-
Giovanni Cimolin da Silva authored* fix: Tool can only push grade to value in config Before this commit, LTI tools were able to push grades to any block simply by modifying or creating a new line item with a `resource_link_id` containing a valid block. This commit closes that loophole and resolves security advisory GHSA-7j9p-67mm-5g87. * chore: create release version Co-authored-by:
Zach Hancock <zhancock@edx.org>Giovanni Cimolin da Silva authored* fix: Tool can only push grade to value in config Before this commit, LTI tools were able to push grades to any block simply by modifying or creating a new line item with a `resource_link_id` containing a valid block. This commit closes that loophole and resolves security advisory GHSA-7j9p-67mm-5g87. * chore: create release version Co-authored-by:Zach Hancock <zhancock@edx.org>