⚠️ Security Advisory: Potential LDAP Injection Vulnerability Identified and Patched

[arikfr]

Thanks to @JarLob and @jorgectf from GitHub Security Lab, we have identified a potential security issue with our LDAP integration. Detailed information is available in the security advisory. In summary, modifying the user search template may expose your deployment to an injection attack.

The fix is simple and can be applied by updating the ldap_auth.py file in your deployment or by upgrading to the next release when it becomes available.

Currently, we do not have tests for the LDAP integration, and it is disabled by default. In the long term, we might remove this feature from the project unless someone volunteers to take ownership of it.