From 78a06726dd6c72a42c90c1f7a8fa5d21ebcfa587 Mon Sep 17 00:00:00 2001
From: Greg Guthe <gguthe@mozilla.com>
Date: Wed, 11 Mar 2020 16:17:57 -0400
Subject: [PATCH] Update for v3.1.2 release

---
 CHANGES            | 34 ++++++++++++++++++++++++++++++++++
 bleach/__init__.py |  4 ++--
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6cf295e1..2005da7c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,40 @@
 Bleach changes
 ==============
 
+Version 3.1.2 (March 11th, 2020)
+--------------------------------
+
+**Security fixes**
+
+* ``bleach.clean`` behavior parsing embedded MathML and SVG content
+  with RCDATA tags did not match browser behavior and could result in
+  a mutation XSS.
+
+  Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
+  ``svg`` tags and one or more of the RCDATA tags ``script``,
+  ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
+  ``xmp`` in the allowed tags whitelist were vulnerable to a mutation
+  XSS.
+
+  This security issue was confirmed in Bleach version v3.1.1. Earlier
+  versions are likely affected too.
+
+  Anyone using Bleach <=v3.1.1 is encouraged to upgrade.
+
+  https://bugzilla.mozilla.org/show_bug.cgi?id=1621692
+
+**Backwards incompatible changes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+None
+
 Version 3.1.1 (February 13th, 2020)
 -----------------------------------
 
diff --git a/bleach/__init__.py b/bleach/__init__.py
index 30f8fb84..bb5a5b6d 100644
--- a/bleach/__init__.py
+++ b/bleach/__init__.py
@@ -18,9 +18,9 @@
 
 
 # yyyymmdd
-__releasedate__ = '20200213'
+__releasedate__ = '20200311'
 # x.y.z or x.y.z.dev0 -- semver
-__version__ = '3.1.1'
+__version__ = '3.1.2'
 VERSION = parse_version(__version__)