6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-16 01:57:16 +00:00
Commit Graph

10 Commits

Author SHA1 Message Date
Régis Behmo
0e8f55798c sec: fix XSS vulnerability in drag-n-drop v2 xblock
Vulnerability is fixed by upgrading the xblock from v2.3.5 to v3.0.0.
See announcement:
https://discuss.openedx.org/t/upcoming-security-release-xblock-drag-and-drop-v2/8768
2022-11-29 09:05:38 +01:00
Régis Behmo
ff0e8f7140 fix: pin openedx dev Docker image tag with tutor version
When running:

    tutor dev run -m /path/to/edx-platform lms
    pip install -r requirements/edx/development.txt

I realised that I was re-installing packages that should already have been
present in the image. The reason for that was that I was running an outdated
version of the dev version of the openedx Docker image. This happens because
`tutor dev run` does not trigger an image re-build.

We solve this issue by pinning the openedx dev Docker image tag to the current
tutor version.
2022-11-29 09:02:50 +01:00
james
7b72a5a910 feat: support for mongodb SSL+auth source/mech+replica set
This change builds upon a previously proposed PR:
https://github.com/overhangio/tutor/pull/437

There was another long conversation about this topic here:
https://github.com/overhangio/tutor-forum/pull/10#issuecomment-1314799915

We could have supported the MongoDB auth/replica set/ssl parameters as part of
the MongoDB host URI, but then this URI is not supported in the forum plugin,
which uses an old version of the mongoid client. We were hoping that the client
would have been upgraded by now, but it's not been upgraded for a long time.

The changes introduced here are 100% backward-compatible. The forum plugin will
have to be updated to take into account the new parameters.
2022-11-28 13:09:13 +01:00
Régis Behmo
b8ca06a42c fix: Swahili locale name
Note that this locale ships with edx-platform by default.
2022-11-28 12:23:02 +01:00
Régis Behmo
13104809c1 docs: add missing changelog entry 2022-11-28 10:07:02 +01:00
Régis Behmo
c9ac12fdd7 v14.2.1 (2022-11-24)
- [Improvement] Auto-completion of `plugins` and `config` arguments: `plugins enable/disable NAME`, `plugins install PATH`, `config save --set KEY=VAL`, `config save --unset KEY`, `config printvalue KEY`. (by @regisb)
- [Bugfix] Fix minimum click version (>= 8.0.0) when installing tutor from pip.
- [Improvement] Enable CORS by default for both LMS and CMS by moving those settings to the `common_all` partial. (by @arbrandes)
2022-11-24 16:25:34 +01:00
Régis Behmo
04258b9f9b docs: add changelog entry for click fix 2022-11-24 16:24:18 +01:00
Régis Behmo
29eb3398a2 feat: auto-complete config save/printroot arguments 2022-11-24 16:21:57 +01:00
Régis Behmo
ee09612326 feat: auto-complete plugins arguments
Support auto-completion of plugin name and path arguments in the `tutor
plugins` commands.
2022-11-24 16:21:57 +01:00
Régis Behmo
c886b72ae7 docs: migrate to scriv to manage changelog
Changelog management was starting to be a hassle:

- there were conflicts every time a PR was merged
- there were conflicts every time we merged the nightly branch in the new
  release branch, or vice versa.

Now, all changelog entries are stored as separate files in changelog.d,
including nightly. Nightly entries will be collected for every major release.
2022-11-24 16:15:15 +01:00