python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,615 Commits 55 Branches 98 Tags 251 MiB
copilot-instructions
Commit Graph

2926 Commits

Author SHA1 Message Date
Jeffrey 'Alex' Clark
0cb00acc92 Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 12:32:08 -04:00
Jeffrey 'Alex' Clark
da06640873 docs: fix nested inline markup in E-3 and E-4 headings 
RST does not allow inline markup (backticks) nested inside bold
markers. Remove backticks from the E-3 and E-4 heading text so
they render correctly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:58:06 -04:00
Jeffrey 'Alex' Clark
d3b73ea462
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:33:48 -04:00
Jeffrey 'Alex' Clark
5af49b380e docs: address Andrew's review comments on security.rst 
- Add image.getexif() alongside image._getexif() in T-1 mitigations
- Remove 'appended bytes' from T-2 (Pillow does not preserve them on resave)
- Reframe R-1 threat as user-facing (not Pillow dev advice); add
  DecompressionBombError to the log/alert list
- Add blank line before E-3 heading
- Qualify dependency list in recommendation #4 as non-exhaustive

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:32:36 -04:00
Jeffrey 'Alex' Clark
1f026416f9
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:23:54 -04:00
Jeffrey 'Alex' Clark
114e4d5695 docs: list all 8 C extensions in security threat model diagram 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:22:58 -04:00
Jeffrey 'Alex' Clark
2911422753 s/littlecms/littlecms2/ 2026-04-21 11:11:00 -04:00
Jeffrey 'Alex' Clark
13433dc0a9 Update docs/handbook/security.rst 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-21 11:10:19 -04:00
Jeffrey 'Alex' Clark
74e07b5b8a Lint 2026-04-16 06:48:09 -04:00
Jeffrey 'Alex' Clark
07b20b3b33 Remove Sensitive exception messages 2026-04-16 06:45:55 -04:00
Jeffrey 'Alex' Clark
0c0bdf8d5a Update security docs 
- docs/handbook/security.rst
- .github/SECURITY.md

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-15 13:07:37 -04:00
Jeffrey 'Alex' Clark
b300e78838 Update docs/handbook/security.rst 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 13:07:30 -04:00
Jeffrey 'Alex' Clark
b71b4b98d9 Lint 2026-04-14 19:56:59 -04:00
Jeffrey 'Alex' Clark
9f24881521 Add STRIDE threat model to security docs 
- Update .github/SECURITY.md with threat model summary and link to handbook
- Add docs/handbook/security.rst with full STRIDE analysis (14 threats
  across Spoofing, Tampering, Repudiation, Information Disclosure,
  Denial of Service, and Elevation of Privilege categories)
- Add prioritised mitigation recommendations
- Link security.rst into the handbook toctree

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-14 12:13:45 -04:00
Andrew Murray
fb1375d93b Added CVEs 2026-04-11 08:34:08 +10:00
Hugo van Kemenade
e81acb8f79
Drop experimental Python 3.13 free-threaded wheels (#9535) 2026-04-03 15:54:13 +03:00
Andrew Murray
c03ba8b3c0 Added release notes 2026-04-03 21:41:13 +11:00
Andrew Murray
9d790af50c Update macOS tested Python versions 2026-04-03 15:41:02 +11:00
Hugo van Kemenade
abb1d2bf6e
Remove Debian 12 and Fedora 42 from CI (#9530) 2026-04-02 18:11:35 +11:00
Andrew Murray
30b3dff0cb Remove Amazon Linux 2 2026-04-02 07:55:58 +11:00
Hugo van Kemenade
cf6de8ca9b
Reject non-numeric elements inside list coords (#9526) 2026-04-01 22:50:45 +11:00
Andrew Murray
ffdcede651
Update 12.2.0 release notes (#9522) 2026-04-01 17:43:36 +11:00
Andrew Murray
c4f7aa5dfb Added security release notes 2026-04-01 16:49:20 +11:00
Hugo van Kemenade
3cb814f338 Update 12.2.0 release notes 2026-03-31 23:15:06 +03:00
Gareth Davidson
2696e962c2
Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm (#9482) 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-03-31 23:03:12 +03:00
Hugo van Kemenade
2c2c2a1eae
Add ImageText.Text.wrap() to wrap text (#9286) 2026-03-31 21:49:22 +03:00
Andrew Murray
a03b7b52f9 Updated Python versions 2026-03-30 22:57:51 +11:00
Jeffrey 'Alex' Clark
7c121637c9 Jeffrey A. Clark -> Jeffrey 'Alex' Clark 
Follow up to 4197263dff. People cannot figure out
my preferred name, hence this final (I hope!) update to my name in Pillow.
 2026-03-29 10:05:18 -04:00
Andrew Murray
a69b4ec228 Merge branch 'main' into wrap 2026-03-28 22:44:21 +11:00
Andrew Murray
3121c77cad Added release notes for #9456 2026-03-28 19:19:48 +11:00
Andrew Murray
ccf9863ba8 Added release notes for #9394 2026-03-28 19:11:51 +11:00
Andrew Murray
1ed39726c5 Added release notes for #9419 2026-03-28 19:11:51 +11:00
Gareth Davidson
3a44ba1c75
Add Amiga Workbench .info loader to 3rd party plugins list (#9459) 2026-03-14 09:42:15 +11:00
fjhenigman
97bdfeb4a5
Merge branch 'python-pillow:main' into usepcf 2026-03-06 22:00:52 -05:00
Hugo van Kemenade
55b0cbc273 Update CI targets docs 2026-03-05 10:01:13 +02:00
Andrew Murray
f7582b8d58
Updated documentation terms 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-03-03 23:04:00 +11:00
Andrew Murray
3c087bb58b
Merge branch 'main' into wrap 2026-02-14 11:14:42 +11:00
Andrew Murray
f71d74eec2
Use versionadded 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-02-13 18:29:41 +11:00
Andrew Murray
0ce21f98e7 Updated documentation 2026-02-13 18:06:29 +11:00
Andrew Murray
657d0414f0 Merge PFM into PPM 2026-02-12 21:51:01 +11:00
Andrew Murray
27765189c8 Updated macOS tested Pillow versions 2026-02-11 23:51:33 +11:00
Hugo van Kemenade
a15f9c6121
Fix CVE number (#9430) 2026-02-11 22:48:11 +11:00
Andrew Murray
54ba4db542
Fix OOB Write with invalid tile extents (#9427) 
Co-authored-by: Eric Soroos <eric-github@soroos.net>
 2026-02-11 10:24:50 +11:00
Andrew Murray
e108e646da
Updated lcms2 to 2.18 (#9387) 2026-02-04 08:57:34 +11:00
Andrew Murray
5ea2d3a056 Updated MinGW Python version 2026-01-20 18:16:34 +11:00
Andrew Murray
d7dfeeb7ad Updated lcms2 to 2.18 2026-01-10 06:46:04 +11:00
Hugo van Kemenade
499b796556 Remove Sphinx dependency from mypy 2026-01-02 12:30:14 +02:00
Andrew Murray
1918c6811d Merge branch 'main' into wrap 2026-01-02 20:44:12 +11:00
Andrew Murray
3baedf2648
Deprecate getdata(), in favour of new get_flattened_data() (#9292) 2026-01-02 10:59:56 +11:00
Hugo van Kemenade
b51a036685
Specify APNG duration type when opening (#9368) 2026-01-01 23:28:16 +02:00