Updating is highly recommended
A bug with TOTP verification was found that allowed any six digit code to bypass the TOTP requirement on login. A valid password is still required to reach the bypass. This update patches the bug.
For more details view the Security Advisory: GHSA-j679-vp39-qwqq
Thanks to @probablyjassin for the report.
Full Changelog: v1.16.2...v1.16.3