[python-ldap] ANN: python-ldap 3.4.0

Petr Viktorin encukou at gmail.com
Fri Nov 26 10:41:44 EST 2021 

You can find a new release of python-ldap here:

     https://pypi.python.org/pypi/python-ldap/3.4.0

See below for changes in this release.

If you find any issues, please report them either on this mailing list
or on the GitHub tracker:

      https://github.com/python-ldap/python-ldap/issues


Git tag hash for the release:
      python-ldap-3.4.0 45af6845c1d2b9e9825b2f50176718f286f77a73

The tag is signed by my GPG key with fingerprint:
98FD 199F BEDE 218C 2218  CC0B C5A8 0F29 6195 7F02

--------

About the project:

     python-ldap provides an object-oriented API to access LDAP directory
     servers from Python programs. It mainly wraps the OpenLDAP 2.x libs
     for that purpose. Additionally it contains modules for other
     LDAP-related stuff (e.g. processing LDIF, LDAP URLs and LDAPv3
     schema).

Project's web site:

      https://www.python-ldap.org/

--------
Released 3.4.0 2021-11-26

This release requires Python 3.6 or above,
and is tested with Python 3.6 to 3.10.
Python 2 is no longer supported.

New code in the python-ldap project is available under the MIT licence
(available in ``LICENCE.MIT`` in the source). Several contributors have 
agreed
to apply this licence their previous contributions as well.
See the ``README`` for details.

The following undocumented functions are deprecated and scheduled for 
removal:
- ``ldap.cidict.strlist_intersection``
- ``ldap.cidict.strlist_minus``
- ``ldap.cidict.strlist_union``

Security fixes:
* Fix inefficient regular expression which allows denial-of-service attacks
   when parsing specially-crafted LDAP schema.
   (GHSL-2021-117)

Changes:
* On MacOS, remove option to make LDAP connections from a file descriptor
   when built with the system libldap (which lacks the underlying function,
   ``ldap_init_fd``)
* Attribute values of the post read control are now ``bytes``
   instead of ISO8859-1 decoded ``str``
* ``LDAPUrl`` now treats urlscheme as case-insensitive
* Several OpenLDAP options are now supported:
   * ``OPT_X_TLS_REQUIRE_SAN``
   * ``OPT_X_SASL_SSF_EXTERNAL``
   * ``OPT_X_TLS_PEERCERT``

Fixes:
* The ``copy()`` method of ``cidict`` was added back. It was unintentionally
   removed in 3.3.0
* Fixed getting/setting ``SASL`` options on big endian platforms
* Unknown LDAP result code are now converted to ``LDAPexception``,
   rather than raising a ``SystemError``.

slapdtest:
* Show stderr of slapd -Ttest
* ``SlapdObject`` uses directory-based configuration of ``slapd``
* ``SlapdObject`` startup is now faster

Infrastructure:
* CI now runs on GitHub Actions rather than Travis CI.

More information about the python-ldap mailing list