mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-24 17:06:16 +03:00
Added release notes and document deprecation
This commit is contained in:
parent
f932cb895f
commit
f6596d5293
|
@ -92,6 +92,14 @@ Deprecated Use instead
|
|||
:py:data:`sys.version_info`, and ``PIL.__version__``
|
||||
============================================ ====================================================
|
||||
|
||||
ImageMath eval()
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
.. deprecated:: 10.3.0
|
||||
|
||||
``ImageMath.eval()`` has been deprecated. Use :py:meth:`~PIL.ImageMath.lambda_eval` or
|
||||
:py:meth:`~PIL.ImageMath.unsafe_eval` instead.
|
||||
|
||||
Removed features
|
||||
----------------
|
||||
|
||||
|
|
|
@ -4,10 +4,15 @@
|
|||
Security
|
||||
========
|
||||
|
||||
TODO
|
||||
^^^^
|
||||
ImageMath eval()
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
TODO
|
||||
.. danger::
|
||||
``ImageMath.eval()`` uses Python's ``eval()`` function to process the expression
|
||||
string, and carries the security risks of doing so. A direct replacement for this is
|
||||
the new :py:meth:`~PIL.ImageMath.unsafe_eval`, but that carries the same risks. It is
|
||||
not recommended to process expressions without considering this.
|
||||
:py:meth:`~PIL.ImageMath.lambda_eval` is a more secure alternative.
|
||||
|
||||
:cve:`YYYY-XXXXX`: TODO
|
||||
^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
@ -58,6 +63,13 @@ Deprecated Use instead
|
|||
:py:data:`sys.version_info`, and ``PIL.__version__``
|
||||
============================================ ====================================================
|
||||
|
||||
ImageMath.eval()
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
``ImageMath.eval()`` has been deprecated. Use :py:meth:`~PIL.ImageMath.lambda_eval` or
|
||||
:py:meth:`~PIL.ImageMath.unsafe_eval` instead. See earlier security notes for more
|
||||
information.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user