mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-26 01:46:18 +03:00
Update release notes to match template for #7864
This commit is contained in:
parent
b5f77799ca
commit
45975e482d
|
@ -11,10 +11,10 @@ These issues reported in
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function
|
The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function
|
||||||
in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) _copy
|
in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4)
|
||||||
function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and
|
``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier
|
||||||
Pillow before 2.3.1 do not properly create temporary files, which allow local
|
and Pillow before 2.3.1 do not properly create temporary files, which allow
|
||||||
users to overwrite arbitrary files and obtain sensitive information via a
|
local users to overwrite arbitrary files and obtain sensitive information via a
|
||||||
symlink attack on the temporary file.
|
symlink attack on the temporary file.
|
||||||
|
|
||||||
:cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
|
:cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
|
||||||
|
|
|
@ -1,6 +1,29 @@
|
||||||
4.2.0
|
4.2.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
Deprecations
|
||||||
|
============
|
||||||
|
|
||||||
|
Several deprecated items have been removed
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
* The methods ``PIL.ImageWin.Dib.fromstring``,
|
||||||
|
``PIL.ImageWin.Dib.tostring`` and
|
||||||
|
``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have
|
||||||
|
been removed.
|
||||||
|
|
||||||
|
* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would
|
||||||
|
discard the alpha channel. From Pillow 3.4.0, a deprecation warning
|
||||||
|
was shown. From Pillow 4.2.0, the deprecation warning is removed and
|
||||||
|
an :py:exc:`IOError` is raised.
|
||||||
|
|
||||||
|
Removed Core Image Function
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
The unused function ``Image.core.new_array`` was removed. This is an
|
||||||
|
internal function that should not have been used by user code, but it
|
||||||
|
was accessible from the python layer.
|
||||||
|
|
||||||
Other Changes
|
Other Changes
|
||||||
=============
|
=============
|
||||||
|
|
||||||
|
@ -30,26 +53,3 @@ New DecompressionBomb Warning
|
||||||
:py:meth:`PIL.Image.Image.crop` now may raise a DecompressionBomb
|
:py:meth:`PIL.Image.Image.crop` now may raise a DecompressionBomb
|
||||||
warning if the crop region enlarges the image over the threshold
|
warning if the crop region enlarges the image over the threshold
|
||||||
specified by :py:data:`PIL.Image.MAX_IMAGE_PIXELS`.
|
specified by :py:data:`PIL.Image.MAX_IMAGE_PIXELS`.
|
||||||
|
|
||||||
Deprections
|
|
||||||
===========
|
|
||||||
|
|
||||||
Several deprecated items have been removed
|
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
||||||
|
|
||||||
* The methods ``PIL.ImageWin.Dib.fromstring``,
|
|
||||||
``PIL.ImageWin.Dib.tostring`` and
|
|
||||||
``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have
|
|
||||||
been removed.
|
|
||||||
|
|
||||||
* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would
|
|
||||||
discard the alpha channel. From Pillow 3.4.0, a deprecation warning
|
|
||||||
was shown. From Pillow 4.2.0, the deprecation warning is removed and
|
|
||||||
an :py:exc:`IOError` is raised.
|
|
||||||
|
|
||||||
Removed Core Image Function
|
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
||||||
|
|
||||||
The unused function ``Image.core.new_array`` was removed. This is an
|
|
||||||
internal function that should not have been used by user code, but it
|
|
||||||
was accessible from the python layer.
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
Security
|
Security
|
||||||
========
|
========
|
||||||
|
|
||||||
This release fixes several buffer overruns and DOS attacks.
|
This release fixes several buffer overflow issues and a DOS attack vulnerability.
|
||||||
|
|
||||||
:cve:`2019-19911`: DOS attack vulnerability
|
:cve:`2019-19911`: DOS attack vulnerability
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
|
@ -4,11 +4,11 @@
|
||||||
Security
|
Security
|
||||||
========
|
========
|
||||||
|
|
||||||
:cve:`2021-34552`: Buffer overflow
|
:cve:`2021-34552`: Fix buffer overflow
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
|
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert
|
||||||
buffer overflow in Convert.c.
|
function to trigger buffer overflow in ``Convert.c``.
|
||||||
|
|
||||||
Parsing XML
|
Parsing XML
|
||||||
^^^^^^^^^^^
|
^^^^^^^^^^^
|
||||||
|
|
Loading…
Reference in New Issue
Block a user