What security issues does LTI 1.1.1?

What security issues does LTI 1.1.1?

I just got a news email with an LTI 1.1.2 security update:

It is not at all clear what security issues this is suppose to fix.

Does anyone know what security issue with LTI 1.1.1 this is suppose to fix?


PS: 1.1.1, have privacy issues when using http, but that can easily be fixed with https.

ChuckWight's picture

Security issues with LTIv1p0 and v1p1.1.1

The security update describes the issue as a cross-site request forgery threat that is applicable to all LTI versions prior to v1.3

See the document at