mirror of
				https://github.com/python-pillow/Pillow.git
				synced 2025-10-22 19:54:46 +03:00 
			
		
		
		
	- Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
		
			
				
	
	
		
			24 lines
		
	
	
		
			860 B
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			24 lines
		
	
	
		
			860 B
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 8.0.1
 | |
| -----
 | |
| 
 | |
| Security
 | |
| ========
 | |
| 
 | |
| :cve:`2020-15999`: Update FreeType in wheels to `2.10.4`_
 | |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 | |
| 
 | |
| * A heap buffer overflow has been found  in the handling of embedded PNG bitmaps,
 | |
|   introduced in FreeType version 2.6.
 | |
| 
 | |
| * If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.
 | |
| 
 | |
| We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts.
 | |
| 
 | |
| In Pillow 7.2.0 and earlier bitmap fonts were disabled with ``FT_LOAD_NO_BITMAP``, but it is not
 | |
| clear if this prevents the exploit and we recommend updating to Pillow 8.0.1.
 | |
| 
 | |
| Pillow 8.0.0 and earlier are potentially vulnerable releases, including the last release
 | |
| to support Python 2.7, namely Pillow 6.2.2.
 | |
| 
 | |
| .. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
 |