Forum .LRN Q&A: Remove community-image.vuh
The comments say the file is for serving customized group logo images, but .LRN isn't using it, favoring packages/file-storage/download/index.vuh instead.
Also, the Sloan CVS logs note a security issue. community-image.vuh doesn't appear to be checking for read permission, nor checking that the passed-in revision_id meets any test of validity e.g. that the requested revision is in fact an image object.
I'd recommend either removing this file from your system if you're confident it isn't being used, or else adding a permission check that looks like this
just before the call toad_require_permission $revision_id "read"
Unless anyone objects I'm going to remove this file from .LRN cvs.