diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5ecb6c..3d9fa1c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,8 @@ Every user-facing change should have an entry in this changelog. Please respect
 
 ## Unreleased
 
-- [Improvement] use caddy `encode gzip` directive to optimize transfer size (by @ghassanmas)
+- [Security] Fix xblock ajax handler vulnerability. (by @regisb)
+- [Improvement] Use web proxy gzip encoding to improve bandwidth. We observe a 75% size reduction on the LMS dashboard. (by @ghassanmas)
 
 ## v14.1.0 (2022-10-10)
 
diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
index 60e5ceb..a7e15ad 100644
--- a/tutor/templates/build/openedx/Dockerfile
+++ b/tutor/templates/build/openedx/Dockerfile
@@ -50,6 +50,9 @@ RUN git config --global user.email "tutor@overhang.io" \
 # Fix broken "Pages" view in Studio
 # https://github.com/openedx/edx-platform/pull/30550
 RUN curl -fsSL https://github.com/open-craft/edx-platform/commit/3d54f284f82b61e693ad652d8d6e46a226fcb36d.patch | git am
+# Fix xblock ajax handler vulnerability
+# https://github.com/overhangio/edx-platform/tree/overhangio/sec-xblock-ajax
+RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/3f0f9eed42.patch | git am
 {%- endif %}
 
 {# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1> | git am #}