It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible
to authorisation bypass of URL access rules. The Debian packages do not
use Nginx by default.
For the stable distribution (buster), this problem has been fixed in
version 2.0.2+ds-7+deb10u5, this update provides fixed example
configuration which needs to be integrated into Lemonldap::NG
deployments based on Nginx.
We recommend that you upgrade your lemonldap-ng packages.