mirror of
https://github.com/python-pillow/Pillow.git
synced 2025-10-24 12:41:11 +03:00
As a general rule I think we should acknowledge when significant contribtions come from outside the core team. We know the core team does a lot of work (thank you!) but it's not always obvious when significant contributions come from outside the core team. In the old change log, we had ACKs via `[radarhere]` syntax which I miss. I don't expect we'll start using the old change log again but maybe we can make a note in the release notes to include such ACKs as needed and appropriate.
88 lines
3.0 KiB
ReStructuredText
88 lines
3.0 KiB
ReStructuredText
11.3.0
|
|
------
|
|
|
|
Security
|
|
========
|
|
|
|
:cve:`2025-48379`: Write buffer overflow on BCn encoding
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
There is a heap buffer overflow when writing a sufficiently large (>64k encoded with
|
|
default settings) image in the DDS format due to writing into a buffer without checking
|
|
for available space.
|
|
|
|
This only affects users who save untrusted data as a compressed DDS image.
|
|
|
|
* Unclear how large the potential write could be. It is likely limited by process
|
|
segfault, so it's not necessarily deterministic. It may be practically unbounded.
|
|
* Unclear if there's a restriction on the bytes that could be emitted. It's likely that
|
|
the only restriction is that the bytes would be emitted in chunks of 8 or 16.
|
|
|
|
This was introduced in Pillow 11.2.0 when the feature was added.
|
|
|
|
Deprecations
|
|
============
|
|
|
|
Image.fromarray mode parameter
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
The ``mode`` parameter in :py:meth:`~PIL.Image.fromarray()` has been deprecated. The
|
|
mode can be automatically determined from the object's shape and type instead.
|
|
|
|
Saving I mode images as PNG
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In order to fit the 32 bits of I mode images into PNG, when PNG images can only contain
|
|
at most 16 bits for a channel, Pillow has been clipping the values. Rather than quietly
|
|
changing the data, this is now deprecated. Instead, the image can be converted to
|
|
another mode before saving::
|
|
|
|
from PIL import Image
|
|
im = Image.new("I", (1, 1))
|
|
im.convert("I;16").save("out.png")
|
|
|
|
Other changes
|
|
=============
|
|
|
|
Added QOI saving
|
|
^^^^^^^^^^^^^^^^
|
|
|
|
Support has been added for saving QOI images. ``colorspace`` can be used to specify the
|
|
colorspace as sRGB with linear alpha, e.g. ``im.save("out.qoi", colorspace="sRGB")``.
|
|
By default, all channels will be linear.
|
|
|
|
Support using more screenshot utilities with ImageGrab on Linux
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
:py:meth:`~PIL.ImageGrab.grab` is now able to use GNOME Screenshot, grim or Spectacle
|
|
on Linux in order to take a snapshot of the screen.
|
|
|
|
Do not build against libavif < 1
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Pillow only supports libavif 1.0.0 or later. In order to prevent errors when building
|
|
from source, if a user happens to have an earlier libavif on their system, Pillow will
|
|
now ignore it.
|
|
|
|
AVIF support in wheels
|
|
^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Support for reading and writing AVIF images is now included in Pillow's wheels, except
|
|
for Windows ARM64 and iOS. libaom is available as an encoder and dav1d as a decoder.
|
|
(Thank you Frankie Dintino and Andrew Murray!)
|
|
|
|
iOS
|
|
^^^
|
|
|
|
Pillow now provides wheels that can be used on iOS ARM64 devices, and on the iOS
|
|
simulator on ARM64 and x86_64. Currently, only Python 3.13 wheels are available.
|
|
(Thank you Russell Keith-Magee and Andrew Murray!)
|
|
|
|
Python 3.14 beta
|
|
^^^^^^^^^^^^^^^^
|
|
|
|
To help other projects prepare for Python 3.14, wheels are now built for the
|
|
3.14 beta as a preview. This is not official support for Python 3.14, but rather
|
|
an opportunity for you to test how Pillow works with the beta and report any
|
|
problems.
|