SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python39-bleach-3.3.0-qubes.2.26.noarch.rpm :

* Tue Apr 13 2021 Andreas Stieger - update to 3.3.0:
* Backwards incompatible change: clean escapes HTML comments even when strip_comments=False
* Fix CVE-2021-23980: mutation XSS on bleach.clean with specific combinations of allowed tags (boo#1184547)- includes changes from 3.2.3:
* fix clean and linkify raising ValueErrors for certain inputs- includes changes from 3.2.2:
* fix linkify raising an IndexError on certain inputs- includes changes from 3.2.1:
* change linkifier to add rel=\"nofollow\" as documented- includes changes from 3.2.0:
* html5lib dependency increased to 1.1.0
* Mon Aug 31 2020 Tomáš Chvátal - Skip tests that fail with html5lib 1.1 ref the upstream ticket
* Wed May 06 2020 Tomáš Chvátal - Update to 3.1.5:
* replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson.
* Wed Apr 01 2020 Dirk Mueller - update to 3.1.4 (bsc#1168280, CVE-2020-6817):
* ``bleach.clean`` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to ``bleach.clean`` with an allowed tag with an allowed ``style`` attribute were vulnerable to ReDoS. For example, ``bleach.clean(..., attributes={\'a\': [\'style\']})``.
* Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.
* Mon Mar 23 2020 Dirk Mueller - update to 3.1.3 (bsc#1167379, CVE-2020-6816):
* Add relative link to code of conduct. (#442)
* Drop deprecated \'setup.py test\' support. (#507)
* Fix typo: curren -> current in tests/test_clean.py (#504)
* Test on PyPy 7
* Drop test support for end of life Python 3.4
* ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS.
* Fri Feb 28 2020 Alexandros Toptsoglou - Update to V3.1.1: Security update for CVE-2020-6802
* CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).
* Wed Jan 08 2020 Matej Cepl - Switch off test_uri_value_allowed_protocols test to work around gh#mozilla/bleach#503.
* Fri Jul 19 2019 Tomáš Chvátal - Restrict pytest to <5.0; upstream has an issue already reported
* Sun Mar 03 2019 John Vandenberg - Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0- Remove direct dependency on webencodings, a dependency of html5lib- Update to v3.1.0
* Add ``recognized_tags`` argument to the linkify ``Linker`` class. This fixes issues when linkifying on its own and having some tags get escaped. It defaults to a list of HTML5 tags
* Add ``six>=1.9`` to requirements
* Fix cases where attribute names could have invalid characters in them.
* Fix problems with ``LinkifyFilter`` not being able to match links across ``&``.
* Fix ``InputStreamWithMemory`` when the ``BleachHTMLParser`` is parsing ``meta`` tags
* Fix doctests.- from v3.0.2
* Merge ``Characters`` tokens after sanitizing them. This fixes issues in the ``LinkifyFilter`` where it was only linkifying parts of urls- from v3.0.1
* Support Python 3.7. It supported Python 3.7 just fine, but 3.7 was added to the list of Python environments being test
* Fix ``list`` object has no attribute ``lower`` in ``clean``
* Fix ``abbr`` getting escaped in ``linkify``- from v3.0.0
* [breaking] A bunch of functions were moved from one module to another. These were moved from ``bleach.sanitizer`` to ``bleach.html5lib_shim``: + convert_entity + convert_entities + match_entity + next_possible_entity + BleachHTMLSerializer + BleachHTMLTokenizer + BleachHTMLParser These functions and classes weren\'t documented and aren\'t part of the public API, but people read code and might be using them so we\'re considering it an incompatible API change. If you\'re using them, you\'ll need to update your code.
* Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into Bleach. You can remove it from your requirements file if none of your other requirements require html5lib. This means Bleach will now work fine with other libraries that depend on html5lib regardless of what version of html5lib they require.
* Fixed tags getting added when using clean or linkify. This was a long-standing regression from the Bleach 2.0 rewrite
* Fixed ```` getting replaced with a string. Now it gets escaped or stripped depending on whether it\'s in the allowed tags or not- from v2.1.4
* Dropped support for Python 3.3
* Handle ambiguous ampersands in correctly
* Wed Dec 05 2018 Jan Engelhardt - Trim rhetorics and bias from descriptions.
 
ICM