Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Unboundid to 6.0.6 #10210

Closed
mdiskin opened this issue Aug 18, 2021 · 3 comments
Closed

Upgrade Unboundid to 6.0.6 #10210

mdiskin opened this issue Aug 18, 2021 · 3 comments
Assignees
@marcusdacoregio
Labels
in: ldap An issue in spring-security-ldap type: dependency-upgrade A dependency upgrade
Milestone
6.0.0-RC1

Comments

@mdiskin
Copy link

mdiskin commented Aug 18, 2021

Expected Behavior

Support latest improvements and better defaults for security protocols such as removing SHA1 prefering TLS1.3. Also for embedded you no longer need to enable the operational attriubutes.

https://nawilson.com/2021/05/28/unboundid-ldap-sdk-for-java-6-0-0/

Current Behavior

Works but falling a number of major versions behind which can be an audit concern.

Context

The initial request was related to bug (not unboundid but in the autoconfig) in embedded ldap springboot
spring-projects/spring-boot#23030
@mdiskin mdiskin added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Aug 18, 2021
@jzheaux jzheaux modified the milestones: 6.x, 5.6.x Aug 19, 2021
@jzheaux
Copy link
Contributor

jzheaux commented Aug 19, 2021

Before marking this at 6.x, let's see there is a way to have 5.6.x support both UnboundId 4 and the latest, similar to what was done with #9095. This way, 5.6.x can have the latest UnboundId support while allowing folks to stay on UnboundId 4.x if needed.

@jzheaux jzheaux added in: ldap An issue in spring-security-ldap and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 19, 2021
@jzheaux jzheaux removed their assignment Dec 10, 2021
@jzheaux jzheaux modified the milestones: 5.6.x, 5.7.x Dec 10, 2021
@rwinch rwinch modified the milestones: 5.7.x, 5.8.x Jun 6, 2022
@rwinch
Copy link
Member

rwinch commented Jun 6, 2022

For this issue we should also ensure old unboundid support is removed in 6.0.x

@jzheaux jzheaux self-assigned this Jun 21, 2022
@marcusdacoregio marcusdacoregio added type: dependency-upgrade A dependency upgrade and removed type: enhancement A general enhancement labels Oct 4, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 5.8.x, 6.0.0-RC1 Oct 4, 2022
@marcusdacoregio marcusdacoregio changed the title Upgrade Unboundid 6.x Upgrade Unboundid to 6.0.6 Oct 4, 2022
@marcusdacoregio
Copy link
Contributor

Unboundid 6.x already works with Spring Security 5.x, users can opt into it if they want. Spring Boot also uses Unboundid 6.x in 2.7.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: ldap An issue in spring-security-ldap type: dependency-upgrade A dependency upgrade
Projects
Spring Security Team
Status: Done
Milestone
6.0.0-RC1
Development

No branches or pull requests
4 participants
@rwinch @mdiskin @jzheaux @marcusdacoregio