python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-12 18:26:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update docs/releasenotes/9.0.0.rst

Browse Source 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
This commit is contained in:
Jeffrey A. Clark 2024-03-14 16:44:00 -04:00 committed by Alex Clark
parent 3aefe92bdf
commit 7b1c39cebe
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/releasenotes/9.0.0.rst
View File

@ -43,13 +43,8 @@ To prevent attempts to slow down loading times for images, if an image has conse
duplicate tiles that only differ by their offset, only load the last tile. Credit to
Google's `OSS-Fuzz`_ project for finding this issue.
Fix CVE-2022-22817
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`
Restrict builtins available to ImageMath.eval
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:cve:`2022-22817`: Restrict builtins available to ImageMath.eval
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To limit :py:class:`PIL.ImageMath` to working with images, Pillow
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will