Hi to all,
today we made a security release to fix an issue with the LDAP authentication. In some cases, LDAP servers may return an empty search result instead of an error, if a username provided during login was not found. In these cases, we did not check the authentication correctly. Version 1.3.3 fixes that issue. So please, if you use LDAP authentication, update your setup to 1.3.3. Thank you very much @marcinw and @Gino for reporting that issue and helping with debug logs. And as always you are welcome to report any bugs or enhancement request in Report a Bug/Enhancement. By the way, our next feature release 1.4.0 is on the way and will be available on 13th November 2020.
Bug
- [NET-650] - LDAP user created when login result is empty