Skip to content

Update bleach to 3.1.2#139

Closed
pyup-bot wants to merge 1 commit intomasterfrom
pyup-update-bleach-3.1.0-to-3.1.2
Closed

Update bleach to 3.1.2#139
pyup-bot wants to merge 1 commit intomasterfrom
pyup-update-bleach-3.1.0-to-3.1.2

Conversation

@pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Mar 17, 2020

This PR updates bleach from 3.1.0 to 3.1.2.

Changelog

3.1.1

-----------------------------------

**Security fixes**

* ``bleach.clean`` behavior parsing ``noscript`` tags did not match
browser behavior.

Calls to ``bleach.clean`` allowing ``noscript`` and one or more of
the raw text tags (``title``, ``textarea``, ``script``, ``style``,
``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable
to a mutation XSS.

This security issue was confirmed in Bleach versions v2.1.4, v3.0.2,
and v3.1.0. Earlier versions are probably affected too.

Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade.

https://bugzilla.mozilla.org/show_bug.cgi?id=1615315

**Backwards incompatible changes**

None

**Features**

None

**Bug fixes**

None

Bleach changes
==============
Links

@pyup-bot pyup-bot mentioned this pull request Mar 17, 2020
Closed
@pyup-bot
Copy link
Collaborator Author

pyup-bot commented Mar 17, 2020

Closing this in favor of #140

@pyup-bot pyup-bot closed this Mar 17, 2020
@BarthJr BarthJr deleted the pyup-update-bleach-3.1.0-to-3.1.2 branch March 17, 2020 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pyup-bot