Pillow/docs/releasenotes/9.0.1.rst

9.0.1
-----

Security
========

This release addresses several security problems.

:cve:`CVE-2022-24303`: If the path to the temporary directory on Linux or macOS
contained a space, this would break removal of the temporary image file after
``im.show()`` (and related actions), and potentially remove an unrelated file. This
has been present since PIL.

:cve:`CVE-2022-22817`: While Pillow 9.0 restricted top-level builtins available to
:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda
expressions. These are now also restricted.

Other Changes
=============

Pillow 9.0 added support for ``xdg-open`` as an image viewer, but there have been
reports that the temporary image file was removed too quickly to be loaded into the
final application. A delay has been added.
Added release notes for 9.0.1 2022-02-03 01:48:56 +03:00			`9.0.1`
			`-----`

			`Security`
			`========`

			`This release addresses several security problems.`

			:cve:`CVE-2022-24303`: If the path to the temporary directory on Linux or macOS
			`contained a space, this would break removal of the temporary image file after`
			``im.show()`` (and related actions), and potentially remove an unrelated file. This
Corrected sentence [ci skip] 2022-02-03 19:19:49 +03:00			`has been present since PIL.`
Added release notes for 9.0.1 2022-02-03 01:48:56 +03:00
			:cve:`CVE-2022-22817`: While Pillow 9.0 restricted top-level builtins available to
			:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda
			`expressions. These are now also restricted.`

			`Other Changes`
			`=============`

			Pillow 9.0 added support for ``xdg-open`` as an image viewer, but there have been
			`reports that the temporary image file was removed too quickly to be loaded into the`
			`final application. A delay has been added.`