christianlight/tutor
6
0
Fork 0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-12-13 14:43:03 +00:00
Code Issues Releases Activity

sec: fix XSS vulnerability in drag-n-drop v2 xblock

Browse Source 
Vulnerability is fixed by upgrading the xblock from v2.3.5 to v3.0.0.
See announcement:
https://discuss.openedx.org/t/upcoming-security-release-xblock-drag-and-drop-v2/8768
This commit is contained in:
Régis Behmo 2022-11-29 08:45:56 +01:00 committed by Régis Behmo
parent ff0e8f7140
commit 0e8f55798c
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/20221129_083631_regis_sec_drag_n_drop.md Normal file
View File

@ -0,0 +1 @@
- [Security] Apply drag-n-drop v2 xblock [security patch](https://discuss.openedx.org/t/upcoming-security-release-xblock-drag-and-drop-v2/8768/7). (by @regisb)

3
tutor/templates/build/openedx/Dockerfile
View File

@ -56,6 +56,9 @@ RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/3f0f9eed42.patc
# Fix XSS vulnerability on "next" parameter
# https://github.com/overhangio/edx-platform/tree/overhangio/sec-redirect-xss
RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/e16f8c0986.patch | git am
# Fix drag-n-drop v2 xblock vulnerability
# https://github.com/openedx/edx-platform/pull/31354
RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/527b4993ae.patch | git am
{%- endif %}
{# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1> | git am #}