Skip to content

Commit

Permalink
Update release notes to match template for #7864
Browse files Browse the repository at this point in the history
  • Loading branch information
aclark4life committed Mar 15, 2024
1 parent d48a6cf commit 66a21cc
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 32 deletions.
8 changes: 4 additions & 4 deletions docs/releasenotes/2.3.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ These issues reported in
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function
in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) _copy
function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and
Pillow before 2.3.1 do not properly create temporary files, which allow local
users to overwrite arbitrary files and obtain sensitive information via a
in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4)
``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier
and Pillow before 2.3.1 do not properly create temporary files, which allow
local users to overwrite arbitrary files and obtain sensitive information via a
symlink attack on the temporary file.

:cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
Expand Down
46 changes: 23 additions & 23 deletions docs/releasenotes/4.2.0.rst
Original file line number Diff line number Diff line change
@@ -1,6 +1,29 @@
4.2.0
-----

Deprecations
============

Several deprecated items have been removed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* The methods ``PIL.ImageWin.Dib.fromstring``,
``PIL.ImageWin.Dib.tostring`` and
``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have
been removed.

* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would
discard the alpha channel. From Pillow 3.4.0, a deprecation warning
was shown. From Pillow 4.2.0, the deprecation warning is removed and
an :py:exc:`IOError` is raised.

Removed Core Image Function
^^^^^^^^^^^^^^^^^^^^^^^^^^^

The unused function ``Image.core.new_array`` was removed. This is an
internal function that should not have been used by user code, but it
was accessible from the python layer.

Other Changes
=============

Expand Down Expand Up @@ -30,26 +53,3 @@ New DecompressionBomb Warning
:py:meth:`PIL.Image.Image.crop` now may raise a DecompressionBomb
warning if the crop region enlarges the image over the threshold
specified by :py:data:`PIL.Image.MAX_IMAGE_PIXELS`.

Deprections
===========

Several deprecated items have been removed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* The methods ``PIL.ImageWin.Dib.fromstring``,
``PIL.ImageWin.Dib.tostring`` and
``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have
been removed.

* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would
discard the alpha channel. From Pillow 3.4.0, a deprecation warning
was shown. From Pillow 4.2.0, the deprecation warning is removed and
an :py:exc:`IOError` is raised.

Removed Core Image Function
^^^^^^^^^^^^^^^^^^^^^^^^^^^

The unused function ``Image.core.new_array`` was removed. This is an
internal function that should not have been used by user code, but it
was accessible from the python layer.
2 changes: 1 addition & 1 deletion docs/releasenotes/6.2.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
Security
========

This release fixes several buffer overruns and DOS attacks.
This release fixes several buffer overflow issues and a DOS attack vulnerability.

:cve:`2019-19911`: DOS attack vulnerability
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Expand Down
8 changes: 4 additions & 4 deletions docs/releasenotes/8.3.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
Security
========

:cve:`2021-34552`: Buffer overflow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:cve:`2021-34552`: Fix buffer overflow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
buffer overflow in Convert.c.
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert
function to trigger buffer overflow in ``Convert.c``.

Parsing XML
^^^^^^^^^^^
Expand Down

0 comments on commit 66a21cc

Please sign in to comment.