From 6e74a5027b57055cdaeb040343d32934121392a7 Mon Sep 17 00:00:00 2001
From: Greg Guthe <gguthe@mozilla.com>
Date: Mon, 23 Mar 2020 17:07:49 -0400
Subject: [PATCH] Update for v3.1.4 release

---
 CHANGES            | 33 +++++++++++++++++++++++++++++++++
 bleach/__init__.py |  4 ++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index f4e09d8f..0f73b17b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,39 @@
 Bleach changes
 ==============
 
+Version 3.1.4 (March 24th, 2020)
+--------------------------------
+
+**Security fixes**
+
+* ``bleach.clean`` behavior parsing style attributes could result in a
+  regular expression denial of service (ReDoS).
+
+  Calls to ``bleach.clean`` with an allowed tag with an allowed
+  ``style`` attribute were vulnerable to ReDoS. For example,
+  ``bleach.clean(..., attributes={'a': ['style']})``.
+
+  This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1,
+  v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar
+  regular expression and should be considered vulnerable too.
+
+  Anyone using Bleach <=v3.1.3 is encouraged to upgrade.
+
+  https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
+
+**Backwards incompatible changes**
+
+* Style attributes with dashes, or single or double quoted values are
+  cleaned instead of passed through.
+
+**Features**
+
+None
+
+**Bug fixes**
+
+None
+
 Version 3.1.3 (March 17th, 2020)
 --------------------------------
 
diff --git a/bleach/__init__.py b/bleach/__init__.py
index 5d48813b..d168fabb 100644
--- a/bleach/__init__.py
+++ b/bleach/__init__.py
@@ -18,9 +18,9 @@
 
 
 # yyyymmdd
-__releasedate__ = '20200317'
+__releasedate__ = '20200324'
 # x.y.z or x.y.z.dev0 -- semver
-__version__ = '3.1.3'
+__version__ = '3.1.4'
 VERSION = parse_version(__version__)