Closed Quantra closed 1 year ago
Today I cleaned up the PRs and issues a little bit. Even I created the tag for the new version, but because I hadn't done any release from a long time and will need some time. I hope tomorrow the release to be on PyPi.
Wonderful! Thank you so much! =D
New update is urgently needed due to PYSEC-2023-175 vulnerability in webp files. By not supporting Pillow 10, the package exposes depending projects to the vulnerability.
We would appreciate prompt release of a new version with support for Pillow 10 which patches the security issue.
For anyone else anxious to get the latest release before it's listed on Pypi, try adding the following to your requirements.txt, or constraints.txt (replacing existing pilkit
entry if you have one):
pilkit @ git+https://github.com/matthewwithanm/pilkit.git@3.0
The 3.0 release is out in PyPi https://pypi.org/project/pilkit/3.0/
The latest release on pypi was made in 2017: https://pypi.org/project/pilkit/
There have been fixes made in the last 6 years, particularly with regards to webp alpha support.
Could you please make a release which includes these fixes as well as all the other development that has been made in this time?
Thank you =]