mirror of
				https://github.com/python-pillow/Pillow.git
				synced 2025-10-25 05:01:26 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			124 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			124 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 7.1.0
 | |
| -----
 | |
| 
 | |
| Security
 | |
| ========
 | |
| 
 | |
| This release includes many security fixes.
 | |
| 
 | |
| :cve:`2020-10177`: Multiple out-of-bounds reads in FLI decoding
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| Pillow before 7.1.0 has multiple out-of-bounds reads in ``libImaging/FliDecode.c``.
 | |
| 
 | |
| :cve:`2020-10378`: Bounds overflow in PCX decoding
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur
 | |
| when reading PCX files where ``state->shuffle`` is instructed to read beyond
 | |
| ``state->buffer``.
 | |
| 
 | |
| :cve:`2020-10379`: Two buffer overflows in TIFF decoding
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| In Pillow before 7.1.0, there are two buffer overflows in ``libImaging/TiffDecode.c``.
 | |
| 
 | |
| :cve:`2020-10994`: Bounds overflow in JPEG 2000 decoding
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple
 | |
| out-of-bounds reads via a crafted JP2 file.
 | |
| 
 | |
| :cve:`2020-11538`: Buffer overflow in SGI-RLE decoding
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| In ``libImaging/SgiRleDecode.c`` in Pillow through 7.0.0, a number of out-of-bounds
 | |
| reads exist in the parsing of SGI image files, a different issue than :cve:`2020-5311`.
 | |
| 
 | |
| API changes
 | |
| ===========
 | |
| 
 | |
| Allow saving of zero quality JPEG images
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| If no quality was specified when saving a JPEG, Pillow internally used a value
 | |
| of zero to indicate that the default quality should be used. However, this
 | |
| removed the ability to actually save a JPEG with zero quality. This has now
 | |
| been resolved. ::
 | |
| 
 | |
|     from PIL import Image
 | |
|     im = Image.open("hopper.jpg")
 | |
|     im.save("out.jpg", quality=0)
 | |
| 
 | |
| API additions
 | |
| =============
 | |
| 
 | |
| New channel operations
 | |
| ^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| Three new channel operations have been added: :py:meth:`~PIL.ImageChops.soft_light`,
 | |
| :py:meth:`~PIL.ImageChops.hard_light` and :py:meth:`~PIL.ImageChops.overlay`.
 | |
| 
 | |
| PILLOW_VERSION constant
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| ``PILLOW_VERSION`` has been re-added but is deprecated and will be removed in a future
 | |
| release. Use ``__version__`` instead.
 | |
| 
 | |
| It was initially removed in Pillow 7.0.0, but brought back in 7.1.0 to give projects
 | |
| more time to upgrade.
 | |
| 
 | |
| Reading JPEG comments
 | |
| ^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| When opening a JPEG image, the comment may now be read into
 | |
| :py:attr:`~PIL.Image.Image.info`.
 | |
| 
 | |
| Support for different charset encodings in PcfFontFile
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| Previously ``PcfFontFile`` output only bitmap PIL fonts with ISO 8859-1 encoding, even
 | |
| though the PCF format supports Unicode, making it hard to work with Pillow with bitmap
 | |
| fonts in languages which use different character sets.
 | |
| 
 | |
| Now it's possible to set a different charset encoding in ``PcfFontFile``'s class
 | |
| constructor. By default, it generates a PIL font file with ISO 8859-1 as before. The
 | |
| generated PIL font file still contains up to 256 characters, but the character set is
 | |
| different depending on the selected encoding.
 | |
| 
 | |
| To use such a font with ``ImageDraw.text``, call it with a bytes object with the same
 | |
| encoding as the font file.
 | |
| 
 | |
| X11 ImageGrab.grab()
 | |
| ^^^^^^^^^^^^^^^^^^^^
 | |
| Support has been added for ``ImageGrab.grab()`` on Linux using the X server
 | |
| with the XCB library.
 | |
| 
 | |
| An optional ``xdisplay`` parameter has been added to select the X server,
 | |
| with the default value of :data:`None` using the default X server.
 | |
| 
 | |
| Passing a different value on Windows or macOS will force taking a snapshot
 | |
| using the selected X server; pass an empty string to use the default X server.
 | |
| XCB support is not included in pre-compiled wheels for Windows and macOS.
 | |
| 
 | |
| Other changes
 | |
| =============
 | |
| 
 | |
| If present, only use alpha channel for bounding box
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| When the :py:meth:`~PIL.Image.Image.getbbox` method calculates the bounding
 | |
| box, for an RGB image it trims black pixels. Similarly, for an RGBA image it
 | |
| would trim black transparent pixels. This is now changed so that if an image
 | |
| has an alpha channel (RGBA, RGBa, PA, LA, La), any transparent pixels are
 | |
| trimmed.
 | |
| 
 | |
| Improved APNG support
 | |
| ^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| Added support for reading and writing Animated Portable Network Graphics (APNG) images.
 | |
| The PNG plugin now supports using the :py:meth:`~PIL.Image.Image.seek` method and the
 | |
| :py:class:`~PIL.ImageSequence.Iterator` class to read APNG frame sequences.
 | |
| The PNG plugin also now supports using the ``append_images`` argument to write APNG frame
 | |
| sequences. See :ref:`apng-sequences` for further details.
 |