|
|
Release notes (https://github.com/lxml/lxml/blob/master/CHANGES.txt):
4.6.5 (2021-12-12)
==================
Bugs fixed
----------
* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
content through SVG images (CVE-2021-43818).
* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
content through CSS imports and other crafted constructs (CVE-2021-43818).
4.6.4 (2021-11-01)
==================
Features added
--------------
* GH#317: A new property ``system_url`` was added to DTD entities.
Patch by Thirdegree.
* GH#314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars.
Patch by Isaac Jurado.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
