LoginSign Up
← Back to all sparks
O

Open edX

EDTECH
Velocity0.0

Open-source learning platform powering massive open online courses

openedx.org

Open edX grinds through security hardening and forum-v2 migration on its named-release train.

lmssecurity-hardeningmfe-migrationforum-v2incremental
Current state
Open edX is a mature self-hosted LMS shipping on a disciplined named-release cadence (Sumac, Teak, Ulmo). Recent work is maintenance-grade: SSRF protection in SAML metadata fetching, Django security bumps, forum-v2 compatibility, and the long-running migration to micro-frontends.
Where it's heading
The arc is hardening and modernization rather than new capability. Security fixes (SSRF, Django patches) and forum-v2 endpoint repairs dominate, while MFE migration keeps surfacing as URL and compatibility fixes.
Prediction
Expect the next named release to keep backporting security and forum-v2 fixes; no directional pivot is visible in these entries.

Recent moves

  1. 1mo ago

    release/ulmo.3: fix: block SSRF in SAML metadata URL fetching

    Adds an SSRF guard to SAML metadata URL fetching, blocking loopback, link-local, reserved, and (by default) private IP ranges across three fetch sites. A real security hardening consistent with the release train's maintenance focus.

    View source ↗
  2. 3mo ago

    Backport: additional LTI launch-flow logging

    Backports extra logging around the LTI launch flow — diagnostic plumbing with no user-visible change.

    View source ↗
  3. 4mo ago

    release/ulmo.1: fix: remove the branch/version while building BS (#37866)

    Normalizes block locations by stripping branch/version info to fix BlockStructure comparison bugs — an internal correctness fix invisible to users.

    View source ↗
  4. 8mo ago

    Backport: openedx-forum version update

    Backports an openedx-forum version bump as part of the forum-v2 maintenance stream.

    View source ↗
  5. 9mo ago

    release/teak.2: chore: update openedx-forum to fix issues

    Updates openedx-forum to clear outstanding issues — routine dependency maintenance on the Teak line.

    View source ↗
  6. 11mo ago

    Teak.1: MFE-aware block URL generation

    Switches block-URL generation to the MFE-aware path instead of the legacy route, advancing the platform's slow micro-frontend migration.

    View source ↗