python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-10-31 16:07:30 +03:00
Code Issues Packages Projects Releases Wiki Activity
38c75b9449
Pillow/docs/releasenotes/11.3.0.rst
Jeffrey A. Clark d4ef93150f Thanks, folks! 
As a general rule I think we should acknowledge when significant
contribtions come from outside the core team. We know the core team
does a lot of work (thank you!) but it's not always obvious when
significant contributions come from outside the core team.

In the old change log, we had ACKs via `[radarhere]` syntax which I
miss. I don't expect we'll start using the old change log again but
maybe we can make a note in the release notes to include such ACKs as
needed and appropriate.
2025-07-01 09:25:32 -04:00

88 lines
3.0 KiB
ReStructuredText
Raw Blame History

11.3.0
------
Security
========
:cve:`2025-48379`: Write buffer overflow on BCn encoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There is a heap buffer overflow when writing a sufficiently large (>64k encoded with
default settings) image in the DDS format due to writing into a buffer without checking
for available space.
This only affects users who save untrusted data as a compressed DDS image.
* Unclear how large the potential write could be. It is likely limited by process
segfault, so it's not necessarily deterministic. It may be practically unbounded.
* Unclear if there's a restriction on the bytes that could be emitted. It's likely that
the only restriction is that the bytes would be emitted in chunks of 8 or 16.
This was introduced in Pillow 11.2.0 when the feature was added.
Deprecations
============
Image.fromarray mode parameter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The ``mode`` parameter in :py:meth:`~PIL.Image.fromarray()` has been deprecated. The
mode can be automatically determined from the object's shape and type instead.
Saving I mode images as PNG
^^^^^^^^^^^^^^^^^^^^^^^^^^^
In order to fit the 32 bits of I mode images into PNG, when PNG images can only contain
at most 16 bits for a channel, Pillow has been clipping the values. Rather than quietly
changing the data, this is now deprecated. Instead, the image can be converted to
another mode before saving::
from PIL import Image
im = Image.new("I", (1, 1))
im.convert("I;16").save("out.png")
Other changes
=============
Added QOI saving
^^^^^^^^^^^^^^^^
Support has been added for saving QOI images. ``colorspace`` can be used to specify the
colorspace as sRGB with linear alpha, e.g. ``im.save("out.qoi", colorspace="sRGB")``.
By default, all channels will be linear.
Support using more screenshot utilities with ImageGrab on Linux
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:py:meth:`~PIL.ImageGrab.grab` is now able to use GNOME Screenshot, grim or Spectacle
on Linux in order to take a snapshot of the screen.
Do not build against libavif < 1
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Pillow only supports libavif 1.0.0 or later. In order to prevent errors when building
from source, if a user happens to have an earlier libavif on their system, Pillow will
now ignore it.
AVIF support in wheels
^^^^^^^^^^^^^^^^^^^^^^
Support for reading and writing AVIF images is now included in Pillow's wheels, except
for Windows ARM64 and iOS. libaom is available as an encoder and dav1d as a decoder.
(Thank you Frankie Dintino and Andrew Murray!)
iOS
^^^
Pillow now provides wheels that can be used on iOS ARM64 devices, and on the iOS
simulator on ARM64 and x86_64. Currently, only Python 3.13 wheels are available.
(Thank you Russell Keith-Magee and Andrew Murray!)
Python 3.14 beta
^^^^^^^^^^^^^^^^
To help other projects prepare for Python 3.14, wheels are now built for the
3.14 beta as a preview. This is not official support for Python 3.14, but rather
an opportunity for you to test how Pillow works with the beta and report any
problems.
Reference in New Issue View Git Blame Copy Permalink