Merge pull request #6016 from radarhere/releasenotes

Corrected sentence
This commit is contained in:
Hugo van Kemenade 2022-02-04 07:13:32 +02:00 committed by GitHub
commit 71839a7623
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -9,7 +9,7 @@ This release addresses several security problems.
:cve:`CVE-2022-24303`: If the path to the temporary directory on Linux or macOS :cve:`CVE-2022-24303`: If the path to the temporary directory on Linux or macOS
contained a space, this would break removal of the temporary image file after contained a space, this would break removal of the temporary image file after
``im.show()`` (and related actions), and potentially remove an unrelated file. This ``im.show()`` (and related actions), and potentially remove an unrelated file. This
been present since PIL. has been present since PIL.
:cve:`CVE-2022-22817`: While Pillow 9.0 restricted top-level builtins available to :cve:`CVE-2022-22817`: While Pillow 9.0 restricted top-level builtins available to
:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda :py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda