christianlight
/
tutor
mirror of https://github.com/ChristianLight/tutor.git
7
0
Fork 0
Code Issues Releases Activity

Fix CustomTagModule mako template injection 

See announcement: https://groups.google.com/forum/#!topic/openedx-ops/aVHomKimstU
This commit is contained in:
Régis Behmo 2019-08-31 12:13:19 +02:00
parent 2c01c8cc01
commit bcf1ffe556
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
## Latest
- [Security] Fix CustomTagModule mako template injection
- [Improvement] Move all plugins outside of the tutor repo
- [Bugfix/Improvement] Add all plugins (with data) into binary bundle (#242)

2
tutor/templates/build/openedx/Dockerfile
View File

@ -27,6 +27,8 @@ WORKDIR /openedx/edx-platform
# Apply patches
# Certificates XSS vulnerability https://github.com/edx/edx-platform/pull/20904
RUN curl https://github.com/edx/edx-platform/commit/b33db2c548a1a530510d785f7659c78783a187fa.patch | git apply -
# CustomTagModule mako template injection https://groups.google.com/forum/#!topic/openedx-ops/aVHomKimstU
RUN curl https://github.com/edx/edx-platform/commit/f9689aadb0f8a41570a4bb76654f980b4e31ad96.patch | git apply -
# Download extra locales to /openedx/locale
# TODO upgrade this to ironwood