Update dependency dnsjava:dnsjava to v3 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
dnsjava:dnsjava	compile	major	2.1.7 -> 3.6.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	8.9	CVE-2024-25638	#368

---

Release Notes

dnsjava/dnsjava (dnsjava:dnsjava)

v3.6.0

Compare Source

• Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw)
  Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (@​bellebaum) and Martin Schanzenbach (@​schanzen) for reporting and assisting me with this issue.
• Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf)
  Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
• Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr)
  NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
• Fix running all DNSSEC on the specified executor
• Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
• Add A/AAAA record constructor with IP address byte array
• Validate DS record digest lengths (#​250)
• Fix NPE in SimpleResolver on invalid responses (#​277)
• Add support for JEP 418: Internet-Address Resolution SPI (#​290)
• Full JPMS support (#​246)
• Pluggable I/O for SimpleResolver
  (@​chrisruffalo, #​253)
• UDP port leak in SimpleResolver (#​318)
• Fix clean shutdown in app containers when never used (#​319)
• Fix concurrency issue in I/O clients (#​315, #​323)
• LookupSession doesn't cache CNAMEs (#​316)
• SimpleResolver can fail with UPDATE response (#​322)
• Replace synchronization in Zone with locks
  (#​305, based on work from @​srijeet0406 in #​306)

v3.5.3

Compare Source

• Fix CNAME in LookupSession (#​279)
• Fix Name constructor failing with max length, relative name and root origin (#​289, @​MMauro94)
• Add config option for Resolver I/O timeout (#​273, @​vmarian2)
• Extend I/O logging
• Prevent exception during TCP I/O with missing or truncated length prefix
• Use internal base64 codec for Android compatibility (#​271)
• Fix multi-message TSIG stream verification for pre-RFC8945 servers (#​295, @​frankarinnet and @​nguichon)
• Add StreamGenerator for generating RFC8945 compliant multi-message streams (related to #​295)

v3.5.2

Compare Source

• Correctly render empty TXT records (#​254)
• More validation on TLSA data input (#​257)

v3.5.1

Compare Source

• Fix validation of TSIG signed responses (#​249)
• DS rdata digest validation hexadecimal digits (#​252)

v3.5.0

Compare Source

• Add full built-in support for DNSSEC based on dnssecjava (#​209)
• Make Record classes serializable again (#​242)
• Allow SVCB ServiceMode records without params (#​244, @​adam-stoler)
• Fix TCPClient receive timeouts (#​218 @​nguydavi, #​219)

Note that the license changed! Previous versions were BSD-2-Clause licensed, while from this release on it is BSD-3-Clause.

v3.4.3

Compare Source

• Fix handling of buffers in DNSInput (#​224, #​225 @​nresare)
• Clear existing nameservers on config refresh (#​226)
• Fix exception when calling ResolverConfig.refresh (#​234)

v3.4.2

Compare Source

• Document behavior of ExtendedResolver.setTimeout (#​206)
• Add overloads to use an Executor when sending queries in resolvers (#​211)
• Remove synchronous locks in DoH Resolver (related to #​211)
• Fix broken CNAME handling in LookupSession (#​212)
• "WireParseException: bad label type" when parsing Message from ByteBuffer (#​213)
• Remove unnecessary synchronization in org.xbill.DNS.Header::getID (#​215, @​maltalex)
• Add examples for the LookupSession and direct Resolver usage

v3.4.1

Compare Source

• Allow signing with ED25519 and ED448 algorithms
  (#​200, Klaus Malorny)
• Rename echconfig to ech in SVCB/HTTPS records
  (#​202, @​adam-stoler)
• Fix bug in Name.compareTo with byte-values >= 128
  (#​205, @​adam-stoler)

v3.4.0

Compare Source

• UnknownHostException provides details in message (#​154)
• Limit length of relative Name to 254 (#​165)
• Fix wildcard lookups in Zone (#​169)
• Properly close UDP channel upon error
  (#​177, @​li-wjohnson)
• Fix load balancing in ExtendedResolver
  (#​179, @​paulo-raca)
• Add method to shutdown NIO threads (#​180)
• Fix restoring active position on byte buffers
  (#​184, @​ryru)
• Add support for extended DNS errors (RFC8914, #​187)
• Fix TTL for SOA record to minimum of TTL and minimum field
  (#​191, @​amitknx)
• Add support for hosts file in lookups (#​195)

v3.3.1

Compare Source

• Fix value of getAlias in C/DNameRecord (#​136)
• Fix bug with SVCB/HTTPS parsing of master file format
  (#​135, @​adam-stoler)

v3.3.0

Compare Source

• Add support for SVCB and HTTPS records (PR #​116, @​adam-stoler)
• Fix an issue with ndots in Lookup (#​118)
• Support IPv4 mapped IPv6 address in AAAA record (PR #​120, @​spwei)
• Validate range in Type
• Improve DOH Resolver (#​123, #​127)
  Note that this resolver is more a proof of concept and not
  production ready. See Javadoc and issue #​123.

v3.2.2

Compare Source

• Fix JNA access violation in WindowsResolverConfigProvider on 32bit JVMs

v3.2.1

Compare Source

• Add Javadoc @since tags for APIs introduced since 3.0
• Fix requiring JNA in certain classloaders (#​112)
• Add property to skip initializing builtin resolver config (#​112)
• Make ResolverConfig and Resolver API public (#​111)
• Add properties for a fallback resolver config provider (#​111)
• Close UDP socket on failures (#​110)
• Refactor TSIG code and add trace logging (#​109)

(Note: this release is identical to v3.2.0 except for the version number, which missed -javadoc and -sources on Maven Central)

v3.2.0

Compare Source

v3.1.0

Compare Source

• Fix order of OPT and TSIG records in messages (#​108)
• Fix RRset.cycle() short overflows (#​102)
• Fix race condition in resolver I/O (#​104)
• Add support for custom record types
  (#​94, Klaus Malorny [email protected])

v3.0.2

Compare Source

Fix an issue with the new NIO TCP resolver (see #​96)

v3.0.1

Compare Source

• Parse RRsig records with epoch time format
• Add support for EdDSA DNSSEC signatures if BouncyCastle is available
  (Ed25519 and Ed448, RFC 8080)
• Add missing RCode, OpCode and RR type mnemonics

v3.0.0-next.1

Compare Source

v3.0.0

Compare Source

• Requires Java 8 and slf4j-api
• Adds support for Java 9+ and Android O+ via a new server config
  lookup system (#​6, #​9,
• Resolving is now fully asynchronous, no new thread per query anymore
• Message provides information about the resolver that produced it (#​41)
• Add support for Host Identity Protocol (HIP) records (RFC 8005, #​47)
• Adds a DNS over HTTP (DoH) resolver (#​66)
• Fixes some issues with the OSGi manifest (#​70)
• Add support for the RES_OPTIONS environment variable (#​57)
• Add support for relative $INCLUDE paths in master files (#​75)
• Add support for custom DNS server port in config properties (#​80)
• Adds new EDNS(0) options
• Parse RRsig records with epoch time format
• Add support for EdDSA DNSSEC signatures if BouncyCastle is available
  (Ed25519 and Ed448, RFC 8080)
• Add missing RCode, OpCode and RR type mnemonics
• See the README for hints on migrating from v2.1.x to v3

v2.1.9

Compare Source

v2.1.8

Compare Source

---

• If you want to rebase/retry this PR, check this box