mirror of
https://github.com/ChristianLight/tutor.git
synced 2024-12-13 14:43:03 +00:00
sec: fix edx-platform xss vulnerability on "next" parameter
This commit is contained in:
parent
f95c394e38
commit
b46a7b0fa8
@ -18,6 +18,8 @@ Every user-facing change should have an entry in this changelog. Please respect
|
||||
|
||||
## Unreleased
|
||||
|
||||
- [Security] Fix edx-platform XSS vulnerability on "next" parameter. (by @regisb)
|
||||
|
||||
## v14.1.1 (2022-10-25)
|
||||
|
||||
- [Deprecation] Tutor is no longer compatible with Python 3.6. (by @regisb)
|
||||
|
@ -53,6 +53,9 @@ RUN curl -fsSL https://github.com/open-craft/edx-platform/commit/3d54f284f82b61e
|
||||
# Fix xblock ajax handler vulnerability
|
||||
# https://github.com/overhangio/edx-platform/tree/overhangio/sec-xblock-ajax
|
||||
RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/3f0f9eed42.patch | git am
|
||||
# Fix XSS vulnerability on "next" parameter
|
||||
# https://github.com/overhangio/edx-platform/tree/overhangio/sec-redirect-xss
|
||||
RUN curl -fsSL https://github.com/overhangio/edx-platform/commit/e16f8c0986.patch | git am
|
||||
{%- endif %}
|
||||
|
||||
{# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1> | git am #}
|
||||
|
Loading…
Reference in New Issue
Block a user