Skip to content

Commit

Permalink
Update for v3.1.1 release
Browse files Browse the repository at this point in the history
  • Loading branch information
Greg Guthe authored and g-k committed Feb 19, 2020
1 parent f77e0f6 commit e0ad450
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 3 deletions.
37 changes: 36 additions & 1 deletion CHANGES
Original file line number Diff line number Diff line change
@@ -1,6 +1,41 @@
Bleach changes
==============

Version 3.1.1 (February 13th, 2020)
-----------------------------------

**Security fixes**

* ``bleach.clean`` behavior parsing ``noscript`` tags did not match
browser behavior.

Calls to ``bleach.clean`` allowing ``noscript`` and one or more of
the raw text tags (``title``, ``textarea``, ``script``, ``style``,
``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable
to a mutation XSS.

This security issue was confirmed in Bleach versions v2.1.4, v3.0.2,
and v3.1.0. Earlier versions are probably affected too.

Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade.

https://bugzilla.mozilla.org/show_bug.cgi?id=1615315

**Backwards incompatible changes**

None

**Features**

None

**Bug fixes**

None

Bleach changes
==============

Version 3.1.0 (January 9th, 2019)
---------------------------------

Expand Down Expand Up @@ -76,7 +111,7 @@ None

* Fix ``list`` object has no attribute ``lower`` in ``clean``. (#398)
* Fix ``abbr`` getting escaped in ``linkify``. (#400)


Version 3.0.0 (October 3rd, 2018)
---------------------------------
Expand Down
4 changes: 2 additions & 2 deletions bleach/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@


# yyyymmdd
__releasedate__ = '20190109'
__releasedate__ = '20200213'
# x.y.z or x.y.z.dev0 -- semver
__version__ = '3.1.0'
__version__ = '3.1.1'
VERSION = parse_version(__version__)


Expand Down

0 comments on commit e0ad450

Please sign in to comment.