Behind the Blackboard! Security change in release 3900.54 may be incompatible with some Building Blocks - Behind the Blackboard Skip Navigation
Download PDF  Icon Download PDF    Print article

Security change in release 3900.54 may be incompatible with some Building Blocks

Date Published: Dec 06,2022


CategoryProduct:Learn; Version:SaaS
Article No.: 000077109

Type:


Bulletin/Advisory Information:

Update (6 December 2022)


Updates (30 November 2022)


Update (29 November 2022)

  • An updated Ellucian ILP Building Block (B2) is available. Administrators should download, test, and install it.


Updates (23 November 2022)

  • The Ellucian ILP Building Block (B2) has been identified as incompatible. Ellucian is working on an updated B2.

  • EAB Starfish has completed an updated B2. Administrators should download, test, and install it.


Original article (22 November 2022):

Anthology constantly works to improve the security stance of Blackboard Learn. This includes reacting to vulnerabilities identified in third-party and opensource libraries used in the application. Security experts published a vulnerability for an opensource library used in the Learn application. This vulnerability is addressed in the 3900.54 release.


Depending on whether third-party providers also use this library and how they manage it in their Building Blocks, some Building Blocks and versions of Building Blocks may be incompatible with 3900.54. This impact is specific to third-party (add-on) Building Blocks only. This change does not affect Building Blocks that are part of the Learn core application. This change does not affect integrations using Learning Tools Interoperability (LTI), REST APIs, or Ultra Extension Framework (UEF).

We encourage administrators to test third-party (add-on) Building Blocks as soon as possible as part of the 3900.54 release preparations. We identified that some versions of Building Blocks from these providers are installed in client environments and may be impacted. In October, we notified these providers with instructions for resolution.

  • Aviso Coaching LLC

  • BEENET

  • CognosOnLine

  • EAB Starfish

  • Kaltura Inc

  • Kamila Innovation S.A.S.

  • Mirante Educacional

  • Turning Technologies (Turning Technologies indicated they no longer support the Building Block version of their integration)

We also identified an additional 18 impacted Building Blocks specific to individual clients—these clients received individual communications about these incompatibilities. Other Building Blocks could also be impacted. If you identify an issue with third-party Building Blocks, you must work with the provider of the Building Block to access an updated version that addresses the security concern.

If a Building Block you provide is affected, please contact Anthology support for remediation guidance.



The information contained in the Knowledge Base was written and/or verified by Blackboard Support. It is approved for client use. Nothing in the Knowledge Base shall be deemed to modify your license in any way to any Blackboard product. If you have comments, questions, or concerns, please send an email to kb@blackboard.com. © 2024 Blackboard Inc. All rights reserved