From c927ab266e95710d6c15b53f4b844c74950dd712 Mon Sep 17 00:00:00 2001
From: hugovk <hugovk@users.noreply.github.com>
Date: Fri, 27 Jun 2014 21:30:08 +0300
Subject: [PATCH] Warn about decompression bombs

---
 docs/reference/Image.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/Image.rst b/docs/reference/Image.rst
index 7125fcad4..6dcb73638 100644
--- a/docs/reference/Image.rst
+++ b/docs/reference/Image.rst
@@ -49,6 +49,8 @@ Functions
 
 .. autofunction:: open
 
+    .. warning:: > To protect against potential DOS attacks caused by "[decompression bombs](https://en.wikipedia.org/wiki/Zip_bomb)" (i.e. malicious files which decompress into a huge amount of data and are designed to crash or cause disruption by using up a lot of memory), Pillow will issue a `DecompressionBombWarning` if the image is over a certain limit. If desired, the warning can be turned into an error with `warnings.simplefilter('error', Image.DecompressionBombWarning)` or suppressed entirely with `warnings.simplefilter('ignore', Image.DecompressionBombWarning)`. See also [the logging documentation](https://docs.python.org/2/library/logging.html?highlight=logging#integration-with-the-warnings-module) to have warnings output to the logging facility instead of stderr.
+
 Image processing
 ^^^^^^^^^^^^^^^^