OpenLDAP 2.4.50 is now available for download as detailed on our download page:
https://www.openldap.org/software/download/
and should soon be available on all official mirrors:
ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS
This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.
This release contains a security fix for a potential DoS attack (ITS#9202), reported by the Samba Team and filed as CVE-2020-10704.
Further OpenLDAP specific CVE filed by Debian as CVE-2020-12243.
Significant contributors are:
Howard Chu (Symas Corp)
Quanah Gibson-Mount (Symas Corp)
Ondřej Kuzník (Symas Corp)
Ryan Tandy
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
MD5(openldap-2.4.50.tgz)= f9ed44ef373abed04c9e4c8586260f9e
SHA1(openldap-2.4.50.tgz)= 82f576e0d0d334e9e798d9de8936683546247bb9
