christianlight
/
tutor
mirror of https://github.com/ChristianLight/tutor.git
7
0
Fork 0
Code Issues Releases Activity

security: fix vulnerability in redirect url during auth

This commit is contained in:
Régis Behmo 2022-02-08 09:52:28 +01:00
parent 68b46aa720
commit c6cfa24dcc
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -4,9 +4,11 @@ Note: Breaking changes between versions are indicated by "💥".
## Unreleased
- [Security] Fix vulnerability in redirect url during authentication (see [commit](https://github.com/overhangio/edx-platform/commit/06550411e34c04376fa3d757e1f068f464f816e6)).
## v13.1.3 (2022-02-01)
- [Security] Fix vulnerability in call to invalid enrollment API (see [commit](https://github.com/overhangio/edx-platform/commit/e9369cffde92e765117bbd4dfbee7dc29213493a)).
- [Security] Fix vulnerability in call to invalid enrollment API (see [commit](https://github.com/openedx/edx-platform/commit/a140c674799c527e961e37c5e46cb7dc1ffef5ac)).
- [Bugfix] Fix "Internal Server Error / AttributeError / object has no attribute 'get_metadata'" in learning MFE.
- [Improvement] Replace all links to github.com/edx by github.com/openedx, following the migration of all repositories.
- [Bugfix] Fix `k8s start caddy` command.

7
tutor/templates/build/openedx/Dockerfile
View File

@ -62,8 +62,11 @@ RUN git fetch --depth=2 https://github.com/openedx/edx-platform/ 85eb44445b8a620
# https://github.com/openedx/edx-platform/pull/29741
RUN git fetch --depth=2 https://github.com/openedx/edx-platform/ a76a79f973ca05f3921fa2a3428fa7052868a725 && git cherry-pick a76a79f973ca05f3921fa2a3428fa7052868a725
# Security fix: invalid enrollment error vulnerability
# https://github.com/overhangio/edx-platform/commit/e9369cffde92e765117bbd4dfbee7dc29213493a
RUN git fetch --depth=2 https://github.com/overhangio/edx-platform/ e9369cffde92e765117bbd4dfbee7dc29213493a && git cherry-pick e9369cffde92e765117bbd4dfbee7dc29213493a
# https://github.com/openedx/edx-platform/commit/a140c674799c527e961e37c5e46cb7dc1ffef5ac
RUN git fetch --depth=2 https://github.com/openedx/edx-platform/ a140c674799c527e961e37c5e46cb7dc1ffef5ac && git cherry-pick a140c674799c527e961e37c5e46cb7dc1ffef5ac
# Security fix: redirect url vulnerability
# https://github.com/overhangio/edx-platform/commit/06550411e34c04376fa3d757e1f068f464f816e6
RUN git fetch --depth=2 https://github.com/openedx/edx-platform/ 06550411e34c04376fa3d757e1f068f464f816e6 && git cherry-pick 06550411e34c04376fa3d757e1f068f464f816e6
{% endif %}
{# Example: RUN git fetch --depth=2 https://github.com/openedx/edx-platform <GITSHA1> && git cherry-pick <GITSHA1> #}