Fedora has issued an advisory on December 21:
The issue is fixed upstream in 188.8.131.52.
Another parentless SRPM, so assigning this globally.
new version 184.108.40.206 uploaded into updates_testing:
Updated phpldapadmin package fixes security vulnerability:
An XSS issue has been discovered in phpLDAPadmin before 220.127.116.11 that allows
users to store malicious values that may be executed by other users at a later
time via get_request in lib/function.php (CVE-2020-35132).
Updated packages in core/updates_testing:
I'd like to test this, but I can't get php integration with apache web-server right now.
apache-mod-php 7.3.6 is broken from what I can tell. I install that and the httpd server fails.