-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge pull request from GHSA-7j9p-67mm-5g87 #331
Merge pull request from GHSA-7j9p-67mm-5g87 #331
Conversation
* fix: Tool can only push grade to value in config Before this commit, LTI tools were able to push grades to any block simply by modifying or creating a new line item with a `resource_link_id` containing a valid block. This commit closes that loophole and resolves security advisory GHSA-7j9p-67mm-5g87. * chore: create release version Co-authored-by: Zach Hancock <zhancock@edx.org>
Thanks for the pull request, @mtyaka! Please note that it may take us up to several weeks or months to complete a review and merge your PR. Feel free to add as much of the following information to the ticket as you can:
All technical communication about the code itself will be done via the GitHub pull request interface. As a reminder, our process documentation is here. Please let us know once your PR is ready for our review and all tests are green. |
Codecov ReportBase: 96.61% // Head: 96.63% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## security/4.5.1 #331 +/- ##
==================================================
+ Coverage 96.61% 96.63% +0.02%
==================================================
Files 71 72 +1
Lines 5285 5319 +34
==================================================
+ Hits 5106 5140 +34
Misses 179 179
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@mtyaka 🎉 Your pull request was merged! Please take a moment to answer a two question survey so we can improve your experience in the future. |
Thanks everyone! |
Before this commit, LTI tools were able to push grades to any block simply by modifying or creating a new line item with a
resource_link_id
containing a valid block.This commit closes that loophole and resolves
security advisory GHSA-7j9p-67mm-5g87.
Co-authored-by: Zach Hancock zhancock@edx.org