Open willgearty opened 4 years ago
Looks like we now need to upgrade to 7.1.0 due to even more security vulnerabilities (although it's unclear to me whether they are relevant to our use case of ImageField). Unfortunately, 7.1.0 dropped support for Python 2.7 (see support here). Looks like our options are:
@hwatheod or @milescalabresi, any thoughts?
I like 3 and 1 (then 2 when the time comes). Do we know how much/severe vulnerability there is in 6.2?
Fixed by #3616. I revise my statement: let's do option 2!
Apparently there's a low severity security vulnerability in all versions < 6.2.0. We're on 3.3.3, which means upgrading involves a LOT of changes. @hwatheod made the last upgrade to pillow, so maybe he's the best to figure out if we need to address any changes? My understanding is that it's only used for the imagefield in the teacher bios?
Changelog is here: https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst