Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply Upcoming Django Security Patch #427

Closed
10 tasks done
magajh opened this issue Dec 2, 2024 · 9 comments
Closed
10 tasks done

Apply Upcoming Django Security Patch #427

magajh opened this issue Dec 2, 2024 · 9 comments
Assignees
@magajh
Labels
security Relates to improving to the security posture of the platform sumac
Milestone
Sumac.1

Comments

@magajh
Copy link

magajh commented Dec 2, 2024
edited
Loading

Apply upcoming Django security release
https://groups.google.com/g/django-announce/c/gmyqS48O138

Django versions 5.1.4, 5.0.10, and 4.2.17 will be released on Wednesday, December 4 around 15:00 UTC. They will fix 2 security defects with severities: moderate and high.

For details of severity levels, see: https://docs.djangoproject.com/en/dev/internals/security/#how-django-discloses-security-issues

Open edX services to upgrade (taken from https://openedx.atlassian.net/wiki/spaces/COMM/pages/4558782480/Sumac.master)
@magajh magajh added security Relates to improving to the security posture of the platform sumac labels Dec 2, 2024
This was referenced Dec 5, 2024
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@magajh
Copy link
Author

magajh commented Dec 5, 2024

@farhaanbukhsh tagging you here for the review and merge of these PRs

@magajh magajh self-assigned this Dec 5, 2024
@magajh magajh mentioned this issue Dec 6, 2024
Merged
@magajh
Copy link
Author

magajh commented Dec 6, 2024

PR in edx-platform is also ready for review/merge, all the tests were successful

@farhaanbukhsh
Copy link
Member

@magajh I have reviewed it and I am going to merge it too. :)

@farhaanbukhsh
Copy link
Member

farhaanbukhsh commented Dec 8, 2024
edited
Loading

I can merge all of it but I am waiting for the CCs of those repos to do that!

@magajh
Copy link
Author

magajh commented Dec 8, 2024
edited
Loading

@farhaanbukhsh Got it! But I think that’s unlikely, especially with the release so close. For past security patches, it’s usually the release manager who tests and merges most of the PRs – for example, #386

@farhaanbukhsh
Copy link
Member

@magajh No issues will merge them 👍🏾

@magajh magajh added this to the Sumac.1 milestone Dec 9, 2024
@magajh
Copy link
Author

magajh commented Dec 9, 2024

Awesome, thank you! we should incorporate this patch into this release cc @cmltaWt0

@farhaanbukhsh
Copy link
Member

@magajh We will :) I am testing these PRs by building the image :)

@magajh
Copy link
Author

magajh commented Dec 9, 2024

Thanks so much, @farhaanbukhsh! I'm closing this issue now that all the PRs have been merged

@magajh magajh closed this as completed Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@magajh magajh

Labels
security Relates to improving to the security posture of the platform sumac
Projects
Build-Test-Release Working Group
Status: Done
Milestone
Sumac.1
Development

No branches or pull requests
2 participants
@farhaanbukhsh @magajh