Bump dnsjava:dnsjava from 3.5.3 to 3.6.0 in /pgp-keys-map-test1 by dependabot[bot] · Pull Request #2399 · s4u/pgp-keys-map (original) (raw)

Bumps dnsjava:dnsjava from 3.5.3 to 3.6.0.

Release notes

Sourced from dnsjava:dnsjava's releases.

v3.6.0

• Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw) Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (@​bellebaum) and Martin Schanzenbach (@​schanzen) for reporting and assisting me with this issue.
• Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf) Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
• Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr) NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
• Fix running all DNSSEC on the specified executor
• Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
• Add A/AAAA record constructor with IP address byte array
• Validate DS record digest lengths (#250)
• Fix NPE in SimpleResolver on invalid responses (#277)
• Add support for JEP 418: Internet-Address Resolution SPI (#290)
• Full JPMS support (#246)
• Pluggable I/O for SimpleResolver (@​chrisruffalo, #253)
• UDP port leak in SimpleResolver (#318)
• Fix clean shutdown in app containers when never used (#319)
• Fix concurrency issue in I/O clients (#315, #323)
• LookupSession doesn't cache CNAMEs (#316)
• SimpleResolver can fail with UPDATE response (#322)
• Replace synchronization in Zone with locks (#305, based on work from @​srijeet0406 in #306)

Changelog

Sourced from dnsjava:dnsjava's changelog.

07/21/2024

• 3.6.0 released
• Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw) Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (@​bellebaum) and Martin Schanzenbach (@​schanzen) for reporting and assisting me with this issue.
• Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf) Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
• Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr) NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
• Fix running all DNSSEC on the specified executor
• Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
• Add A/AAAA record constructor with IP address byte array
• Validate DS record digest lengths (#250)
• Fix NPE in SimpleResolver on invalid responses (#277)
• Add support for JEP 418: Internet-Address Resolution SPI (#290)
• Full JPMS support (#246)
• Pluggable I/O for SimpleResolver (@​chrisruffalo, #253)
• UDP port leak in SimpleResolver (#318)
• Fix clean shutdown in app containers when never used (#319)
• Fix concurrency issue in I/O clients (#315, #323)
• LookupSession doesn't cache CNAMEs (#316)
• SimpleResolver can fail with UPDATE response (#322)
• Replace synchronization in Zone with locks (#305, based on work from @​srijeet0406 in #306)

11/11/2023

• 3.5.3 released
• Fix CNAME in LookupSession (#279)
• Fix Name constructor failing with max length, relative name and root origin (#289, @​MMauro94)
• Add config option for Resolver I/O timeout (#273, @​vmarian2)
• Extend I/O logging
• Prevent exception during TCP I/O with missing or truncated length prefix
• Use internal base64 codec for Android compatibility (#271)
• Fix multi-message TSIG stream verification for pre-RFC8945 servers (#295, @​frankarinnet and @​nguichon)
• Add StreamGenerator for generating RFC8945 compliant multi-message streams (related to #295)

11/16/2022

• 3.5.2 released
• Correctly render empty TXT records (#254)
• More validation on TLSA data input (#257)

05/15/2022

... (truncated)

Commits

• fd1d7c9 Release v3.6.0
• 9fbab85 Artifact v4 fixes
• bc51df1 Fix links to RFCs and IANA registries
• 5b01f5d Update dependencies
• 2f9b45b Replace synchronization in Zone with locks
• e206796 Add AAAARecord ctor with byte[]
• a24a6bf DDNS response messages do not include the question
• 36ba711 Prevent exceptions during concurrent selector runs
• b842550 Remove junit-pioneer due to lack of Java 8 support
• 711af79 CVE-2023-50868 / KeyTrap: NSEC3 closest encloser proof can exhaust CPU
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)