diff options
author | Stefan Behnel <stefan_ml@behnel.de> | 2021-03-21 15:11:30 +0100 |
---|---|---|
committer | Stefan Behnel <stefan_ml@behnel.de> | 2021-03-21 15:11:30 +0100 |
commit | a5f9cb52079dc57477c460dbe6ba0f775e14a999 (patch) | |
tree | 9c5fe3cd81146c7a557a0ce56ef7b91204595a39 | |
parent | 2d01a1ba8984e0483ce6619b972832377f208a0d (diff) | |
download | python-lxml-a5f9cb52079dc57477c460dbe6ba0f775e14a999.tar.gz |
Prepare release of lxml 4.6.3.lxml-4.6.3
-rw-r--r-- | CHANGES.txt | 11 | ||||
-rw-r--r-- | doc/main.txt | 10 | ||||
-rw-r--r-- | src/lxml/__init__.py | 2 |
3 files changed, 19 insertions, 4 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index e3b77140..22f4d450 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -2,6 +2,17 @@ lxml changelog ============== +4.6.3 (2021-03-21) +================== + +Bugs fixed +---------- + +* A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, + which allowed JavaScript to pass through. The cleaner now removes the HTML5 + ``formaction`` attribute. + + 4.6.2 (2020-11-26) ================== diff --git a/doc/main.txt b/doc/main.txt index d42c66a3..ead457d6 100644 --- a/doc/main.txt +++ b/doc/main.txt @@ -159,8 +159,8 @@ Index <http://pypi.python.org/pypi/lxml/>`_ (PyPI). It has the source that compiles on various platforms. The source distribution is signed with `this key <pubkey.asc>`_. -The latest version is `lxml 4.6.2`_, released 2020-11-26 -(`changes for 4.6.2`_). `Older versions <#old-versions>`_ +The latest version is `lxml 4.6.3`_, released 2021-03-21 +(`changes for 4.6.3`_). `Older versions <#old-versions>`_ are listed below. Please take a look at the @@ -256,7 +256,9 @@ See the websites of lxml .. and the `latest in-development version <http://lxml.de/dev/>`_. -.. _`PDF documentation`: lxmldoc-4.6.2.pdf +.. _`PDF documentation`: lxmldoc-4.6.3.pdf + +* `lxml 4.6.3`_, released 2021-03-21 (`changes for 4.6.3`_) * `lxml 4.6.2`_, released 2020-11-26 (`changes for 4.6.2`_) @@ -280,6 +282,7 @@ See the websites of lxml * `older releases <http://lxml.de/4.3/#old-versions>`_ +.. _`lxml 4.6.3`: /files/lxml-4.6.3.tgz .. _`lxml 4.6.2`: /files/lxml-4.6.2.tgz .. _`lxml 4.6.1`: /files/lxml-4.6.1.tgz .. _`lxml 4.6.0`: /files/lxml-4.6.0.tgz @@ -291,6 +294,7 @@ See the websites of lxml .. _`lxml 4.4.1`: /files/lxml-4.4.1.tgz .. _`lxml 4.4.0`: /files/lxml-4.4.0.tgz +.. _`changes for 4.6.3`: /changes-4.6.3.html .. _`changes for 4.6.2`: /changes-4.6.2.html .. _`changes for 4.6.1`: /changes-4.6.1.html .. _`changes for 4.6.0`: /changes-4.6.0.html diff --git a/src/lxml/__init__.py b/src/lxml/__init__.py index ed50c4bb..c569544b 100644 --- a/src/lxml/__init__.py +++ b/src/lxml/__init__.py @@ -1,6 +1,6 @@ # this is a package -__version__ = "4.6.2" +__version__ = "4.6.3" def get_include(): |