Skip to content

Update bleach to 3.1.1#128

Closed
pyup-bot wants to merge 1 commit intomasterfrom
pyup-update-bleach-3.1.0-to-3.1.1
Closed

Update bleach to 3.1.1#128
pyup-bot wants to merge 1 commit intomasterfrom
pyup-update-bleach-3.1.0-to-3.1.1

Conversation

@pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Feb 19, 2020

This PR updates bleach from 3.1.0 to 3.1.1.

Changelog

3.1.1

-----------------------------------

**Security fixes**

* ``bleach.clean`` behavior parsing ``noscript`` tags did not match
browser behavior.

Calls to ``bleach.clean`` allowing ``noscript`` and one or more of
the raw text tags (``title``, ``textarea``, ``script``, ``style``,
``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable
to a mutation XSS.

This security issue was confirmed in Bleach versions v2.1.4, v3.0.2,
and v3.1.0. Earlier versions are probably affected too.

Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade.

https://bugzilla.mozilla.org/show_bug.cgi?id=1615315

**Backwards incompatible changes**

None

**Features**

None

**Bug fixes**

None

Bleach changes
==============
Links

@pyup-bot
Copy link
Collaborator Author

pyup-bot commented Mar 17, 2020

Closing this in favor of #139

@pyup-bot pyup-bot closed this Mar 17, 2020
@BarthJr BarthJr deleted the pyup-update-bleach-3.1.0-to-3.1.1 branch March 17, 2020 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pyup-bot