Merge pull request from GHSA-7j9p-67mm-5g87
* fix: Tool can only push grade to value in config
Before this commit, LTI tools were able to push grades to any block
simply by modifying or creating a new line item with a `resource_link_id` containing a valid block.
This commit closes that loophole and resolves
security advisory GHSA-7j9p-67mm-5g87.
* chore: create release version
Co-authored-by: 
Zach Hancock <zhancock@edx.org>
Showing
- CHANGELOG.rst 4 additions, 0 deletionsCHANGELOG.rst
- lti_consumer/__init__.py 1 addition, 1 deletionlti_consumer/__init__.py
- lti_consumer/signals/signals.py 21 additions, 3 deletionslti_consumer/signals/signals.py
- lti_consumer/tests/unit/test_signals.py 100 additions, 0 deletionslti_consumer/tests/unit/test_signals.py
Loading
Please register or sign in to comment