Security Patch Level Release 
It has been brought to our attention that certain LDAP configurations might allow for unauthorized access to Zammad.
That’s why it is crucial that all installations using LDAP authentication update to Zammad 5.0.2, which will implement a hot fix.
Note: 
Hosted instances will be updated automatically, so there is no action required from your side.
Earlier versions, prior to Zammad 5.0, are not affected by this vulnerability.
You can find all the details in the release notes and the advisory.
Thank you for your understanding!