Hello all,
We just released a change for security vulnerabilities for a number of files. See the email attachment for a patch for the master branch and open-release/koa.master.
Without this patch, it is possible that a lot of files might be vulnerable to cross-site scripting (XSS).
This security patch uses code that escapes these vulnerabilities and fixes the XSS issues for these files.
We advise you to patch your instances as soon as possible. The fix has been made public and merged into the respective branches.
If you have any questions, feel free to reach out to me.
Thanks,
Ali Akbar, edX Incident Management
IM_security_fixes_3.patch (38.6 KB)