sec: fix xblock ajax handler vulnerability
This commit is contained in:
parent
7d32179038
commit
3ba5365537
|
@ -18,7 +18,8 @@ Every user-facing change should have an entry in this changelog. Please respect
|
||||||
|
|
||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
- [Improvement] use caddy `encode gzip` directive to optimize transfer size (by @ghassanmas)
|
- [Security] Fix xblock ajax handler vulnerability. (by @regisb)
|
||||||
|
- [Improvement] Use web proxy gzip encoding to improve bandwidth. We observe a 75% size reduction on the LMS dashboard. (by @ghassanmas)
|
||||||
|
|
||||||
## v14.1.0 (2022-10-10)
|
## v14.1.0 (2022-10-10)
|
||||||
|
|
||||||
|
|
|
@ -50,6 +50,9 @@ RUN git config --global user.email "tutor@overhang.io" \
|
||||||
# Fix broken "Pages" view in Studio
|
# Fix broken "Pages" view in Studio
|
||||||
# https://github.com/openedx/edx-platform/pull/30550
|
# https://github.com/openedx/edx-platform/pull/30550
|
||||||
RUN curl -fsSL https://github.com/open-craft/edx-platform/commit/3d54f284f82b61e693ad652d8d6e46a226fcb36d.patch | git am
|
RUN curl -fsSL https://github.com/open-craft/edx-platform/commit/3d54f284f82b61e693ad652d8d6e46a226fcb36d.patch | git am
|
||||||
|
# Fix xblock ajax handler vulnerability
|
||||||
|
# https://github.com/overhangio/edx-platform/tree/overhangio/sec-xblock-ajax
|
||||||
|
RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/3f0f9eed42.patch | git am
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
{# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1> | git am #}
|
{# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1> | git am #}
|
||||||
|
|
Loading…
Reference in New Issue