security: fix enrollment API vulnerability

overhangio · Feb 1, 2022 · 89b4ce1 · 89b4ce1
1 parent 02a1534
commit 89b4ce1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
 
 ## Unreleased
 
+- [Security] Fix vulnerability in call to invalid enrollment API (see [commit](https://github.com/overhangio/edx-platform/commit/e9369cffde92e765117bbd4dfbee7dc29213493a)).
 - [Bugfix] Fix "Internal Server Error / AttributeError / object has no attribute 'get_metadata'" in learning MFE.
 - [Improvement] Replace all links to github.com/edx by github.com/openedx, following the migration of all repositories.
 - [Bugfix] Fix `k8s start caddy` command.

diff --git a/tutor/templates/build/openedx/Dockerfile b/tutor/templates/build/openedx/Dockerfile
@@ -61,6 +61,9 @@ RUN git fetch --depth=2 https://github.com/openedx/edx-platform/ 85eb44445b8a620
 # Fix Internal Server Error/AttributeError in learning MFE
 # https://github.com/openedx/edx-platform/pull/29741
 RUN git fetch --depth=2 https://github.com/openedx/edx-platform/ a76a79f973ca05f3921fa2a3428fa7052868a725 && git cherry-pick a76a79f973ca05f3921fa2a3428fa7052868a725
+# Security fix: invalid enrollment error vulnerability
+# https://github.com/overhangio/edx-platform/commit/e9369cffde92e765117bbd4dfbee7dc29213493a
+RUN git fetch --depth=2 https://github.com/overhangio/edx-platform/ e9369cffde92e765117bbd4dfbee7dc29213493a && git cherry-pick e9369cffde92e765117bbd4dfbee7dc29213493a
 {% endif %}
 
 {# Example: RUN git fetch --depth=2 https://github.com/openedx/edx-platform <GITSHA1> && git cherry-pick <GITSHA1> #}