From 1d5bc053282c6179d58b9ebe46c581cae5c5a927 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Behmo?= Date: Sat, 15 Aug 2020 19:18:45 +0200 Subject: [PATCH] Apply javascript security patch See pull request: https://github.com/edx/edx-platform/pull/24762 --- CHANGELOG.md | 1 + tutor/templates/build/openedx/Dockerfile | 3 +++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8cb24c..9918433 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥". ## Unreleased +- [Security] Apply javascript security patch ([pull request](https://github.com/edx/edx-platform/pull/24762)) - [Bugfix] Fix "FileError" on Scorm package upload in Scorm XBlock - 💥[Improvement] Serve openedx static assets with [whitenoise](http://whitenoise.evans.io/en/stable/) instead of nginx. This removes the `k8s-deployments-nginx-init-containers` patch. Plugins are encouraged to implement static asset serving with Whitenoise as well. - [Bugfix] Fix dependency on mysql service when mysql is not activated diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile index 53cedbc..cc948d7 100644 --- a/tutor/templates/build/openedx/Dockerfile +++ b/tutor/templates/build/openedx/Dockerfile @@ -49,6 +49,9 @@ RUN curl https://github.com/overhangio/edx-platform/commit/6dbf2eddf7a4563c04c3b # xsslint security patch # https://github.com/edx/edx-platform/pull/24568 RUN curl https://github.com/edx/edx-platform/commit/0e45ecb743a1f329be825367e72695af4113f882.patch | git apply - +# Sustaining security fixes 2 +# https://github.com/edx/edx-platform/pull/24762/commits +RUN curl https://github.com/edx/edx-platform/commit/d9e0ca5e70d66e528262f80413f125d6bfac9e4e.patch | git apply - ###### Download extra locales to /openedx/locale/contrib/locale FROM minimal as locales