Advisories for Maven/Org.springframework.security/Spring-Security-Ldap package

The ActiveDirectoryLdapAuthenticator does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.