Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

openedx / wg-build-test-release Public

Notifications You must be signed in to change notification settings
Fork 15
Star 25

Code
Issues 45
Pull requests
Actions
Projects 1
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply Django Security Patch v4.2.19 for Sumac #436

Open

10 tasks

magajh opened this issue Feb 7, 2025 · 0 comments

Open

10 tasks

Apply Django Security Patch v4.2.19 for Sumac #436

magajh opened this issue Feb 7, 2025 · 0 comments

Assignees

Labels

Relates to improving to the security posture of the platform

Comments

Copy link

magajh commented Feb 7, 2025 •

edited

Loading

Apply latest Django patch https://docs.djangoproject.com/en/5.1/releases/4.2.19/
which contains latest security fix https://docs.djangoproject.com/en/5.1/releases/4.2.18/

Django 4.2.18 fixes a security issue with severity “moderate” in 4.2.17.
CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation¶

Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address were vulnerable, as was the django.forms.GenericIPAddressField form field, which has now been updated to define a max_length of 39 characters.

The django.db.models.GenericIPAddressField model field was not affected.

Open edX services to upgrade (taken from https://openedx.atlassian.net/wiki/spaces/COMM/pages/4558782480/Sumac.master)

course-discovery
credentials
edx-notes-api
edx-platform
enterprise-access
enterprise-catalog
event-bus-redis
license-manager
platform-plugin-aspects
xqueue

The text was updated successfully, but these errors were encountered:

All reactions

magajh added the security Relates to improving to the security posture of the platform label

magajh self-assigned this

openedx-workflow-automation bot added this to Build-Test-Release Working Group

This was referenced Feb 7, 2025

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/enterprise-access#634

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/edx-platform#36234

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/license-manager#761

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/enterprise-catalog#1034

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/xqueue#969

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/edx-notes-api#469

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/course-discovery#4568

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/credentials#2695

Open

chore: update Django to 4.2.19 for Sumac - Security Patch openedx/event-bus-redis#152

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

Labels

Relates to improving to the security posture of the platform

Projects

Build-Test-Release Working Group

Status: No status

Milestone

No milestone

Development

No branches or pull requests

1 participant

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.