search

technologiestiftung / maps-latent-space

An AI exploration on how to create maps and a infrastructure to display it in an exhibition space. A collaboration between Birds On Mars and Technologiestiftung Berlin/CityLAB.
MIT License
0 stars 0 forks source link

chore(deps): update dependency pillow to v8 [security] - autoclosed #52

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Pillow (source, changelog) ==6.2.1 -> ==8.2.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-27922

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

CVE-2020-35655

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

CVE-2021-27921

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

CVE-2020-35653

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

CVE-2021-27923

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CVE-2021-25293

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

CVE-2021-25291

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

CVE-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

CVE-2021-25287

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. This dates to Pillow 2.4.0.

CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

Release Notes

python-pillow/Pillow ### [`v8.2.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​820-2021-04-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/8.1.2...8.2.0) - Added getxmp() method [#​5144](https://togithub.com/python-pillow/Pillow/issues/5144) \[UrielMaD, radarhere] - Add ImageShow support for GraphicsMagick [#​5349](https://togithub.com/python-pillow/Pillow/issues/5349) \[latosha-maltba, radarhere] - Do not load transparent pixels from subsequent GIF frames [#​5333](https://togithub.com/python-pillow/Pillow/issues/5333) \[zewt, radarhere] - Use LZW encoding when saving GIF images [#​5291](https://togithub.com/python-pillow/Pillow/issues/5291) \[raygard] - Set all transparent colors to be equal in quantize() [#​5282](https://togithub.com/python-pillow/Pillow/issues/5282) \[radarhere] - Allow PixelAccess to use Python **int** when parsing x and y [#​5206](https://togithub.com/python-pillow/Pillow/issues/5206) \[radarhere] - Removed Image.\_MODEINFO [#​5316](https://togithub.com/python-pillow/Pillow/issues/5316) \[radarhere] - Add preserve_tone option to autocontrast [#​5350](https://togithub.com/python-pillow/Pillow/issues/5350) \[elejke, radarhere] - Fixed linear_gradient and radial_gradient I and F modes [#​5274](https://togithub.com/python-pillow/Pillow/issues/5274) \[radarhere] - Add support for reading TIFFs with PlanarConfiguration=2 [#​5364](https://togithub.com/python-pillow/Pillow/issues/5364) \[kkopachev, wiredfool, nulano] - Deprecated categories [#​5351](https://togithub.com/python-pillow/Pillow/issues/5351) \[radarhere] - Do not premultiply alpha when resizing with Image.NEAREST resampling [#​5304](https://togithub.com/python-pillow/Pillow/issues/5304) \[nulano] - Dynamically link FriBiDi instead of Raqm [#​5062](https://togithub.com/python-pillow/Pillow/issues/5062) \[nulano] - Allow fewer PNG palette entries than the bit depth maximum when saving [#​5330](https://togithub.com/python-pillow/Pillow/issues/5330) \[radarhere] - Use duration from info dictionary when saving WebP [#​5338](https://togithub.com/python-pillow/Pillow/issues/5338) \[radarhere] - Stop flattening EXIF IFD into getexif() [#​4947](https://togithub.com/python-pillow/Pillow/issues/4947) \[radarhere, kkopachev] - Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images [#​5343](https://togithub.com/python-pillow/Pillow/issues/5343) \[radarhere] - Save ICC profile from TIFF encoderinfo [#​5321](https://togithub.com/python-pillow/Pillow/issues/5321) \[radarhere] - Moved RGB fix inside ImageQt class [#​5268](https://togithub.com/python-pillow/Pillow/issues/5268) \[radarhere] - Allow alpha_composite destination to be negative [#​5313](https://togithub.com/python-pillow/Pillow/issues/5313) \[radarhere] - Ensure file is closed if it is opened by ImageQt.ImageQt [#​5260](https://togithub.com/python-pillow/Pillow/issues/5260) \[radarhere] - Added ImageDraw rounded_rectangle method [#​5208](https://togithub.com/python-pillow/Pillow/issues/5208) \[radarhere] - Added IPythonViewer [#​5289](https://togithub.com/python-pillow/Pillow/issues/5289) \[radarhere, Kipkurui-mutai] - Only draw each rectangle outline pixel once [#​5183](https://togithub.com/python-pillow/Pillow/issues/5183) \[radarhere] - Use mmap instead of built-in Win32 mapper [#​5224](https://togithub.com/python-pillow/Pillow/issues/5224) \[radarhere, cgohlke] - Handle PCX images with an odd stride [#​5214](https://togithub.com/python-pillow/Pillow/issues/5214) \[radarhere] - Only read different sizes for "Large Thumbnail" MPO frames [#​5168](https://togithub.com/python-pillow/Pillow/issues/5168) \[radarhere] - Added PyQt6 support [#​5258](https://togithub.com/python-pillow/Pillow/issues/5258) \[radarhere] - Changed Image.open formats parameter to be case-insensitive [#​5250](https://togithub.com/python-pillow/Pillow/issues/5250) \[Piolie, radarhere] - Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) [#​5216](https://togithub.com/python-pillow/Pillow/issues/5216) \[radarhere] - Added tk version to pilinfo [#​5226](https://togithub.com/python-pillow/Pillow/issues/5226) \[radarhere, nulano] - Support for ignoring tests when running valgrind [#​5150](https://togithub.com/python-pillow/Pillow/issues/5150) \[wiredfool, radarhere, hugovk] - OSS-Fuzz support [#​5189](https://togithub.com/python-pillow/Pillow/issues/5189) \[wiredfool, radarhere] ### [`v8.1.2`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​812-2021-03-06) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/8.1.1...8.1.2) - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins \[wiredfool] ### [`v8.1.1`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​811-2021-03-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/8.1.0...8.1.1) - Use more specific regex chars to prevent ReDoS. CVE-2021-25292 \[hugovk] - Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 \[wiredfool] - Fix negative size read in TiffDecode.c. CVE-2021-25290 \[wiredfool] - Fix OOB read in SgiRleDecode.c. CVE-2021-25293 \[wiredfool] - Incorrect error code checking in TiffDecode.c. CVE-2021-25289 \[wiredfool] - PyModule_AddObject fix for Python 3.10 [#​5194](https://togithub.com/python-pillow/Pillow/issues/5194) \[radarhere] ### [`v8.1.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​810-2021-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/8.0.1...8.1.0) - Fix TIFF OOB Write error. CVE-2020-35654 [#​5175](https://togithub.com/python-pillow/Pillow/issues/5175) \[wiredfool] - Fix for Read Overflow in PCX Decoding. CVE-2020-35653 [#​5174](https://togithub.com/python-pillow/Pillow/issues/5174) \[wiredfool, radarhere] - Fix for SGI Decode buffer overrun. CVE-2020-35655 [#​5173](https://togithub.com/python-pillow/Pillow/issues/5173) \[wiredfool, radarhere] - Fix OOB Read when saving GIF of xsize=1 [#​5149](https://togithub.com/python-pillow/Pillow/issues/5149) \[wiredfool] - Makefile updates [#​5159](https://togithub.com/python-pillow/Pillow/issues/5159) \[wiredfool, radarhere] - Add support for PySide6 [#​5161](https://togithub.com/python-pillow/Pillow/issues/5161) \[hugovk] - Use disposal settings from previous frame in APNG [#​5126](https://togithub.com/python-pillow/Pillow/issues/5126) \[radarhere] - Added exception explaining that *repr_png* saves to PNG [#​5139](https://togithub.com/python-pillow/Pillow/issues/5139) \[radarhere] - Use previous disposal method in GIF load_end [#​5125](https://togithub.com/python-pillow/Pillow/issues/5125) \[radarhere] - Allow putpalette to accept 1024 integers to include alpha values [#​5089](https://togithub.com/python-pillow/Pillow/issues/5089) \[radarhere] - Fix OOB Read when writing TIFF with custom Metadata [#​5148](https://togithub.com/python-pillow/Pillow/issues/5148) \[wiredfool] - Added append_images support for ICO [#​4568](https://togithub.com/python-pillow/Pillow/issues/4568) \[ziplantil, radarhere] - Block TIFFTAG_SUBIFD [#​5120](https://togithub.com/python-pillow/Pillow/issues/5120) \[radarhere] - Fixed dereferencing potential null pointers [#​5108](https://togithub.com/python-pillow/Pillow/issues/5108), [#​5111](https://togithub.com/python-pillow/Pillow/issues/5111) \[cgohlke, radarhere] - Deprecate FreeType 2.7 [#​5098](https://togithub.com/python-pillow/Pillow/issues/5098) \[hugovk, radarhere] - Moved warning to end of execution [#​4965](https://togithub.com/python-pillow/Pillow/issues/4965) \[radarhere] - Removed unused fromstring and tostring C methods [#​5026](https://togithub.com/python-pillow/Pillow/issues/5026) \[radarhere] - init() if one of the formats is unrecognised [#​5037](https://togithub.com/python-pillow/Pillow/issues/5037) \[radarhere] - Moved string_dimension CVE image to pillow-depends [#​4993](https://togithub.com/python-pillow/Pillow/issues/4993) \[radarhere] - Support raw rgba8888 for DDS [#​4760](https://togithub.com/python-pillow/Pillow/issues/4760) \[qiankanglai] ### [`v8.0.1`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​801-2020-10-22) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/8.0.0...8.0.1) - Update FreeType used in binary wheels to 2.10.4 to fix CVE-2020-15999. \[radarhere] - Moved string_dimension image to pillow-depends [#​4993](https://togithub.com/python-pillow/Pillow/issues/4993) \[radarhere] ### [`v8.0.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​800-2020-10-15) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/7.2.0...8.0.0) - Drop support for EOL Python 3.5 [#​4746](https://togithub.com/python-pillow/Pillow/issues/4746), [#​4794](https://togithub.com/python-pillow/Pillow/issues/4794) \[hugovk, radarhere, nulano] - Drop support for PyPy3 < 7.2.0 [#​4964](https://togithub.com/python-pillow/Pillow/issues/4964) \[nulano] - Remove ImageCms.CmsProfile attributes deprecated since 3.2.0 [#​4768](https://togithub.com/python-pillow/Pillow/issues/4768) \[hugovk, radarhere] - Remove long-deprecated Image.py functions [#​4798](https://togithub.com/python-pillow/Pillow/issues/4798) \[hugovk, nulano, radarhere] - Add support for 16-bit precision JPEG quantization values [#​4918](https://togithub.com/python-pillow/Pillow/issues/4918) \[gofr] - Added reading of IFD tag type [#​4979](https://togithub.com/python-pillow/Pillow/issues/4979) \[radarhere] - Initialize offset memory for PyImagingPhotoPut [#​4806](https://togithub.com/python-pillow/Pillow/issues/4806) \[nqbit] - Fix TiffDecode comparison warnings [#​4756](https://togithub.com/python-pillow/Pillow/issues/4756) \[nulano] - Docs: Add dark mode [#​4968](https://togithub.com/python-pillow/Pillow/issues/4968) \[hugovk, nulano] - Added macOS SDK install path to library and include directories [#​4974](https://togithub.com/python-pillow/Pillow/issues/4974) \[radarhere, fxcoudert] - Imaging.h: prevent confusion with system [#​4923](https://togithub.com/python-pillow/Pillow/issues/4923) \[ax3l, ,radarhere] - Avoid using pkg_resources in PIL.features.pilinfo [#​4975](https://togithub.com/python-pillow/Pillow/issues/4975) \[nulano] - Add getlength and getbbox functions for TrueType fonts [#​4959](https://togithub.com/python-pillow/Pillow/issues/4959) \[nulano, radarhere, hugovk] - Allow tuples with one item to give single color value in getink [#​4927](https://togithub.com/python-pillow/Pillow/issues/4927) \[radarhere, nulano] - Add support for CBDT and COLR fonts [#​4955](https://togithub.com/python-pillow/Pillow/issues/4955) \[nulano, hugovk] - Removed OSError in favour of DecompressionBombError for BMP [#​4966](https://togithub.com/python-pillow/Pillow/issues/4966) \[radarhere] - Implemented another ellipse drawing algorithm [#​4523](https://togithub.com/python-pillow/Pillow/issues/4523) \[xtsm, radarhere] - Removed unused JpegImagePlugin.\_fixup_dict function [#​4957](https://togithub.com/python-pillow/Pillow/issues/4957) \[radarhere] - Added reading and writing of private PNG chunks [#​4292](https://togithub.com/python-pillow/Pillow/issues/4292) \[radarhere] - Implement anchor for TrueType fonts [#​4930](https://togithub.com/python-pillow/Pillow/issues/4930) \[nulano, hugovk] - Fixed bug in Exif **delitem** [#​4942](https://togithub.com/python-pillow/Pillow/issues/4942) \[radarhere] - Fix crash in ImageTk.PhotoImage on MinGW 64-bit [#​4946](https://togithub.com/python-pillow/Pillow/issues/4946) \[nulano] - Moved CVE images to pillow-depends [#​4929](https://togithub.com/python-pillow/Pillow/issues/4929) \[radarhere] - Refactor font_getsize and font_render [#​4910](https://togithub.com/python-pillow/Pillow/issues/4910) \[nulano] - Fixed loading profile with non-ASCII path on Windows [#​4914](https://togithub.com/python-pillow/Pillow/issues/4914) \[radarhere] - Fixed effect_spread bug for zero distance [#​4908](https://togithub.com/python-pillow/Pillow/issues/4908) \[radarhere, hugovk] - Added formats parameter to Image.open [#​4837](https://togithub.com/python-pillow/Pillow/issues/4837) \[nulano, radarhere] - Added regular_polygon draw method [#​4846](https://togithub.com/python-pillow/Pillow/issues/4846) \[comhar] - Raise proper TypeError in putpixel [#​4882](https://togithub.com/python-pillow/Pillow/issues/4882) \[nulano, hugovk] - Added writing of subIFDs [#​4862](https://togithub.com/python-pillow/Pillow/issues/4862) \[radarhere] - Fix IFDRational **eq** bug [#​4888](https://togithub.com/python-pillow/Pillow/issues/4888) \[luphord, radarhere] - Fixed duplicate variable name [#​4885](https://togithub.com/python-pillow/Pillow/issues/4885) \[liZe, radarhere] - Added homebrew zlib include directory [#​4842](https://togithub.com/python-pillow/Pillow/issues/4842) \[radarhere] - Corrected inverted PDF CMYK colors [#​4866](https://togithub.com/python-pillow/Pillow/issues/4866) \[radarhere] - Do not try to close file pointer if file pointer is empty [#​4823](https://togithub.com/python-pillow/Pillow/issues/4823) \[radarhere] - ImageOps.autocontrast: add mask parameter [#​4843](https://togithub.com/python-pillow/Pillow/issues/4843) \[navneeth, hugovk] - Read EXIF data tEXt chunk into info as bytes instead of string [#​4828](https://togithub.com/python-pillow/Pillow/issues/4828) \[radarhere] - Replaced distutils with setuptools [#​4797](https://togithub.com/python-pillow/Pillow/issues/4797), [#​4809](https://togithub.com/python-pillow/Pillow/issues/4809), [#​4814](https://togithub.com/python-pillow/Pillow/issues/4814), [#​4817](https://togithub.com/python-pillow/Pillow/issues/4817), [#​4829](https://togithub.com/python-pillow/Pillow/issues/4829), [#​4890](https://togithub.com/python-pillow/Pillow/issues/4890) \[hugovk, radarhere] - Add MIME type to PsdImagePlugin [#​4788](https://togithub.com/python-pillow/Pillow/issues/4788) \[samamorgan] - Allow ImageOps.autocontrast to specify low and high cutoffs separately [#​4749](https://togithub.com/python-pillow/Pillow/issues/4749) \[millionhz, radarhere] ### [`v7.2.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​720-2020-07-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/7.1.2...7.2.0) - Do not convert I;16 images when showing PNGs [#​4744](https://togithub.com/python-pillow/Pillow/issues/4744) \[radarhere] - Fixed ICNS file pointer saving [#​4741](https://togithub.com/python-pillow/Pillow/issues/4741) \[radarhere] - Fixed loading non-RGBA mode APNGs with dispose background [#​4742](https://togithub.com/python-pillow/Pillow/issues/4742) \[radarhere] - Deprecated \_showxv [#​4714](https://togithub.com/python-pillow/Pillow/issues/4714) \[radarhere] - Deprecate Image.show(command="...") [#​4646](https://togithub.com/python-pillow/Pillow/issues/4646) \[nulano, hugovk, radarhere] - Updated JPEG magic number [#​4707](https://togithub.com/python-pillow/Pillow/issues/4707) \[Cykooz, radarhere] - Change STRIPBYTECOUNTS to LONG if necessary when saving [#​4626](https://togithub.com/python-pillow/Pillow/issues/4626) \[radarhere, hugovk] - Write JFIF header when saving JPEG [#​4639](https://togithub.com/python-pillow/Pillow/issues/4639) \[radarhere] - Replaced tiff_jpeg with jpeg compression when saving TIFF images [#​4627](https://togithub.com/python-pillow/Pillow/issues/4627) \[radarhere] - Writing TIFF tags: improved BYTE, added UNDEFINED [#​4605](https://togithub.com/python-pillow/Pillow/issues/4605) \[radarhere] - Consider transparency when pasting text on an RGBA image [#​4566](https://togithub.com/python-pillow/Pillow/issues/4566) \[radarhere] - Added method argument to single frame WebP saving [#​4547](https://togithub.com/python-pillow/Pillow/issues/4547) \[radarhere] - Use ImageFileDirectory_v2 in Image.Exif [#​4637](https://togithub.com/python-pillow/Pillow/issues/4637) \[radarhere] - Corrected reading EXIF metadata without prefix [#​4677](https://togithub.com/python-pillow/Pillow/issues/4677) \[radarhere] - Fixed drawing a jointed line with a sequence of numeric values [#​4580](https://togithub.com/python-pillow/Pillow/issues/4580) \[radarhere] - Added support for 1-D NumPy arrays [#​4608](https://togithub.com/python-pillow/Pillow/issues/4608) \[radarhere] - Parse orientation from XMP tags [#​4560](https://togithub.com/python-pillow/Pillow/issues/4560) \[radarhere] - Speed up text layout by not rendering glyphs [#​4652](https://togithub.com/python-pillow/Pillow/issues/4652) \[nulano] - Fixed ZeroDivisionError in Image.thumbnail [#​4625](https://togithub.com/python-pillow/Pillow/issues/4625) \[radarhere] - Replaced TiffImagePlugin DEBUG with logging [#​4550](https://togithub.com/python-pillow/Pillow/issues/4550) \[radarhere] - Fix repeatedly loading .gbr [#​4620](https://togithub.com/python-pillow/Pillow/issues/4620) \[ElinksFr, radarhere] - JPEG: Truncate icclist instead of setting to None [#​4613](https://togithub.com/python-pillow/Pillow/issues/4613) \[homm] - Fixes default offset for Exif [#​4594](https://togithub.com/python-pillow/Pillow/issues/4594) \[rodrigob, radarhere] - Fixed bug when unpickling TIFF images [#​4565](https://togithub.com/python-pillow/Pillow/issues/4565) \[radarhere] - Fix pickling WebP [#​4561](https://togithub.com/python-pillow/Pillow/issues/4561) \[hugovk, radarhere] - Replace IOError and WindowsError aliases with OSError [#​4536](https://togithub.com/python-pillow/Pillow/issues/4536) \[hugovk, radarhere] ### [`v7.1.2`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​712-2020-04-25) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/7.1.1...7.1.2) - Raise an EOFError when seeking too far in PNG [#​4528](https://togithub.com/python-pillow/Pillow/issues/4528) \[radarhere] ### [`v7.1.1`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​711-2020-04-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/7.1.0...7.1.1) - Fix regression seeking and telling PNGs [#​4512](https://togithub.com/python-pillow/Pillow/issues/4512) [#​4514](https://togithub.com/python-pillow/Pillow/issues/4514) \[hugovk, radarhere] ### [`v7.1.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​710-2020-04-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/7.0.0...7.1.0) - Fix multiple OOB reads in FLI decoding [#​4503](https://togithub.com/python-pillow/Pillow/issues/4503) \[wiredfool] - Fix buffer overflow in SGI-RLE decoding [#​4504](https://togithub.com/python-pillow/Pillow/issues/4504) \[wiredfool, hugovk] - Fix bounds overflow in JPEG 2000 decoding [#​4505](https://togithub.com/python-pillow/Pillow/issues/4505) \[wiredfool] - Fix bounds overflow in PCX decoding [#​4506](https://togithub.com/python-pillow/Pillow/issues/4506) \[wiredfool] - Fix 2 buffer overflows in TIFF decoding [#​4507](https://togithub.com/python-pillow/Pillow/issues/4507) \[wiredfool] - Add APNG support [#​4243](https://togithub.com/python-pillow/Pillow/issues/4243) \[pmrowla, radarhere, hugovk] - ImageGrab.grab() for Linux with XCB [#​4260](https://togithub.com/python-pillow/Pillow/issues/4260) \[nulano, radarhere] - Added three new channel operations [#​4230](https://togithub.com/python-pillow/Pillow/issues/4230) \[dwastberg, radarhere] - Prevent masking of Image reduce method in Jpeg2KImagePlugin [#​4474](https://togithub.com/python-pillow/Pillow/issues/4474) \[radarhere, homm] - Added reading of earlier ImageMagick PNG EXIF data [#​4471](https://togithub.com/python-pillow/Pillow/issues/4471) \[radarhere] - Fixed endian handling for I;16 getextrema [#​4457](https://togithub.com/python-pillow/Pillow/issues/4457) \[radarhere] - Release buffer if function returns prematurely [#​4381](https://togithub.com/python-pillow/Pillow/issues/4381) \[radarhere] - Add JPEG comment to info dictionary [#​4455](https://togithub.com/python-pillow/Pillow/issues/4455) \[radarhere] - Fix size calculation of Image.thumbnail() [#​4404](https://togithub.com/python-pillow/Pillow/issues/4404) \[orlnub123] - Fixed stroke on FreeType < 2.9 [#​4401](https://togithub.com/python-pillow/Pillow/issues/4401) \[radarhere] - If present, only use alpha channel for bounding box [#​4454](https://togithub.com/python-pillow/Pillow/issues/4454) \[radarhere] - Warn if an unknown feature is passed to features.check() [#​4438](https://togithub.com/python-pillow/Pillow/issues/4438) \[jdufresne] - Fix Name field length when saving IM images [#​4424](https://togithub.com/python-pillow/Pillow/issues/4424) \[hugovk, radarhere] - Allow saving of zero quality JPEG images [#​4440](https://togithub.com/python-pillow/Pillow/issues/4440) \[radarhere] - Allow explicit zero width to hide outline [#​4334](https://togithub.com/python-pillow/Pillow/issues/4334) \[radarhere] - Change ContainerIO return type to match file object mode [#​4297](https://togithub.com/python-pillow/Pillow/issues/4297) \[jdufresne, radarhere] - Only draw each polygon pixel once [#​4333](https://togithub.com/python-pillow/Pillow/issues/4333) \[radarhere] - Add support for shooting situation Exif IFD tags [#​4398](https://togithub.com/python-pillow/Pillow/issues/4398) \[alexagv] - Handle multiple and malformed JPEG APP13 markers [#​4370](https://togithub.com/python-pillow/Pillow/issues/4370) \[homm] - Depends: Update libwebp to 1.1.0 [#​4342](https://togithub.com/python-pillow/Pillow/issues/4342), libjpeg to 9d [#​4352](https://togithub.com/python-pillow/Pillow/issues/4352) \[radarhere] ### [`v7.0.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​700-2020-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/6.2.2...7.0.0) - Drop support for EOL Python 2.7 [#​4109](https://togithub.com/python-pillow/Pillow/issues/4109) \[hugovk, radarhere, jdufresne] - Fix rounding error on RGB to L conversion [#​4320](https://togithub.com/python-pillow/Pillow/issues/4320) \[homm] - Exif writing fixes: Rational boundaries and signed/unsigned types [#​3980](https://togithub.com/python-pillow/Pillow/issues/3980) \[kkopachev, radarhere] - Allow loading of WMF images at a given DPI [#​4311](https://togithub.com/python-pillow/Pillow/issues/4311) \[radarhere] - Added reduce operation [#​4251](https://togithub.com/python-pillow/Pillow/issues/4251) \[homm] - Raise ValueError for io.StringIO in Image.open [#​4302](https://togithub.com/python-pillow/Pillow/issues/4302) \[radarhere, hugovk] - Fix thumbnail geometry when DCT scaling is used [#​4231](https://togithub.com/python-pillow/Pillow/issues/4231) \[homm, radarhere] - Use default DPI when exif provides invalid x_resolution [#​4147](https://togithub.com/python-pillow/Pillow/issues/4147) \[beipang2, radarhere] - Change default resize resampling filter from NEAREST to BICUBIC [#​4255](https://togithub.com/python-pillow/Pillow/issues/4255) \[homm] - Fixed black lines on upscaled images with the BOX filter [#​4278](https://togithub.com/python-pillow/Pillow/issues/4278) \[homm] - Better thumbnail aspect ratio preservation [#​4256](https://togithub.com/python-pillow/Pillow/issues/4256) \[homm] - Add La mode packing and unpacking [#​4248](https://togithub.com/python-pillow/Pillow/issues/4248) \[homm] - Include tests in coverage reports [#​4173](https://togithub.com/python-pillow/Pillow/issues/4173) \[hugovk] - Handle broken Photoshop data [#​4239](https://togithub.com/python-pillow/Pillow/issues/4239) \[radarhere] - Raise a specific exception if no data is found for an MPO frame [#​4240](https://togithub.com/python-pillow/Pillow/issues/4240) \[radarhere] - Fix Unicode support for PyPy [#​4145](https://togithub.com/python-pillow/Pillow/issues/4145) \[nulano] - Added UnidentifiedImageError [#​4182](https://togithub.com/python-pillow/Pillow/issues/4182) \[radarhere, hugovk] - Remove deprecated **version** from plugins [#​4197](https://togithub.com/python-pillow/Pillow/issues/4197) \[hugovk, radarhere] - Fixed freeing unallocated pointer when resizing with height too large [#​4116](https://togithub.com/python-pillow/Pillow/issues/4116) \[radarhere] - Copy info in Image.transform [#​4128](https://togithub.com/python-pillow/Pillow/issues/4128) \[radarhere] - Corrected DdsImagePlugin setting info gamma [#​4171](https://togithub.com/python-pillow/Pillow/issues/4171) \[radarhere] - Depends: Update libtiff to 4.1.0 [#​4195](https://togithub.com/python-pillow/Pillow/issues/4195), Tk Tcl to 8.6.10 [#​4229](https://togithub.com/python-pillow/Pillow/issues/4229), libimagequant to 2.12.6 [#​4318](https://togithub.com/python-pillow/Pillow/issues/4318) \[radarhere] - Improve handling of file resources [#​3577](https://togithub.com/python-pillow/Pillow/issues/3577) \[jdufresne] - Removed CI testing of Fedora 29 [#​4165](https://togithub.com/python-pillow/Pillow/issues/4165) \[hugovk] - Added pypy3 to tox envlist [#​4137](https://togithub.com/python-pillow/Pillow/issues/4137) \[jdufresne] - Drop support for EOL PyQt4 and PySide [#​4108](https://togithub.com/python-pillow/Pillow/issues/4108) \[hugovk, radarhere] - Removed deprecated setting of TIFF image sizes [#​4114](https://togithub.com/python-pillow/Pillow/issues/4114) \[radarhere] - Removed deprecated PILLOW_VERSION [#​4107](https://togithub.com/python-pillow/Pillow/issues/4107) \[hugovk] - Changed default frombuffer raw decoder args [#​1730](https://togithub.com/python-pillow/Pillow/issues/1730) \[radarhere] ### [`v6.2.2`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#​622-2020-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/6.2.1...6.2.2) - This is the last Pillow release to support Python 2.7 [#​3642](https://togithub.com/python-pillow/Pillow/issues/3642) - Overflow checks for realloc for tiff decoding. CVE-2020-5310 \[wiredfool, radarhere] - Catch SGI buffer overrun. CVE-2020-5311 \[radarhere] - Catch PCX P mode buffer overrun. CVE-2020-5312 \[radarhere] - Catch FLI buffer overrun. CVE-2020-5313 \[radarhere] - Raise an error for an invalid number of bands in FPX image. CVE-2019-19911 \[wiredfool, radarhere]

Configuration

πŸ“… Schedule: "" in timezone Europe/Berlin.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.