Hello all,
We just released a change for security vulnerabilities for a number of files. See the email attachment for a patch for the master branch and open-release/koa.master.
Without this patch, it is possible that a lot of files might be vulnerable to cross-site scripting (XSS).
This security patch uses code that escapes these vulnerabilities and fixes the XSS issues for these files.
We advise you to patch your instances as soon as possible. The fix has been made public and merged into the respective branches.
If you have any questions, feel free to reach out to me. (You may see a warning while applying the patch " warning: 4 lines add whitespace errors. " but the patch will be applied cleanly anyways.)
Thanks,
Ali Akbar, edX Incident Management
IM_koa_security_fixes_8.patch (17.4 KB)