Merge pull request #7239 from radarhere/releasenotes

Added release notes for #7235
This commit is contained in:
Hugo van Kemenade 2023-06-29 15:24:38 +03:00 committed by GitHub
commit a662fb6793
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -157,10 +157,15 @@ TODO
Security
========
TODO
^^^^
Limit size even if one dimension is zero
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TODO
When performing decompression bomb checks, Pillow did not reject images with
excessive width and zero height, or zero width and excessive height. That has
now been fixed.
This effectively dates to the PIL fork, since problem images would still have
been processed before Pillow started checking for decompression bombs.
Other Changes
=============