It’s been two months since Koa was released (with the koa.1 tag), and as was to be expected it’s now lagging behind open-release/koa.master by a few security fixes. To address this, we’re pleased to announce that open-release/koa.2 has been tagged to include them.
Note: from now until Lilac is released on June 9th, Koa point releases will be tagged every two months, no matter how many commits koa.master happens to have accumulated in the intervening time. This is so Open edX operators can plan around upgrades more reliably.
This is what changed:
---- ./xqueue ----
04e560e 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./configuration ----
8685b14c7 2021-01-19 Florian Haas: postfix_queue: Add the ability to set recipient canonical maps
6169c0c48 2020-12-01 M. Zulqarnain: Upgrade XQueue to Ubuntu 20.04 (#6175)
---- ./edx-platform ----
f1324710af 2021-02-09 Matt Hughes: fix(notes): XSS vector for a11y text attached to notes editor
08f4603fba 2020-08-19 Régis Behmo: Fix TypeError during transcript upload to S3
cba2c84073 2021-02-08 Ali-D-Akbar: Incident Management Security Fixes 8
603eabf53e 2021-01-12 Daniel Francis: Misuse of urljoin in Gradebook URL from Instructor Panel
97afc00574 2021-02-01 Ned Batchelder: fix: messages shouldn't name edx.org
e723a9f3d1 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
a8edfa9d5b 2021-02-01 Ali-D-Akbar: Incident Management Security Fixes 7
5afe578528 2021-01-27 Ali-D-Akbar: Incident Management Security Release 6
93d38e8657 2020-07-16 Ahtisham Shahid: Error incase of disabled user social login
0930426936 2021-01-13 Tim McCormack: Include security patch for pinning JWT signature algorithm in apple-id (#26059)
a8e7b98448 2021-01-12 Ali-D-Akbar: Incident Management Security Fixes 5
fa8d39333c 2021-01-07 Ned Batchelder: Translations
835c5082a3 2021-01-06 Ali-D-Akbar: Incident Management Security Fixes 4
d84e4a3322 2021-01-04 Ned Batchelder: Configure Jenkins workers with a release-specific label (#25862)
7f58bcb95f 2021-01-04 Ali-D-Akbar: xss security fixes
401d6a59f9 2020-12-16 Ned Batchelder: Update the Open edX logo urls (#25898)
7f60fcde76 2020-12-14 Kyle McCormick: Replace outdated 16.04 link with link to install options (#25875)
928fe14a56 2020-12-10 Tim McCormack: Enforce a Celery singleton across cms and lms by using shared module (#25840)
9f92605fdf 2020-12-10 Ali Akbar: Incident Management security fixes (#25834)
---- ./edx-e2e-tests ----
d105cf5 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./edx-analytics-data-api ----
e18368d 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./edx-analytics-dashboard ----
79a9d2c4 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./edx-documentation ----
1c1c551e 2021-01-19 Ned Batchelder: Initial Koa release notes (#1906)
24f96fe4 2021-01-11 Ned Batchelder: .editorconfig file to guide editors
102f76e4 2020-12-18 Jayram Nai: [FIX] upgrade note on koa page
b4c1b671 2020-12-19 Juned Khatri: Update native installation link in Koa
d45a9518 2020-12-18 Ned Batchelder: make upgrade, to get new logo in edx-sphinx-theme
---- ./edx-notes-api ----
1a77390 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./ecommerce ----
938026e1 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./ecommerce-worker ----
d37839f 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./course-discovery ----
0f1b1acf 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
50186353 2021-01-15 pkulkark: Handle JSON decoder error if api fails
---- ./credentials ----
f60962f2 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./blockstore ----
52824a7 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./enterprise-catalog ----
de87f02 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18
---- ./license-manager ----
68238b7 2021-02-02 Ned Batchelder: chore: upgrade Django to 2.2.18