christianlight/tutor
6
0
Fork 0
mirror of https://github.com/ChristianLight/tutor.git synced 2025-02-02 09:28:25 +00:00
Code Issues Releases Activity

security: fix unprivileged content libraries creation

Browse Source 
See:
https://github.com/openedx/edx-platform/security/advisories/GHSA-3q74-3rfh-g37j
https://github.com/openedx/edx-platform/pull/32838
https://discuss.openedx.org/t/security-upcoming-security-release-for-edx-platform-on-2023-07-25/10769
This commit is contained in:
Régis Behmo 2023-07-28 21:04:26 +02:00
parent faf43bd3b0
commit a1945245b8
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/20230728_210255_regis.md Normal file
View File

@ -0,0 +1 @@
- [Security] Fix content libraries creation by unprivileged users in studio (see [security advisory](https://github.com/openedx/edx-platform/security/advisories/GHSA-3q74-3rfh-g37j)). (by @regisb)

3
tutor/templates/build/openedx/Dockerfile
View File

@ -50,6 +50,9 @@ RUN git config --global user.email "tutor@overhang.io" \
{{ patch("openedx-dockerfile-git-patches-default") }} {{ patch("openedx-dockerfile-git-patches-default") }}
{%- else %} {%- else %}
# Patch edx-platform # Patch edx-platform
# Security advisory: https://github.com/openedx/edx-platform/security/advisories/GHSA-3q74-3rfh-g37j
# https://github.com/openedx/edx-platform/pull/32838
RUN curl -fsSL https://github.com/openedx/edx-platform/commit/163259779297a7dccb28e1f8c3dfa4d2cbdb9655.patch | git am
{%- endif %} {%- endif %}
{# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1>.patch | git am #} {# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1>.patch | git am #}