edX Critical Security Fix: Chemical Equation Advanced Problems and security vulnerability in Recommender xblock

[UPDATE 2018-08-01]

Another similar security fix was released and it also allows steal credentials from staff members.

The Bitnami Team worked on publishing the new cloud images, virtual machines and native installers with this new fix. New launches of Bitnami edX ginkgo.2-7 via our launchpad are secure and do not need to be updated further.

If you have an already running installation, we updated the workaround steps to patch this security vulnerability along with the previous one that was announced.

[UPDATE 2018-07-30]

The Bitnami Team is happy to announce that the cloud images, virtual machines and native installers have been updated properly. New launches of Bitnami edX ginkgo.2-6 via our launchpad are secure and do not need to be updated further.

Users launching Bitnami edX via a cloud marketplace are advised to select version ginkgo.2-6 of Bitnami edX, once it is published. Installations based on previous versions will need to be upgraded as described below.

----

A new security vulnerability in edX has been announced. This vulnerability allows learners to include a script in their response to Chemical Equation advanced problems. If the script is malicious and  staff members are lured into viewing the submission, their credentials could be at risk.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. For that reason, our team is working to update all of the affected edX packages available through Bitnami as quickly as possible.

Workaround

In the meantime, we strongly encourage edX administrators to apply the security patch published by the maintainers. To do so, run the following commands depending on your deployment choice:

• Native installers

cd /tmp
curl "https://github.com/edx/edx-platform/commit/5b144559fbdba7ff673cc1c165aa2d343e07b6bd.patch" > edX.patch
curl -L "https://groups.google.com/group/openedx-announce/attach/82b14205f6ca3/update-recommender-ginkgo.patch?part=0.1&authuser=0" > edX-xblock.patch
cd installdir/apps/edx/edx-platform/
patch -p1 < /tmp/edX.patch
patch -p1 < /tmp/edX-xblock.patch

• Cloud images and virtual machines

cd /tmp
curl "https://github.com/edx/edx-platform/commit/5b144559fbdba7ff673cc1c165aa2d343e07b6bd.patch" > edX.patch
curl -L "https://groups.google.com/group/openedx-announce/attach/82b14205f6ca3/update-recommender-ginkgo.patch?part=0.1&authuser=0" > edX-xblock.patch
cd /opt/bitnami/apps/edx/edx-platform/
sudo patch -p1 < /tmp/edX.patch
sudo patch -p1 < /tmp/edX-xblock.patch


If you have further questions about Bitnami edX or this security issue, please post to our community forum, and we will be happy to help you.

Open edX "Dogwood" Is Now Available from Bitnami!

We're happy to announce a new version of the Bitnami Open edX stack!

Open edX is the open-source online learning platform originally conceived by edX, a nonprofit online learning destination founded by Massachusetts Institute of Technology and Harvard University that offers courses from the world’s best universities and institutions. The Open edX platform provides development tools to create, teach, and manage courses, student experiences, and learning outcomes at Internet scale.

Some of the new features in this new version are:

• Partial credit
• Open edX Analytics Developer Stack
• Initial Version of Comprehensive Theming
• Additional File Types for Open Response Assessments
• Timed Exams
• LTI XBlock
• Otto Ecommerce Service

Several features are deprecated as of the Open edX Dogwood release:

• Original ORA ("ORA1") Problems
• Legacy Instructor Dashboard
• Studio Checklist page
• Certain XModules and Tools, including the graphical_slider_tool and the FoldIt protein simulator
• The psychometrics and licenses Django apps

With Bitnami, developers can deploy a ready-to-run Open edX Stack with just one click. To get started, choose from our all-in-one free native installers, virtual machines or cloud images.

If you have questions about Bitnami Open edX Stack, please post to our community forum and we will be happy to help.

Bitnami releases Open edX Cypress

We are happy to announce the release of Open edX's most recent version, Cypress. There are many exciting features in this release, and we look forward to hearing what you think in our review section!

The updates below are all included in your ready-to-run Bitnami Open edX image, so you can get started with them right away.

• OLI Hinting 
• Creative Commons Polling and Survey XBlocks 
• Learner Profiles 
• Course Search 
• Randomized Content Blocks 
• Single Sign On (SSO) 
• Performance improvements Security and stability fixes 
• And more 

For more information about the new features, visit the Open edX blog. 

We have released Open edX Cypress on installers, virtual machines and cloud images, so you can easily try this new release or update your existing Open edX. 

Have questions about Bitnami Open edX or anything related? Post to our community forum, and we will be happy to help you.

Online learning platform Open edX is now available on Bitnami

Bitnami is excited to welcome contest-winner Open edX to the Bitnami Library. Open edX is the open-source online learning platform originally conceived by edX, a nonprofit online learning destination founded by Massachusetts Institute of Technology and Harvard University that offers courses from the world’s best universities and institutions. The Open edX platform provides development tools to create, teach, and manage courses, student experiences, and learning outcomes at Internet scale.

Online learning, both for small audiences and Massively Open Online Courses (MOOCs), are becoming a vital part of the global education landscape. In voting for Open edX in Bitnami’s monthly contest, users showed their strong demand to make it easy for colleges, universities, and anyone else to launch their own fully functional education platform in the cloud with just a few clicks.

Each Open edX instance can host thousands of courses and hundreds of thousands of learners.
Features like discussion boards, peer-to-peer, instructor-driven and automated assessments, simulations and activities, videos, social/community capabilities, and support for rich content types are part of the package.

The included course management system provides an array of authoring tools to help educators create effective course materials that foster the emergence of vibrant online learning communities.
Analytics and data visualization tools enable in-depth analysis of students’ interaction with the platform.

Get Open edX in just a few clicks with the Bitnami Open edX installers, Virtual Machine images (VMs), and cloud images.