Releases: OpenIdentityPlatform/OpenDJ
Releases · OpenIdentityPlatform/OpenDJ
Release list
5.1.2
What's Changed
- Add an OpenDJ vs OpenLDAP LDAP benchmark GitHub Action by @vharseko in #654
- CVE-2026-62366 OpenDJ Unauthenticated stack exhaustion when decoding an LDAP search filter (DoS) thanks @Pig-Tail ❤️
- CVE-2026-62373 OpenDJ JMX MBean-argument deserialization without a serial filter thanks @Pig-Tail @tonghuaroot @wodzen ❤️
- CVE-2026-62375 OpenDJ Unbounded VLV offset array allocation leading to memory-exhaustion DoS thanks @Pig-Tail ❤️
- GHSA-68r5-9hpg-7qw9 OpenDJ unauthenticated SSRF, local file read and unbounded-read DoS in the DSMLv2 gateway thanks @manus-use ❤️
- GHSA-p279-2cqp-84jg SASL PLAIN authzid bypassing the proxy ACI scope check thanks @hypnguyen1209 ❤️
- CI: full Java matrix on ubuntu only; macOS/Windows build with Java 11 and 26 by @vharseko in #704
- Modernizes the OpenDJ Docker images and broadens their multi-architecture build matrix. by @vharseko in #655
- Benchmark the built Docker image against the released one by @vharseko in #656
- Stabilize Oracle JDBC backend test on CI by @vharseko in #662
- Log JMX RMI connector startup failure at error level by @vharseko in #699
- Docs: add missing tools references by @maximthomas in #657
- CI: dump OpenDJ container logs when Docker image smoke tests fail by @vharseko in #713
- Refactor file deletion logic to combine null check and length check. by @vharseko in #653
- Add CI smoke tests for the addrate/authrate/modrate/searchrate tools by @vharseko in #658
- Fix duplicate SNMP connection handler entries in packaged config.ldif by @vharseko in #659
- Fix duplicate opendj-server-legacy classes in distribution lib/ by @vharseko in #661
- Add CI install-test for the Windows MSI + document MSI install/upgrade/uninstall by @vharseko in #664
- [#665] Fix StackOverflowError while parsing long ACI with repetitive targets by @vharseko in #666 thanks @myandrews ❤️
- [#693] Fix Windows scripts for install paths with spaces and parentheses by @vharseko in #671
- Fix two broken AciTests cases and enable the suite in the default build by @vharseko in #675
- [#673] Fix ArrayIndexOutOfBoundsException on truncated percent-encoding in LDAP URLs by @vharseko in #676 thanks @myandrews ❤️
- Declare the deb/rpm runtime dependencies (java, which, chkconfig) by @vharseko in #677
- [#697] Fix global idle-time-limit having no effect on client connections by @vharseko in #684
- Fix embedded server rebuildIndex failing with Connect Error by @vharseko in #685
- Fix and enable broken tests from the slow group by @vharseko in #686
- [#696] Fix embedded server setup failing with "Time service not started" by @vharseko in #687
- Revive the quicksetup test suite by @vharseko in #694
- Fix and enable the replication StressTest by @vharseko in #698
- Remove the unfixable testStateMachineFull and fix the dead replay pool by @vharseko in #700
- Fix ACI grouped bind rule wrongly rejected when a value contains parentheses by @vharseko in #716
- Enable the remaining slow-group tests in the default build by @vharseko in #702
- Include *TestSuite classes in the failsafe run by @vharseko in #703
- Enable the SNMP tests in the default build by @vharseko in #705
- Fix and enable the AlternateRootDN ACI test by @vharseko in #706
- [#709] Enable disabled and invisible tests across the sibling modules by @vharseko in #707
- [#712] Fix StringIndexOutOfBoundsException on blank bind rule in ACI by @vharseko in #715 thanks @myandrews ❤️
- CVE-2026-9828 QOS.CH Sarl logback logback-core has a deserialization of untrusted data vulnerability by @dependabot[bot] in #717
- ci: add "Benchmark PDB vs JE" step to build-docker by @vharseko in #718
- Add concurrency groups to GitHub Actions workflows by @vharseko in #721
- [#695] Fix race in TraditionalWorkQueue.isIdle() by @vharseko in #688
- [#690] Fix finalizeWorkQueue never cancelling queued operations by @vharseko in #691
- [#692] Restore partial import semantics for include/exclude branches by @vharseko in #689
- Restrict Unix integration-test steps to Linux only by @vharseko in #723
- ci: add CodeQL code scanning workflow by @vharseko in #722
- [#719] Fix NullPointerException decoding an ACI bind rule with a missing and/or operand by @vharseko in #720 @myandrews ❤️
- CVE-2026-10532 Logback vulnerable to Object Injection through HardenedObjectInputStream modules by @dependabot[bot] in #724
- [#728] Reject TCP self-connects in replication connect paths by @vharseko in #729
- Fix flaky BindOperationTestCase subtree auth-info tests by @vharseko in #727
- [#730] Fix import/export context leak on failed initializeRemote validation by @vharseko in #731
- Fix intermittent GenerationIdTest.testMultiRS by re-advertising genId on change by @vharseko in #725
- [#710] Fix replication catch-up re-sending updates with the original assured flag by @vharseko in #714
- [#726] Reject malformed bracketed IPv6 hosts in HostPort by @vharseko in #732 thanks @myandrews ❤️
- Enable Javadoc doclint (all,-missing) and fail on warnings by @vharseko in #734
- [#735] Do not roll back a concurrently adopted generation ID on aborted handshake by @vharseko in #736
- [#737] Fix cn=changelog search failing when aliases are dereferenced by @vharseko in #740
- [#738] Fix dereferencing an alias that points into another backend by @vharseko in #741
- Harden opendj-docker apt step: force IPv4 + retries by @vharseko in #743
- [#739] Fix alias dereferencing dropping entries and accumulating DNs by @vharseko in #742
- [#744] Fix flaky ChangelogBackendTestCase: keep generated CSN batches monotonic by @vharseko in #745
- Bump org.openidentityplatform.commons to 3.1.2 by @vharseko in #733
- [#708] Fix OutOfMemory during replication initialize with JDBC backend by @vharseko in #711 thanks @ldap4life ❤️
Full Changelog: 5.1.1...5.1.2
Backers
Thank you to all our backers! Become a backer 🙏
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. Become a sponsor ❤️
5.1.1
What's Changed
- CVE-2026-46495 OpenDJ Unauthenticated RCE via Java Deserialization in JMX RMI thanks @wodzen ❤️
- CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS by @dependabot[bot] in #641
- [#648] slow
DN.valueOf/AVAnormalization for nested DN-syntax values by @vharseko in #649 thanks @anvo1115 ❤️ - chore: bump Bouncy Castle FIPS deps to latest 2.1.x patch releases by @Copilot in #637
- Fix grizzly log level is always FINE by @maximthomas in #639
- Fix shell script issues in opendj-docker/run.sh by @Copilot in #640
- Fix Windows CI: use ilammy/msvc-dev-cmd to set up MSVC env by @Copilot in #643
- Add native access JVM flag for Bouncy Castle FIPS on newer Java releases by @vharseko in #645
- Docker base DN entry creation opt-in and improves bootstrap LDIF loading resilience by @vharseko in #644
- Fix
BasicRequestsTest.testReadSelectPartialfor nesting-preserving field projection by @vharseko in #650 - Update org.openidentityplatform.commons to 3.1.1 by @vharseko in #652
- Fix JMX RMI connector startup failure introduced by CVE-2026-46495 hardening by @vharseko in #651
Full Changelog: 5.1.0...5.1.1
5.1.0
What's Changed
- [#72] Fix infinite loop in
doStopApplication()on Windows service stop by @Copilot in #610 - [#259] fix: retry loop for Windows Service start race condition (issue #259) by @Copilot in #609
- [#566] Fix AttributeValuePasswordValidator: inverted substring logic and missing reversed-password substring check by @Copilot in #599
- [#579] Fix ReferentialIntegrityPlugin silently bypassing check-references on modify operations by @Copilot in #600
- [#601] Fix server crash when File-Based Debug Logger is enabled by @Copilot in #602
- Update build.yml add JDK 26 support by @vharseko in #598
- Docs: set neutral version for the docs by @maximthomas in #603
- ci: add Windows service start/stop test to CI workflow by @Copilot in #606
- CI: Build and upload Windows native executables (winlauncher, opendj_service, launcher_administrator) by @Copilot in #611
- fix: use 127.0.0.1 instead of localIP in LockdownModeTaskTestCase by @Copilot in #605
- Filter branches to build workflow triggers (on push) by @vharseko in #614
- Fix intermittent testMultiRS failure by doubling waitForStableGenerationId timeout by @Copilot in #618
- Fix race condition in ChangelogBackendTestCase flaky test by @Copilot in #617
- Fix flaky
testMultiRS: replace fixed sleep with deterministic domain-ready wait by @Copilot in #615 - increase replication connection timeout to fix Socket Timeout error on Mac in integration test by @maximthomas in #613
- chore: bump GitHub Actions to latest major versions by @Copilot in #620
- Fix snapshot version format by @maximthomas in #624
- Fix intermittent GenerationIdTest.testMultiRS race condition on RS-to-RS topology by @Copilot in #622
- [OpenIdentityPlatform/OpenAM#980] OpenDJ slim maven artifact by @maximthomas in #625
- Upgrade local Docker registry from
registry:2toregistry:3in CI by @Copilot in #628 - status CLI: allow --hostname, --port, and --trustAll arguments by @Copilot in #631
- Fix status CLI to accept --hostname, --port, and --trustAll arguments, and add them to all status command invocations in build.yml by @Copilot in #630
- Remove ENV ROOT_PASSWORD from Dockerfiles, fix HEALTHCHECK default, add CDDL headers by @Copilot in #633
- Update commons.version to 3.1.0 by @vharseko in #619
Full Changelog: 5.0.4...5.1.0
5.0.4
What's Changed
- CVE-2025-24970 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine by @vharseko in #588
- CVE‐2025‐12194 While the situation with the JVM garbage collector overrun for Java 17 and Java 21 greatly improved with the changes in 2.1.1, we’ve still had some reports that can only be related to the use of the disposal daemon by @prthakre in #593
- [#590] Fallback to $HOME/tmp dir as a temp if instance root is mounted as noexec by @maximthomas in #591
- Bump logback to 1.5.32 by @prthakre in #595
- Migrate to caffeine 3 by @prthakre in #594
- Update commons.version from 3.0.2 to 3.0.4 by @vharseko in #597
- Docs: fix short version in the upgrade guide by @maximthomas in #592
Full Changelog: 5.0.3...5.0.4
5.0.3
What's Changed
- CVE-2026-1225 Logback allows an attacker to instantiate classes already present on the class path by @maximthomas in #583
- Fix three and more nodes replication process stuck error by @maximthomas in #584 thanks @FireBurn
- Update org.openidentityplatform.commons to 3.0.2 by @vharseko in #581
- Docs: update supported Java version by @maximthomas in #580
Full Changelog: 5.0.2...5.0.3
5.0.2
What's Changed
- [#575] FIX unable to install: UnsatisfiedLinkError: /tmp/bc-fips by @maximthomas in #576 thanks @muralicbe1983
- [#577] Windows upgrading with Upgrade.bat: an error with "" unexpected by @vharseko in #578 thanks @marcdegasperi
- [#573] Added the SAMPLE_DATA Docker environment variable to generate sample data during setup. by @maximthomas in #574
Full Changelog: 5.0.1...5.0.2
5.0.1
What's Changed
- Update target JDK to 11 and move to JakartaEE 9 by @maximthomas in #532
- Add support LTS JDK 25 by @vharseko in #555
- Update base docker image Java version to 25 LTS by @maximthomas in #564
- CVE-2025-12194 Bouncy Castle Vulnerable to Uncontrolled Resource Consumption by @dependabot[bot] in #569
- CVE-2025-59250 JDBC Driver for SQL Server has improper input validation issue by @dependabot[bot] in #570
- CVE-2025-11226 logback-core is vulnerable to Arbitrary Code Execution through file processing by @dependabot[bot] in #568
- Switch from sun.security.x509 to Bouncy Castle API by @maximthomas in #560
- Update OpenDMK external library to fix SNMP monitoring by @maximthomas in #572
- Build & deploy: add branch sustaining/4.10.x by @vharseko in #556
- Make GrizzlyLDAPListener close in a synchronous fasion to prevent test race conditions by @vharseko in #557
- [#141] Test large replication pending changes by @maximthomas in #561
- FIX bindFreePort Bind Unable to bind to a free port by @vharseko in #559
- Fix unavailable monitoring attributes over JMX by @vharseko in #558
- Bump org.openidentityplatform.commons to 3.0.1 by @vharseko in #571
- Improve ReplicationDomainTest stability by @maximthomas in #565
Full Changelog: 4.10.2...5.0.1
4.10.2
What's Changed
- CVE-2025-9092 CVE-2025-9340 CVE-2025-9341 Uncontrolled Resource Consumption vulnerability by @maximthomas in #546
- [#545] Add GroupManager writeLock performance by @vharseko in #551
- [#540] Fix OnDiskMergeImporter::PhaseOneWriteableTransaction: update over put (referral attr) by @vharseko in #541
- [#544] Add requires-admin-action component-restart for max-request-size by @vharseko in #552
- Update Java minimum version number in the setup UI by @maximthomas in #542
- Update README.md: add backers and sponsors by @vharseko in #543
- ISSUE_TEMPLATE: add "Vote to raise the priority" by @vharseko in #547
- Bump commons.version 2.4.1 by @vharseko in #553
Full Changelog: 4.10.1...4.10.2
4.10.1
What's Changed
- [#529] FIX jdbc connection deadlock by @vharseko in #533
- [#530] Fixed error when creating a backend for BASE_DN with OU in Docker by @maximthomas in #531
- Docker: Fix issues with quoting params by @prthakre in #537
Full Changelog: 4.10.0...4.10.1
4.10.0
What's Changed
- [#462] RFC5805 Lightweight Directory Access Protocol (LDAP) Transactions by @vharseko in #469
- CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration by @vharseko in #522
- Bump io.reactivex.rxjava to 3.x by @prthakre in #504
- Bump various dependencies by @prthakre in #508
- Bump commons to 2.2.5 by @maximthomas in #518
- Take Glassfish Grizzly version from commons by @maximthomas in #520
- Bump bc.fips to 2.1.x by @prthakre in #505
- Bump commons.version 2.3.0 by @vharseko in #521
- Deploy: migrating from Legacy OSSRH to Central Portal by @vharseko in #523
- Fix OSGI bundle excluded package error for rxjava3 by @maximthomas in #524
- Exclude BouncyCastle from OSGI Import-Package by @maximthomas in #526
- Fix makeldif templates: add objectClass to baseDN by @vharseko in #527
- Bump org.openidentityplatform.commons 2.4.0 by @vharseko in #528
Full Changelog: 4.9.4...4.10.0