No code changes, correcting for the fact that the previous release artifacts
uploaded to PyPI contained unintended files.

Fixes:

• attrlist parameter is now properly checked before use, avoiding memory
  errors due to type mismatches
• Fixed errors with requestName/requestValue in extop.dds
• ldif and ldap.schema modules now actively close sockets as they're
  finished with them

Infrastructure:

• Package no longer requires setuptools-scm

Released 3.4.5 2025-10-10

Security fixes:

• CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
  ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
  escaping. (thanks to lukas-eu)
• CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
  ldap.dn.escape_dn_chars to \00 per RFC 4514. (thanks to aradona91)

Fixes:

• ReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR
  and TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection
  issues especially during server restarts
• Fixed syncrepl.py to use named constants instead of raw decimal values
  for result types
• Fixed error handling in SearchNoOpMixIn to prevent a undefined variable error

Tests:

• Added comprehensive reconnection test cases including concurrent operation
  handling and server restart scenarios

Doc/

• Updated installation docs and fixed various documentation typos
• Added ReadTheDocs configuration file

Infrastructure:

• Add testing and document support for Python 3.13

Released 3.4.4 2023-11-17

Fixes:

• Reconnect race condition in ReconnectLDAPObject is now fixed
• Socket ownership is now claimed once we've passed it to libldap
• LDAP_set_option string formats are now compatible with Python 3.12

Doc/

• Security Policy was created
• Broken article links are fixed now
• Bring Conscious Language improvements

Infrastructure:

• Add testing and document support for Python 3.10, 3.11, and 3.12

Released 3.4.3 2022-09-15

This is a minor release to bring back the removed OPT_X_TLS option.
Please note, it's still a deprecated option and it will be removed in 3.5.0.

The following deprecated option has been brought back:

• OPT_X_TLS

Fixes:

• Sphinx documentation is now successfully built
• pypy3 tests stability was improved
• setup.py deprecation warning is now resolved

Released 3.4.2 2022-07-06

This is a minor release to provide out-of-the-box compatibility with the merge
of libldap and libldap_r that happened with OpenLDAP's 2.5 release.

The following undocumented functions are deprecated and scheduled for removal:

• ldap.cidict.strlist_intersection
• ldap.cidict.strlist_minus
• ldap.cidict.strlist_union

The following deprecated option has been removed:

• OPT_X_TLS

Doc/

• SASL option usage has been clarified

Lib/

• ppolicy control definition has been updated to match Behera draft 11

Modules/

• By default, compile against libldap, checking whether it provides a
  threadsafe implementation at runtime
• When decoding controls, the module can now distinguish between no value
  (now exposed as None) and an empty value (exposed as b'')
• Several new OpenLDAP options are now supported:
  • OPT_SOCKET_BIND_ADDRESSES
  • OPT_TCP_USER_TIMEOUT
  • OPT_X_SASL_MAXBUFSIZE
  • OPT_X_SASL_SECPROPS
  • OPT_X_TLS_ECNAME
  • OPT_X_TLS_PEERCERT
  • OPT_X_TLS_PROTOCOL-related options and constants

Fixes:

• Encoding/decoding of boolean controls has been corrected
• ldap.schema.models.Entry is now usable
• method keyword to ReconnectLDAPObject.bind_s is now usable

This release requires Python 3.6 or above,
and is tested with Python 3.6 to 3.10.
Python 2 is no longer supported.

New code in the python-ldap project is available under the MIT licence
(available in LICENCE.MIT in the source). Several contributors have agreed
to apply this licence their previous contributions as well.
See the README for details.

The following undocumented functions are deprecated and scheduled for removal:

• ldap.cidict.strlist_intersection
• ldap.cidict.strlist_minus
• ldap.cidict.strlist_union

Security fixes:

• Fix inefficient regular expression which allows denial-of-service attacks
  when parsing specially-crafted LDAP schema.
  (GHSL-2021-117)

Changes:

• On MacOS, remove option to make LDAP connections from a file descriptor
  when built with the system libldap (which lacks the underlying function,
  ldap_init_fd)
• Attribute values of the post read control are now bytes
  instead of ISO8859-1 decoded str
• LDAPUrl now treats urlscheme as case-insensitive
• Several OpenLDAP options are now supported:
  • OPT_X_TLS_REQUIRE_SAN
  • OPT_X_SASL_SSF_EXTERNAL
  • OPT_X_TLS_PEERCERT

Fixes:

• The copy() method of cidict was added back. It was unintentionally
  removed in 3.3.0
• Fixed getting/setting SASL options on big endian platforms
• Unknown LDAP result code are now converted to LDAPexception,
  rather than raising a SystemError.

slapdtest:

• Show stderr of slapd -Ttest
• SlapdObject uses directory-based configuration of slapd
• SlapdObject startup is now faster

Infrastructure:

• CI now runs on GitHub Actions rather than Travis CI.

Released 3.3.1 2020-06-29

Changes:

• On MacOS, remove option to make LDAP connections from a file descriptor when built wit the system libldap (which lacks the underlying function, ldap_init_fd)

Released 3.3.0 2020-06-18

Highlights:

• LDAPError now contains additional fields, such as ctrls, result, msgid
• passwd_s can now extract the newly generated password
• LDAP connections can now be made from a file descriptor

This release is tested on Python 3.8, and the beta of Python 3.9.

The following undocumented functions are deprecated and scheduled for removal:

• ldap.cidict.strlist_intersection
• ldap.cidict.strlist_minus
• ldap.cidict.strlist_union

Modules/

• Ensure ReconnectLDAPObject is not left in an inconsistent state after
  a reconnection timeout
• Syncrepl now correctly parses SyncInfoMessage when the message is a syncIdSet
• Release GIL around global get/set option call
• Do not leak serverctrls in result functions
• Don't overallocate memory in attrs_from_List()
• Fix thread support check for Python 3
• With OpenLDAP 2.4.48, use the new header openldap.h

Lib/

• Fix some edge cases regarding quoting in the schema tokenizer
• Fix escaping a single space in ldap.escape_dn_chars
• Fix string formatting in ldap.compare_ext_s
• Prefer iterating dict instead of calling dict.keys()

Doc/

• Clarify the relationship between initialize() and LDAPObject()
• Improve documentation of TLS options
• Update FAQ to include Samba AD-DC error message
  "Operation unavailable without authentication"
• Fix several incorrect examples and demos
  (but note that these are not yet tested)
• Update Debian installation instructions for Debian Buster
• Typo fixes in docs and docstrings

Test/

• Test and document error cases in ldap.compare_s
• Test if reconnection is done after connection loss
• Make test certificates valid for the far future
• Use slapd -Tt instead of slaptest

Infrastructure:

• Mark the LICENCE file as a license for setuptools
• Use "unittest discover" rather than "setup.py test" to run tests

Released 3.2.0 2019-03-13

Lib/

• Add support for X-ORIGIN in ldap.schema's ObjectClass
• Make initialize() pass extra keyword arguments to LDAPObject
• ldap.controls.sss: use str instead of basestring on Python 3
• Provide ldap.trace* atributes in non-debug mode

Doc/

• Fix ReST syntax for links to set_option and get_option

Tests/

• Use intersphinx to link to Python documentation
• Correct type of some attribute values to bytes
• Use system-specific ENOTCONN value

Infrastructure:

• Add testing and document support for Python 3.7
• Add Python 3.8-dev to Tox and CI configuration
• Add Doc/requirements.txt for building on Read the Docs