python/python-bleach
SHA256
15
0
Fork 0
forked from pool/python-bleach
Code Pull Requests Activity

Accepting request 884898 from home:AndreasStieger:branches:devel:languages:python

Browse Source 
python-bleach 3.3.0 CVE-2021-23980 boo#1184547

OBS-URL: https://build.opensuse.org/request/show/884898
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=41
This commit is contained in:
Matej Cepl
2021-04-13 10:30:56 +00:00
committed by Git OBS Bridge
parent efa22fed01
commit 19b3ff6175
5 changed files with 94 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
python-bleach.changes
View File

@@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue Apr 13 09:20:21 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 3.3.0:
* Backwards incompatible change: clean escapes HTML comments
even when strip_comments=False
* Fix CVE-2021-23980: mutation XSS on bleach.clean with specific
combinations of allowed tags (boo#1184547)
- includes changes from 3.2.3:
* fix clean and linkify raising ValueErrors for certain inputs
- includes changes from 3.2.2:
* fix linkify raising an IndexError on certain inputs
- includes changes from 3.2.1:
* change linkifier to add rel="nofollow" as documented
- includes changes from 3.2.0:
* html5lib dependency increased to 1.1.0
-------------------------------------------------------------------
Mon Aug 31 09:15:22 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>