Update to 9.4.0 to fix security vulnerabilities #129
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…transform Fix compiler error: accessing 64 bytes in a region of size 48
updates: - [github.com/psf/black: 22.8.0 → 22.10.0](psf/black@22.8.0...22.10.0) - [github.com/sphinx-contrib/sphinx-lint: v0.6.1 → v0.6.7](sphinx-contrib/sphinx-lint@v0.6.1...v0.6.7)
…i-update-config [pre-commit.ci] pre-commit autoupdate
CVE-2007-4559 patch in winbuild
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
This reverts commit c82483e.
Revert "Install NumPy with OpenBLAS"
Updated macOS tested Pillow versions
Add oss-fuzz badge
Removed deprecations for Image constants, except for duplicate Resampling attributes
Return from ImagingFill early if image has a zero dimension
* Update Tests to IOError rather than OSError
Fixed null pointer dereference crash with malformed font
Updated copyright year
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Added release notes for python-pillow#6842 and python-pillow#6846
Updated size parameter descriptions
# Conflicts: # .github/workflows/cifuzz.yml # .github/workflows/test-docker.yml # README.md # Tests/test_image_resample.py # src/PIL/_version.py # src/libImaging/ColorLUT.c
|
Is this repo still alive ? |
|
There's also a high-severity vulnerability in webp that was fixed in python-pillow#7395 |
This was referenced Oct 11, 2023
|
This changes are unrelated to Pillow-simd, which doesn’t have binary builds. It always uses system-provided versions of libraries |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recently several vulnerabilities have been uncovered.
https://github.com/advisories?query=type%3Areviewed+Pillow
It is crucial to apply these fixes for use in production.
This PR is a straightforward merge from 9.4.x containing security vulnerability fixes, specifically:
Only test failing is test_file_fits:test_open which is caused by one-off error in simd implementation of rgb2l().
https://github.com/Dawars/pillow-simd/blob/simd/9.4.x/Tests/test_file_fits.py#L21
This seems negligible, how should I proceed?
The update also contains Github Actions related changes which I'm not familiar with and therefore probably incorrectly set up.