OpenLDAP 2.4.50 is now available for download as detailed on our download page:

https://www.openldap.org/software/download/

and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

This release contains a security fix for a potential DoS attack (ITS#9202), reported by the Samba Team and filed as CVE-2020-10704. Further OpenLDAP specific CVE filed by Debian as CVE-2020-12243.

Significant contributors are:

Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) Ryan Tandy

OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)

MD5(openldap-2.4.50.tgz)= f9ed44ef373abed04c9e4c8586260f9e SHA1(openldap-2.4.50.tgz)= 82f576e0d0d334e9e798d9de8936683546247bb9