diff --git a/CHANGELOG.md b/CHANGELOG.md
index 15f4fdd..2054093 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
 
 ## Latest
 
+- [Security] Fix CustomTagModule mako template injection
 - [Improvement] Move all plugins outside of the tutor repo
 - [Bugfix/Improvement] Add all plugins (with data) into binary bundle (#242)
 
diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
index 65d15e2..4f062d9 100644
--- a/tutor/templates/build/openedx/Dockerfile
+++ b/tutor/templates/build/openedx/Dockerfile
@@ -27,6 +27,8 @@ WORKDIR /openedx/edx-platform
 # Apply patches
 # Certificates XSS vulnerability https://github.com/edx/edx-platform/pull/20904
 RUN curl https://github.com/edx/edx-platform/commit/b33db2c548a1a530510d785f7659c78783a187fa.patch | git apply -
+# CustomTagModule mako template injection https://groups.google.com/forum/#!topic/openedx-ops/aVHomKimstU
+RUN curl https://github.com/edx/edx-platform/commit/f9689aadb0f8a41570a4bb76654f980b4e31ad96.patch | git apply -
 
 # Download extra locales to /openedx/locale
 # TODO upgrade this to ironwood