Security change in release 3900.54 may be incompatible with some Building Blocks
Blackboard Learn SaaS, Learn 9.1
Ultra Experience, Original Experience
Ultra Course View, Original Course View
Impact: Instructors, Students, Administrators
Anthology constantly works to improve the security stance of Blackboard Learn and proactively reacts to vulnerabilities identified in third-party and open source libraries used in the application. Recently, security experts published a vulnerability for an open source library used in the Learn application. This vulnerability is now addressed in the 3900.54 release.
Depending on whether third-party providers also use this library and how they manage it in their Building Blocks, some Building Blocks and versions of Building Blocks may be incompatible with 3900.54. The impact is specific to third-party (add-on) Building Blocks only. This change doesn't affect Building Blocks that are part of the Learn core application, and doesn't affect integrations using Learning Tools Interoperability (LTI), REST APIs, or Ultra Extension Framework (UEF).
For administrators: We encourage administrators to test third-party (add-on) Building Blocks as soon as possible, to prepare for the 3900.54 release. If you provide a Building Block that’s affected, contact Anthology product support for remediation details.