* Release retracted due to missing files in lxml/includes/.
4.6.5
Not secure
==================
Bugs fixed ----------
* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818).
* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818).
4.6.4
Not secure
==================
Features added --------------
* GH317: A new property ``system_url`` was added to DTD entities. Patch by Thirdegree.
* GH314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars. Patch by Isaac Jurado.
4.6.3
Not secure
==================
Bugs fixed ----------
* A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 ``formaction`` attribute.
4.6.2
Not secure
==================
Bugs fixed ----------
* A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content.
4.6.1
Not secure
==================
Bugs fixed ----------
* A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content.