mirror of
https://github.com/python-pillow/Pillow.git
synced 2025-10-24 04:31:06 +03:00
120 lines
5.1 KiB
ReStructuredText
120 lines
5.1 KiB
ReStructuredText
10.3.0
|
|
------
|
|
|
|
Security
|
|
========
|
|
|
|
ImageMath eval()
|
|
^^^^^^^^^^^^^^^^
|
|
|
|
.. danger::
|
|
``ImageMath.eval()`` uses Python's ``eval()`` function to process the expression
|
|
string, and carries the security risks of doing so. A direct replacement for this is
|
|
the new :py:meth:`~PIL.ImageMath.unsafe_eval`, but that carries the same risks. It is
|
|
not recommended to process expressions without considering this.
|
|
:py:meth:`~PIL.ImageMath.lambda_eval` is a more secure alternative.
|
|
|
|
:cve:`2024-28219`: Fix buffer overflow in ``_imagingcms.c``
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In ``_imagingcms.c``, two ``strcpy`` calls were able to copy too much data into fixed
|
|
length strings. This has been fixed by using ``strncpy`` instead.
|
|
|
|
Deprecations
|
|
============
|
|
|
|
ImageCms constants and versions() function
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
A number of constants and a function in :py:mod:`.ImageCms` have been deprecated.
|
|
This includes a table of flags based on LittleCMS version 1 which has been replaced
|
|
with a new class :py:class:`.ImageCms.Flags` based on LittleCMS 2 flags.
|
|
|
|
============================================ ====================================================
|
|
Deprecated Use instead
|
|
============================================ ====================================================
|
|
``ImageCms.DESCRIPTION`` No replacement
|
|
``ImageCms.VERSION`` ``PIL.__version__``
|
|
``ImageCms.FLAGS["MATRIXINPUT"]`` :py:attr:`.ImageCms.Flags.CLUT_POST_LINEARIZATION`
|
|
``ImageCms.FLAGS["MATRIXOUTPUT"]`` :py:attr:`.ImageCms.Flags.FORCE_CLUT`
|
|
``ImageCms.FLAGS["MATRIXONLY"]`` No replacement
|
|
``ImageCms.FLAGS["NOWHITEONWHITEFIXUP"]`` :py:attr:`.ImageCms.Flags.NOWHITEONWHITEFIXUP`
|
|
``ImageCms.FLAGS["NOPRELINEARIZATION"]`` :py:attr:`.ImageCms.Flags.CLUT_PRE_LINEARIZATION`
|
|
``ImageCms.FLAGS["GUESSDEVICECLASS"]`` :py:attr:`.ImageCms.Flags.GUESSDEVICECLASS`
|
|
``ImageCms.FLAGS["NOTCACHE"]`` :py:attr:`.ImageCms.Flags.NOCACHE`
|
|
``ImageCms.FLAGS["NOTPRECALC"]`` :py:attr:`.ImageCms.Flags.NOOPTIMIZE`
|
|
``ImageCms.FLAGS["NULLTRANSFORM"]`` :py:attr:`.ImageCms.Flags.NULLTRANSFORM`
|
|
``ImageCms.FLAGS["HIGHRESPRECALC"]`` :py:attr:`.ImageCms.Flags.HIGHRESPRECALC`
|
|
``ImageCms.FLAGS["LOWRESPRECALC"]`` :py:attr:`.ImageCms.Flags.LOWRESPRECALC`
|
|
``ImageCms.FLAGS["GAMUTCHECK"]`` :py:attr:`.ImageCms.Flags.GAMUTCHECK`
|
|
``ImageCms.FLAGS["WHITEBLACKCOMPENSATION"]`` :py:attr:`.ImageCms.Flags.BLACKPOINTCOMPENSATION`
|
|
``ImageCms.FLAGS["BLACKPOINTCOMPENSATION"]`` :py:attr:`.ImageCms.Flags.BLACKPOINTCOMPENSATION`
|
|
``ImageCms.FLAGS["SOFTPROOFING"]`` :py:attr:`.ImageCms.Flags.SOFTPROOFING`
|
|
``ImageCms.FLAGS["PRESERVEBLACK"]`` :py:attr:`.ImageCms.Flags.NONEGATIVES`
|
|
``ImageCms.FLAGS["NODEFAULTRESOURCEDEF"]`` :py:attr:`.ImageCms.Flags.NODEFAULTRESOURCEDEF`
|
|
``ImageCms.FLAGS["GRIDPOINTS"]`` :py:attr:`.ImageCms.Flags.GRIDPOINTS()`
|
|
``ImageCms.versions()`` :py:func:`PIL.features.version_module` with
|
|
``feature="littlecms2"``, :py:data:`sys.version` or
|
|
:py:data:`sys.version_info`, and ``PIL.__version__``
|
|
============================================ ====================================================
|
|
|
|
ImageMath.eval()
|
|
^^^^^^^^^^^^^^^^
|
|
|
|
``ImageMath.eval()`` has been deprecated. Use :py:meth:`~PIL.ImageMath.lambda_eval` or
|
|
:py:meth:`~PIL.ImageMath.unsafe_eval` instead. See earlier security notes for more
|
|
information.
|
|
|
|
API changes
|
|
===========
|
|
|
|
Added alpha_quality argument when saving WebP images
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
When saving WebP images, an ``alpha_quality`` argument can be passed to the encoder. It
|
|
is an integer value between 0 to 100, where values other than 100 will provide lossy
|
|
compression.
|
|
|
|
Negative kmeans error
|
|
^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
When calling :py:meth:`~PIL.Image.Image.quantize`, a negative ``kmeans`` will now
|
|
raise a :py:exc:`ValueError`, unless a palette is supplied to make the value redundant.
|
|
|
|
Negative P1-P3 PPM value error
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
If a P1-P3 PPM image contains a negative value, a :py:exc:`ValueError` will now be
|
|
raised.
|
|
|
|
API additions
|
|
=============
|
|
|
|
Added PerspectiveTransform
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
:py:class:`~PIL.ImageTransform.PerspectiveTransform` has been added, meaning
|
|
that all of the :py:data:`~PIL.Image.Transform` values now have a corresponding
|
|
subclass of :py:class:`~PIL.ImageTransform.Transform`.
|
|
|
|
Other changes
|
|
=============
|
|
|
|
Portable FloatMap (PFM) images
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Support has been added for reading and writing grayscale (Pf format)
|
|
Portable FloatMap (PFM) files containing ``F`` data.
|
|
|
|
Release GIL when fetching WebP frames
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Python's Global Interpreter Lock is now released when fetching WebP frames from
|
|
the libwebp decoder.
|
|
|
|
Type hints
|
|
^^^^^^^^^^
|
|
|
|
Pillow now has type hints for a large part of its modules, and the package
|
|
includes a ``py.typed`` file and the ``Typing :: Typed`` Trove classifier.
|