The release contained internal code improvements that are included in

Critical fixes

This release of the Directory Server addresses critical issues from earlier versions. Update all affected servers appropriately.

No critical issues have been identified.

Resolved issues

The following issues have been resolved with this release of the Directory Server.

Ticket ID Description

DS-43959, DS-44924

Added new global configuration properties that can be used to impose limits on the maximum number of attributes that can be present in an add request and the maximum number of modifications in a modify request, which can be used to avoid potential denial of service attacks. Both limits are set to 1000 by default, which is likely to be adequate for all legitimate use cases, and neither property affects the number of values that may be provided for an attribute.


Addressed an issue that caused remove-defunct-server to hang when performing replication artifact cleanup in non-interactive mode.


Fixed a PingDirectory Server performance issue involving high CPU usage when writing LDAP data to certain clients using TLSv1.3 connection security.


Removed -XX:RefDiscoveryPolicy=1 from the default start-server Java arguments. In rare cases, this argument was related to segmentation faults in the JVM, especially when used with the G1 garbage collector.


Fixed an issue where a server with a newly initialized database (through dsreplication initialize) could go into lockdown mode and report that the server may have missed one or more update(s). This generally occurred only if the initialized server was restarted right after initialization completed.


Added support for the use of Java Development Kits (JDKs) obtained through BellSoft.


Resolved a performance issue that could cause servers installed using a server encryption option to spend several minutes waiting in phase Initializing Crypto Manager during server startup.