From 7822f4e217b8798abf644a040653d860fc8b6884 Mon Sep 17 00:00:00 2001
From: Rebecca Graber <rgraber@edx.org>
Date: Wed, 6 Apr 2022 14:03:44 -0400
Subject: [PATCH] v13.1.9 (2022-04-06)

---
 CHANGELOG.md                             | 4 ++++
 tutor/__about__.py                       | 2 +-
 tutor/templates/build/openedx/Dockerfile | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5d27f33..7205ad8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ Note: Breaking changes between versions are indicated by "💥".
 
 ## Unreleased
 
+## v13.1.9 (2022-04-06)
+
+- [Security] Fix open redirect vulnerability in inactive user flow (see [commit](https://github.com/rgraber/edx-platform/commit/fbbcfe71832e700f16aad3636b0ccb35585d1c95))
+
 ## v13.1.8 (2022-03-18)
 
 - [Bugfix] Fix "evalsymlink failure" during `k8s quickstart` (#611).
diff --git a/tutor/__about__.py b/tutor/__about__.py
index 1f1ad46..603877d 100644
--- a/tutor/__about__.py
+++ b/tutor/__about__.py
@@ -2,7 +2,7 @@ import os
 
 # Increment this version number to trigger a new release. See
 # docs/tutor.html#versioning for information on the versioning scheme.
-__version__ = "13.1.8"
+__version__ = "13.1.9"
 
 # The version suffix will be appended to the actual version, separated by a
 # dash. Use this suffix to differentiate between the actual released version and
diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
index 2bd2bd7..c5c895c 100644
--- a/tutor/templates/build/openedx/Dockerfile
+++ b/tutor/templates/build/openedx/Dockerfile
@@ -50,6 +50,9 @@ RUN git config --global user.email "tutor@overhang.io" \
 # Fix forum notification for questions
 # https://github.com/openedx/edx-platform/pull/29611
 RUN git fetch --depth=2 https://github.com/open-craft/edx-platform/ 03731f19459e558f188c06aac5cc9ca1bbc675c2 && git cherry-pick 03731f19459e558f188c06aac5cc9ca1bbc675c2
+
+# Security fix: open redirect vulnerability
+RUN git fetch --depth=2 https://github.com/rgraber/edx-platform/ fbbcfe71832e700f16aad3636b0ccb35585d1c95 && git cherry-pick fbbcfe71832e700f16aad3636b0ccb35585d1c95
 {% endif %}
 
 {# Example: RUN git fetch --depth=2 https://github.com/openedx/edx-platform <GITSHA1> && git cherry-pick <GITSHA1> #}