Bulletin/Advisory Information:
Update (6 December 2022)
Updates (30 November 2022)
- Kaltura
- Kaltura recommends immediately turning off debug mode in the Building Block settings. This will avoid issues with the December release. Kaltura plans to provide an updated Building Block version soon.
- Ellucian ILP
- EAB Starfish
Update (29 November 2022)
Updates (23 November 2022)
-
The Ellucian ILP Building Block (B2) has been identified as incompatible. Ellucian is working on an updated B2.
-
EAB Starfish has completed an updated B2. Administrators should download, test, and install it.
Original article (22 November 2022):
Anthology constantly works to improve the security stance of Blackboard Learn. This includes reacting to vulnerabilities identified in third-party and opensource libraries used in the application. Security experts published a vulnerability for an opensource library used in the Learn application. This vulnerability is addressed in the 3900.54 release.
Depending on whether third-party providers also use this library and how they manage it in their Building Blocks, some Building Blocks and versions of Building Blocks may be incompatible with 3900.54. This impact is specific to third-party (add-on) Building Blocks only. This change does not affect Building Blocks that are part of the Learn core application. This change does not affect integrations using Learning Tools Interoperability (LTI), REST APIs, or Ultra Extension Framework (UEF).
We encourage administrators to test third-party (add-on) Building Blocks as soon as possible as part of the 3900.54 release preparations. We identified that some versions of Building Blocks from these providers are installed in client environments and may be impacted. In October, we notified these providers with instructions for resolution.
We also identified an additional 18 impacted Building Blocks specific to individual clients—these clients received individual communications about these incompatibilities. Other Building Blocks could also be impacted. If you identify an issue with third-party Building Blocks, you must work with the provider of the Building Block to access an updated version that addresses the security concern.
If a Building Block you provide is affected, please contact Anthology support for remediation guidance.