python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Sensitive exception messages

Browse Source
This commit is contained in:
Jeffrey 'Alex' Clark 2026-04-16 06:45:55 -04:00
parent 0c0bdf8d5a
commit 07b20b3b33
1 changed files with 1 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/handbook/security.rst
View File

@ -116,16 +116,7 @@ be inadvertently included in output images served publicly.
*Mitigations:* explicitly strip EXIF and XMP on save (set ``exif=b""``,
``icc_profile=None``, omit ``pnginfo``); verify output with ``exiftool`` in CI.
**I-2 — Sensitive exception messages**
Parser errors can include byte offsets, dimension values, and tile descriptors.
Propagating these to API responses aids attacker reconnaissance.
*Mitigations:* catch ``PIL.UnidentifiedImageError``,
``PIL.Image.DecompressionBombError``, and general exceptions at the
application boundary; return generic messages to clients.
**I-3 — Temporary file exposure**
**I-2 — Temporary file exposure**
Several code paths write pixel data to temporary files via
``tempfile.mkstemp()``. Exception paths can leave these files behind on shared