v2.4.1
·
2419 commits
to master
since this release
v2.4.1
rithujohn191
rithu leena john
This tag was signed with the committer’s verified signature.
rithujohn191
rithu leena john
This is a security release of dex that addresses a vulnerability in the LDAP connector.
Issue: Dex does not protect against LDAP servers that allow unauthenticated binds (usually disabled by default), which means a user can login to dex without a password via LDAP.
Users of the LDAP connector should update to this release immediately if their LDAP servers supports unauthenticated bind.