From c02fabb493b5e5b6ca6e2ad5612219e6c9803791 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Behmo?= <regis@behmo.com>
Date: Fri, 5 Jul 2019 06:27:28 +0800
Subject: [PATCH] Apply XSS certificate vulnerability patch

https://github.com/edx/edx-platform/pull/20904
https://groups.google.com/forum/#!msg/openedx-ops/fi2WVlD0iNo/hFZrAnLpCAAJ
---
 CHANGELOG.md                             | 4 ++++
 tutor/templates/build/openedx/Dockerfile | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8c2e75..c3aa5a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 Note: Breaking changes between versions are indicated by "💥".
 
+## Latest
+
+- [Security] Apply certificate XSS security patch
+
 ## 3.5.1 (2019-07-04)
 
 - [Feature] Make it possible for plugins to patch the build templates
diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
index bb43d22..583eaf4 100644
--- a/tutor/templates/build/openedx/Dockerfile
+++ b/tutor/templates/build/openedx/Dockerfile
@@ -24,6 +24,10 @@ RUN mkdir -p /openedx/edx-platform && \
     git clone $EDX_PLATFORM_REPOSITORY --branch $EDX_PLATFORM_VERSION --depth 1 /openedx/edx-platform
 WORKDIR /openedx/edx-platform
 
+# Apply patches
+# Certificates XSS vulnerability https://github.com/edx/edx-platform/pull/20904
+RUN curl https://github.com/edx/edx-platform/commit/b33db2c548a1a530510d785f7659c78783a187fa.patch | git apply -
+
 # Download extra locales to /openedx/locale
 # TODO upgrade this to ironwood
 RUN cd /tmp \