A recent security vulnerability has been found in Mozilla's bleach library module, which is a common dependency for packages such as jupyter notebook. In order to mitigate the issue, it is recommended that all users of the package (as well as all Intel® Distribution for Python* users) update this module to the latest version.
For more information about the security issue and the fixes that were made to the bleach module, please visit the link here: https://nvd.nist.gov/vuln/detail/CVE-2018-7753
Instructions on how to update and install bleach to the latest version are below:
To download the package manually, please go to https://anaconda.org/intel/bleach/files
Conda
- For Unix platforms:
- Online mode: <install_location>/bin/conda install -c intel bleach=2.1.3
- Offline mode: <install_location>/bin/conda install <absolute_path_to_conda_pkg>
- For Windows platforms:
- Online mode: <install_location>\Scripts\conda install -c intel bleach=2.1.3
- Offline mode: <install_location>\Scripts\conda install <absolute_path_to_conda_pkg>
pip
- For Unix platforms:
- <install_location>/bin/pip uninstall bleach
- Online mode: <install_location>/bin/pip install --no-deps bleach
- Offline mode: <install_location>/bin/pip install --no-deps <absolute_path_to_local_bleach_whl>
- For Windows platforms:
- <install_location>\Scripts\pip uninstall bleach
- Online Mode: <install_location>\Scripts\pip install --no-deps bleach
- Offline Mode: <install_location>\Scripts\pip install --no-deps <absolute_path_to_local_bleach_whl>