-khan-ldap-bind-return-dn, and draft-sabadello-did-challenge-sasl.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;
  &amp;lt;/ul&amp;gt;

  &amp;lt;p&amp;gt;&amp;lt;/p&amp;gt;



  &amp;lt;h3&amp;gt;Version 7.0.4&amp;lt;/h3&amp;gt;

... (truncated)

Commits
  • cab6672 Correct draft expiration times
  • 257ae82 Update the OID registry for a new alert type
  • 72c6234 Updated LDAP-related specifications
  • b2f9c2b Better persist framework deserialization security
  • da18114 Update an ldapdelete example
  • c041862 Update copyright years to include 2026
  • 1299fc5 Update a public OID reference DB link
  • 72f34e5 Update Maven artifact generation
  • 5882334 Post-7.0.4 updates
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 7.0.4 to 7.0.5.
- [Release notes](https://github.com/pingidentity/ldapsdk/releases)
- [Changelog](https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html)
- [Commits](pingidentity/ldapsdk@7.0.4...7.0.5)

---
updated-dependencies:
- dependency-name: com.unboundid:unboundid-ldapsdk
  dependency-version: 7.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 23:00
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code modules/ldap

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants