...
Merge the fix into openedx-animals' main branch.
Release openedx-animals==3.1.1 from its main branch.
In edx-platform and credentials, upgrade the openedx-animals version pin from 3.1.0 → 3.1.1.
Considering: is the openedx-animals version used in Zebrawood compatible?
It is a major release behind (2.5.0 vs 3.1.1), so assume no.
Check-out openedx-animals==2.5.0 and create an new branch: security/2.5.1
Apply the security fix to this branch.
Release openedx-animals==2.5.1
In both edx-platform and credentials, on branch open-release/zebrawood.master, upgrade the openedx-animals version pin from 2.5.0 → 2.5.1
🛠️ Apply a security patch to a Django Service
Before you start working on a security issue, ensure that you have a GitHub security advisory that has been created by the security working group or yourself.
On the advisory, create a new private fork on which to make any fixes.
Add your changes to a new branch on the temporary private fork.
Create a new pull request so that your changes can be reviewed.
Get the PR reviewed an approved.
BEFORE MERGING
Post a Security Announcement 2 business days before merging that you will be merging a security fix and the level of importance of the fix (Example text below, update the date, severity level and second link.)
Code Block A security patch for **openedx/edx-platform** will be added to the **Palm** release and to the current github master branch around [date=2023-07-25 time=15:00:00 timezone="America/New_York"]. It will fix one security defect with a "critical" [CVSS 3.1 severity rating](https://nvd.nist.gov/vuln-metrics/cvss). Details will be published here after release: [GitHub security advisory](https://github.com/openedx/edx-platform/security/advisories/GHSA-blah-blah-blah).
Merge the fix to the current main branch. Backport it to the currently supported named release.