christianlight/tutor
6
0
Fork 0
mirror of https://github.com/ChristianLight/tutor.git synced 2025-01-10 09:02:14 +00:00
Code Issues Releases Activity

security: add upstream security patch in dockerfile (#1068)

Browse Source
This commit is contained in:
Syed Muhammad Dawoud Sheraz Ali 2024-05-22 14:32:58 +05:00 committed by GitHub
parent 2520d93fb0
commit e3eb72db2a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/20240521_115552_dawoud.sheraz_security_patch.md Normal file
View File

@ -0,0 +1 @@
- [Security] Add Upstream "Privilege re-escalation in Studio after staff access removed" git security patch in Open edX Image(by @dawoudsheraz)

4
tutor/templates/build/openedx/Dockerfile
View File

@ -56,6 +56,10 @@ RUN git config --global user.email "tutor@overhang.io" \
# Prevent course structure cache infinite growth # Prevent course structure cache infinite growth
# https://github.com/openedx/edx-platform/pull/34210 # https://github.com/openedx/edx-platform/pull/34210
RUN curl -fsSL https://github.com/openedx/edx-platform/commit/ad201cd664b6c722cbefcbda23ae390c06daf621.patch | git am RUN curl -fsSL https://github.com/openedx/edx-platform/commit/ad201cd664b6c722cbefcbda23ae390c06daf621.patch | git am
# Security patch for "Privilege re-escalation in Studio after staff access removed"
# https://github.com/openedx/edx-platform/security/advisories/GHSA-99vw-2wrq-xh9x
# https://discuss.openedx.org/t/upcoming-security-fix-for-edx-platform-on-2024-05-17/13004
RUN curl -fsSL https://github.com/openedx/edx-platform/commit/3ff69fd5813256f935f19c237ea0c42d4c16edbf.patch | git am
{%- endif %} {%- endif %}
{# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1>.patch | git am #} {# Example: RUN curl -fsSL https://github.com/openedx/edx-platform/commit/<GITSHA1>.patch | git am #}