Brightspace LTI Vulnerability
A vulnerability was discovered in the LTI standard that allows people to construct a link which uses the attacker's session and could trick a user into performing actions with the attacker's identity. Atlas is working with Brightspace to ensure Ares accommodates any functional changes Brightspace will be making to combat this vulnerability.
For more information, see https://community.brightspace.com/s/article/Update-on-LTI-Vulnerability-LTI-Launch-with-New-Security-Requirements
Bug# 4445
Will be released in the upcoming 5.0.4 Ares Client and Server LTI 1.3 & CCC Point Release. The official release date will be announced by the end of the month in the Ares Community.