This is a security release of dex that addresses a vulnerability in the LDAP connector.
Issue: Dex does not protect against LDAP servers that allow unauthenticated binds (usually disabled by default), which means a user can login to dex without a password via LDAP.
Users of the LDAP connector should update to this release immediately if their LDAP servers supports unauthenticated bind.