Apply security patch #25974

See https://discuss.openedx.org/t/security-im-patch-for-xss-fixes-3/3944

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 Note: Breaking changes between versions are indicated by "💥".
 
+## Unreleased
+
+- [Security] Apply security patch [25974](https://github.com/edx/edx-platform/pull/25974)
+
 ## v11.0.5 (2020-12-30)
 
 - [Bugfix] Fix "Invalid type for parameter ContentType" error on js upload in Scorm xblock ([openedx-scorm-xblock #16](https://github.com/overhangio/openedx-scorm-xblock/issues/16))

tutor/templates/build/openedx/Dockerfile

@@ -36,6 +36,9 @@ RUN mkdir -p /openedx/edx-platform && \
 WORKDIR /openedx/edx-platform
 
 # Patch edx-platform
+# Apply security fixes
+RUN curl https://github.com/edx/edx-platform/commit/fab755d80083575d3466b990cfcef3b9fd97e755.patch | git apply -
+RUN curl https://github.com/edx/edx-platform/commit/4abb0f85df3f01b791953bb021b754a210b9a99f.patch | git apply -
 # Make it possible to disable learner records globally
 # https://github.com/edx/edx-platform/pull/25182
 # https://github.com/overhangio/edx-platform/tree/overhangio/disable-learner-records-from-settings
@@ -44,8 +47,6 @@ RUN curl https://github.com/overhangio/edx-platform/commit/bd038bab3cf02df147e75
 # https://github.com/edx/edx-platform/pull/25771
 # https://github.com/overhangio/edx-platform/tree/overhangio/fix-paver-warning
 RUN curl https://github.com/overhangio/edx-platform/commit/bc0ab09f9945bd14aa6be1dbbf928cce58f079d2.patch | git apply -
-# Apply security fixes
-RUN curl https://github.com/overhangio/edx-platform/commit/fab755d80083575d3466b990cfcef3b9fd97e755.patch | git apply -
 # Fix lost celery tasks
 # https://github.com/edx/edx-platform/pull/25840
 RUN curl https://github.com/overhangio/edx-platform/commit/928fe14a5656303b538281edce897faf082b549c.patch | git apply -