Added release notes and document deprecation

This commit is contained in:
Andrew Murray 2024-03-26 06:32:42 +11:00 committed by Hugo van Kemenade
parent f932cb895f
commit f6596d5293
2 changed files with 23 additions and 3 deletions

View File

@ -92,6 +92,14 @@ Deprecated Use instead
:py:data:`sys.version_info`, and ``PIL.__version__`` :py:data:`sys.version_info`, and ``PIL.__version__``
============================================ ==================================================== ============================================ ====================================================
ImageMath eval()
^^^^^^^^^^^^^^^^
.. deprecated:: 10.3.0
``ImageMath.eval()`` has been deprecated. Use :py:meth:`~PIL.ImageMath.lambda_eval` or
:py:meth:`~PIL.ImageMath.unsafe_eval` instead.
Removed features Removed features
---------------- ----------------

View File

@ -4,10 +4,15 @@
Security Security
======== ========
TODO ImageMath eval()
^^^^ ^^^^^^^^^^^^^^^^
TODO .. danger::
``ImageMath.eval()`` uses Python's ``eval()`` function to process the expression
string, and carries the security risks of doing so. A direct replacement for this is
the new :py:meth:`~PIL.ImageMath.unsafe_eval`, but that carries the same risks. It is
not recommended to process expressions without considering this.
:py:meth:`~PIL.ImageMath.lambda_eval` is a more secure alternative.
:cve:`YYYY-XXXXX`: TODO :cve:`YYYY-XXXXX`: TODO
^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^
@ -58,6 +63,13 @@ Deprecated Use instead
:py:data:`sys.version_info`, and ``PIL.__version__`` :py:data:`sys.version_info`, and ``PIL.__version__``
============================================ ==================================================== ============================================ ====================================================
ImageMath.eval()
^^^^^^^^^^^^^^^^
``ImageMath.eval()`` has been deprecated. Use :py:meth:`~PIL.ImageMath.lambda_eval` or
:py:meth:`~PIL.ImageMath.unsafe_eval` instead. See earlier security notes for more
information.
API Changes API Changes
=========== ===========