From the official announcement:
Summary
As of now, Bleach is deprecated.
We will continue to support Bleach:
security updates
support for new Python versions
fixes for egregious bugs
I figure that's one release a year or something like that.
Why?
Bleach sits on top of--and heavily relies on--html5lib which is no longer in active development. It is increasingly difficult to maintain Bleach in that context and I think it's nuts to build a security library on top of a library that's not in active development. There are some options (switch to something else, take over html5lib, etc), I don't particularly like any of them. I think instead, someone new should explore the options with a brand new library and a fresh start.
Later in the thread there's a recommendation to consider nh3/ammonia instead.
From the official announcement:
Later in the thread there's a recommendation to consider nh3/ammonia instead.