All Versions
42
Latest Version
Avg Release Cycle
76 days
Latest Release
57 days ago

Changelog History
Page 1

  • v4.1.0 Changes

    August 25, 2021

    ๐Ÿ”‹ Features

    • ๐Ÿ‘ Python 3.9 support

    ๐Ÿ› Bug fixes

    • โšก๏ธ Update sanitizer clean to use vendored 3.6.14 stdlib urllib.parse to fix test failures on Python 3.9 #536
  • v4.0.0 Changes

    August 03, 2021

    Backwards incompatible changes

    • โฌ‡๏ธ Drop support for unsupported Python versions <3.6 #520

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    • ๐Ÿ›  fix attribute name in the linkify docs (thanks @CheesyFeet!)
  • v3.3.1 Changes

    July 14, 2021

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    • โž• add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
    • โฌ†๏ธ bump python version to 3.8 for tox doc, vendorverify, and lint targets
    • โšก๏ธ update bug report template tag
    • โšก๏ธ update vendorverify script to detect and fail when extra files are vendored
    • ๐Ÿš€ update release process docs to check vendorverify passes locally

    ๐Ÿ› Bug fixes

    • โœ‚ remove extra vendored django present in the v3.3.0 whl #595
    • duplicate h1 header doc fix (thanks Nguyแป…n Gia Phong / @McSinyx!)
  • v3.3.0 Changes

    February 01, 2021

    Backwards incompatible changes

    • clean escapes HTML comments even when strip_comments=False

    ๐Ÿ”’ Security fixes

    • ๐Ÿ›  Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.

    ๐Ÿ”‹ Features

    None

    ๐Ÿ› Bug fixes

    None

  • v3.2.3 Changes

    January 26, 2021

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    None

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  fix clean and linkify raising ValueErrors for certain inputs. Thank you @Google-Autofuzz.
  • v3.2.2 Changes

    January 20, 2021

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    • ๐Ÿ‘ท Migrate CI to Github Actions. Thank you @hugovk.

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  fix linkify raising an IndexError on certain inputs. Thank you @Google-Autofuzz.
  • v3.2.1 Changes

    September 18, 2020

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    None

    ๐Ÿ› Bug fixes

    • ๐Ÿ”„ change linkifier to add rel="nofollow" as documented. Thank you @mitar.
    • ๐Ÿ—„ suppress html5lib sanitizer DeprecationWarnings #557
  • v3.2.0 Changes

    September 16, 2020

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    None

    ๐Ÿ› Bug fixes

    • html5lib dependency to version 1.1.0. Thank you Sam Sneddon.
    • โšก๏ธ update tests_website terminology. Thank you Thomas Grainger.
  • v3.1.5 Changes

    April 29, 2020

    ๐Ÿ”’ Security fixes

    None

    ๐Ÿ”‹ Features

    None

    ๐Ÿ› Bug fixes

    • replace missing setuptools dependency with packaging. Thank you Benjamin Peterson.
  • v3.1.4 Changes

    March 24, 2020

    ๐Ÿ”’ Security fixes

    • ๐Ÿ’… bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).

    Calls to bleach.clean with an allowed tag with an allowed style attribute were vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

    This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar regular expression and should be considered vulnerable too.

    Anyone using Bleach <=v3.1.3 is encouraged to upgrade.

    https://bugzilla.mozilla.org/show_bug.cgi?id=1623633

    Backwards incompatible changes

    • ๐Ÿ’… Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.

    ๐Ÿ”‹ Features

    None

    ๐Ÿ› Bug fixes

    None