Impact
Before moving to pulling translations from the openedx-translations repository via openedx-atlas as described in OEP-58, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections.
Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections.
We have inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.
Patches
Has the problem been patched? What versions should users upgrade to?
We have updated the openedx-translations repository to utilize edx-i18n-tools for validation.
timmc-edx Analyst
Impact
Before moving to pulling translations from the
openedx-translationsrepository viaopenedx-atlasas described in OEP-58, translations in theedx-platformrepository were validated usingedx-i18n-tools. This validation included protection against malformed translations and translations-based script injections.Prior to this patch, the validation implemented in the
openedx-translationsrepository did not include the same protections.We have inspected the translations in the
edx-platformdirectory of both themainandopen-release/redwood.masterbranches of theopenedx-translationsrepository and found no evidence of exploited translation strings.Patches
Has the problem been patched? What versions should users upgrade to?
We have updated the
openedx-translationsrepository to utilizeedx-i18n-toolsfor validation.