From bcf1ffe556151745c0ae38dcd13fe8dfc4d77a6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Behmo?= <regis@behmo.com>
Date: Sat, 31 Aug 2019 12:13:19 +0200
Subject: [PATCH] Fix CustomTagModule mako template injection

See announcement: https://groups.google.com/forum/#!topic/openedx-ops/aVHomKimstU
---
 CHANGELOG.md                             | 1 +
 tutor/templates/build/openedx/Dockerfile | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 15f4fdd..2054093 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
 
 ## Latest
 
+- [Security] Fix CustomTagModule mako template injection
 - [Improvement] Move all plugins outside of the tutor repo
 - [Bugfix/Improvement] Add all plugins (with data) into binary bundle (#242)
 
diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
index 65d15e2..4f062d9 100644
--- a/tutor/templates/build/openedx/Dockerfile
+++ b/tutor/templates/build/openedx/Dockerfile
@@ -27,6 +27,8 @@ WORKDIR /openedx/edx-platform
 # Apply patches
 # Certificates XSS vulnerability https://github.com/edx/edx-platform/pull/20904
 RUN curl https://github.com/edx/edx-platform/commit/b33db2c548a1a530510d785f7659c78783a187fa.patch | git apply -
+# CustomTagModule mako template injection https://groups.google.com/forum/#!topic/openedx-ops/aVHomKimstU
+RUN curl https://github.com/edx/edx-platform/commit/f9689aadb0f8a41570a4bb76654f980b4e31ad96.patch | git apply -
 
 # Download extra locales to /openedx/locale
 # TODO upgrade this to ironwood