Skip to content

Commit

Permalink
Merge pull request openedx#28442 from edx/saad/backport-TNL-8593-cele…
Browse files Browse the repository at this point in the history 
…ry-xxe-fix-lilac

fix: update lxml parser for celery tasks to be more secure
(cherry picked from commit 809ed34)
  • Loading branch information
@saadyousafarbi @xitij2000
saadyousafarbi authored and xitij2000 committed Nov 22, 2021
1 parent 8b54e49 commit 3fc71ed
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
6 changes: 5 additions & 1 deletion cms/celery.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,13 @@
Taken from: https://celery.readthedocs.org/en/latest/django/first-steps-with-django.html
"""


import os

# Patch the xml libs before anything else.
from safe_lxml import defuse_xml_libs

defuse_xml_libs()


# Set the default Django settings module for the 'celery' program
# and then instantiate the Celery singleton.
Expand Down
5 changes: 5 additions & 0 deletions lms/celery.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@

import os

# Patch the xml libs before anything else.
from safe_lxml import defuse_xml_libs

defuse_xml_libs()


# Set the default Django settings module for the 'celery' program
# and then instantiate the Celery singleton.
Expand Down

0 comments on commit 3fc71ed

Please sign in to comment.