Open edX update

I’m updating Tutor to the last version (13.2.2) and with this version, I need to update from open-release/maple.2 to open-release/maple.3 because if I keep the open-release/maple.2 I get an error in git cherry-pick.

# Rate limiting security fix
# https://github.com/overhangio/edx-platform/tree/overhangio/sec-rate-limiting
RUN git fetch --depth=2 https://github.com/overhangio/edx-platform/ b5723e416e628cac4fa84392ca13e1b72817674f && git cherry-pick b5723e416e628cac4fa84392ca13e1b72817674f

How can I know if I need to do something to migrate?
In the Open edX CHANGELOG we don’t have any information:

We don’t maintain a detailed changelog. For details of changes, please see either the edX Release Notes or the GitHub commit history.

And in the Release Notes we just have open-release/maple.1.

Is just running Django migrations enough?

I wonder if it’s possible to remove that cherry-pick now – the fix was applied to Maple. Probably something to bring up on the Tutor discussion forum.

As for the changelog… yeah, I don’t think we have a process for making changelogs of minor named releases. @nedbat thoughts?

For reference, the security fix in question is listed here feat!: Use more-trusted IP in rate-limiting by timmc-edx · Pull Request #30286 · openedx/edx-platform · GitHub and really should be called out in a Maple.2 (or Maple.3?) changelog entry, since it has some required changes to configuration! I dropped the ball on getting the question answered of where to note that change for Maple.

It’s a good question about ongoing release notes. I think we had done that in some previous releases, though it looks like maybe Ficus was the last time: edx-documentation/ficus.rst at master · openedx/edx-documentation · GitHub

@pdpinch Do we have a way to add to the release notes after release?

One handy way to do to use git/github

Go to Compare · openedx/edx-platform · GitHub and then to compare between tha last two minor release in case maple.2 and maple.3 the url is Comparing open-release/maple.2...open-release/maple.3 · openedx/edx-platform · GitHub

And then one might look at changes migration files i.e. **/migrations/*.py if no migrations files are changed then this is a sign no migrations are needed. But there might be other signs to look for which I don’t know of. may be if a pacakge version is changed in requrirments/** and then that pacakge has its migrations changed…etc

If you want to go a bit deeper check the commit messages, there are only 10 commits between maple.2 and maple.3.

1 Like