python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-09-21 03:18:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update docs/releasenotes/9.0.0.rst

Browse Source 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
This commit is contained in:
Jeffrey A. Clark 2024-03-14 16:44:00 -04:00 committed by Alex Clark
parent 3aefe92bdf
commit 7b1c39cebe
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/releasenotes/9.0.0.rst
View File

@ -43,13 +43,8 @@ To prevent attempts to slow down loading times for images, if an image has conse
duplicate tiles that only differ by their offset, only load the last tile. Credit to duplicate tiles that only differ by their offset, only load the last tile. Credit to
Google's `OSS-Fuzz`_ project for finding this issue. Google's `OSS-Fuzz`_ project for finding this issue.
Fix CVE-2022-22817 :cve:`2022-22817`: Restrict builtins available to ImageMath.eval
^^^^^^^^^^^^^^^^^^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`
Restrict builtins available to ImageMath.eval
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To limit :py:class:`PIL.ImageMath` to working with images, Pillow To limit :py:class:`PIL.ImageMath` to working with images, Pillow
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will