Path to this page:
Subject: CVS commit: pkgsrc/www/py-bleach
From: Adam Ciarcinski
Date: 2018-04-09 14:14:19
Message id: 20180409121419.D403BFBEC@cvs.NetBSD.org
Log Message:
py-bleach: updated to 2.1.3
Version 2.1.3:
**Security fixes**
* Attributes that have URI values weren't properly sanitized if the
values contained character entities. Using character entities, it
was possible to construct a URI value with a scheme that was not
allowed that would slide through unsanitized.
This security issue was introduced in Bleach 2.1. Anyone using
Bleach 2.1 is highly encouraged to upgrade.
**Bug fixes**
* Fixed some other edge cases for attribute URI value sanitizing and
improved testing of this code.
Files: