From e3eb72db2a432ffa863681ffc2a0ef05b421904e Mon Sep 17 00:00:00 2001 From: Syed Muhammad Dawoud Sheraz Ali <40599381+DawoudSheraz@users.noreply.github.com> Date: Wed, 22 May 2024 14:32:58 +0500 Subject: [PATCH] security: add upstream security patch in dockerfile (#1068) --- changelog.d/20240521_115552_dawoud.sheraz_security_patch.md | 1 + tutor/templates/build/openedx/Dockerfile | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 changelog.d/20240521_115552_dawoud.sheraz_security_patch.md diff --git a/changelog.d/20240521_115552_dawoud.sheraz_security_patch.md b/changelog.d/20240521_115552_dawoud.sheraz_security_patch.md new file mode 100644 index 0000000..b0f6d8d --- /dev/null +++ b/changelog.d/20240521_115552_dawoud.sheraz_security_patch.md @@ -0,0 +1 @@ +- [Security] Add Upstream "Privilege re-escalation in Studio after staff access removed" git security patch in Open edX Image(by @dawoudsheraz) \ No newline at end of file diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile index fab935d..9f3cc7f 100644 --- a/tutor/templates/build/openedx/Dockerfile +++ b/tutor/templates/build/openedx/Dockerfile @@ -56,6 +56,10 @@ RUN git config --global user.email "tutor@overhang.io" \ # Prevent course structure cache infinite growth # https://github.com/openedx/edx-platform/pull/34210 RUN curl -fsSL https://github.com/openedx/edx-platform/commit/ad201cd664b6c722cbefcbda23ae390c06daf621.patch | git am +# Security patch for "Privilege re-escalation in Studio after staff access removed" +# https://github.com/openedx/edx-platform/security/advisories/GHSA-99vw-2wrq-xh9x +# https://discuss.openedx.org/t/upcoming-security-fix-for-edx-platform-on-2024-05-17/13004 +RUN curl -fsSL https://github.com/openedx/edx-platform/commit/3ff69fd5813256f935f19c237ea0c42d4c16edbf.patch | git am {%- endif %} {# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/.patch | git am #}