Pillow/docs/releasenotes/8.0.1.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

29 lines
960 B
ReStructuredText
Raw Normal View History

2020-10-22 15:45:58 +03:00
8.0.1
-----
Security
========
Fix CVE-2020-15999
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2020-15999`
Update FreeType in wheels to `2.10.4`_
2024-03-13 21:52:53 +03:00
++++++++++++++++++++++++++++++++++++++
2020-10-22 15:45:58 +03:00
2024-03-13 21:52:53 +03:00
* A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6.
2020-10-22 15:45:58 +03:00
2024-03-13 21:52:53 +03:00
* If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.
2020-10-22 15:45:58 +03:00
We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts.
In Pillow 7.2.0 and earlier bitmap fonts were disabled with ``FT_LOAD_NO_BITMAP``, but it is not
2020-10-22 15:45:58 +03:00
clear if this prevents the exploit and we recommend updating to Pillow 8.0.1.
Pillow 8.0.0 and earlier are potentially vulnerable releases, including the last release
to support Python 2.7, namely Pillow 6.2.2.
.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/