python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,713 Commits 55 Branches 98 Tags 251 MiB
main
Commit Graph

28 Commits

Author SHA1 Message Date
Jeffrey 'Alex' Clark
c8c391b9c0 Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 20:11:03 -04:00
Jeffrey 'Alex' Clark
a124ed208f Update template wording 2026-04-14 11:36:33 -04:00
Jeffrey 'Alex' Clark
ee24a11073 Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-14 11:26:03 -04:00
Jeffrey 'Alex' Clark
6e1ccab749 Address review feedback on INCIDENT_RESPONSE.md 
- Update CVSS v3.1 to CVSS 4.0 throughout
- Remove 'Direct maintainer contact' from detection sources
- Fix 'before it stays public' wording for user bug reports
- Simplify sections 7.3 and 7.4 to reference RELEASING.md instead
  of duplicating release process steps
- Update RELEASING.md Point release section with security-specific
  steps (amend CVE in commits, publish GitHub Security Advisory)
- Fix PyPI API tokens entry (remove GitHub secrets reference)
- Fix 404 PyPI manage URL (use correct case and /releases/ path)
- Replace security@pypi.org mailto with https://pypi.org/security/
- Remove unconfirmed 'Notify GitHub Security' bullet
- Fix section numbering: 10.x → 9.x under Section 9. Dependency Map
- Reorder: move 9.3 Responding to Upstream Vulnerability before 9.3
  Downstream Dependencies (now 9.2 and 9.3 respectively)
- Add anchor link for Section 5 reference in 9.2
- Add #plugin-list anchor to third-party plugins handbook link
- Fix GitLab issue tracker URLs to use /-/work_items for libtiff,
  freetype2, and bzip2
- Add pyproject.toml reference for complete optional dependencies list

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 10:58:43 -04:00
Jeffrey 'Alex' Clark
0cbdd2eff9
Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-04-10 10:37:34 -04:00
Jeffrey 'Alex' Clark
24b12dc84f Combine plan maintenance into a single paragraph 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 07:49:37 -04:00
Jeffrey 'Alex' Clark
d016c90108 Remove active exploitation escalation bullet from incident response 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 07:44:27 -04:00
Jeffrey 'Alex' Clark
6a0192a40a Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-10 07:44:16 -04:00
Jeffrey 'Alex' Clark
6fe81dd52e Remove Wand from downstream dependencies 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:19:22 -04:00
Jeffrey 'Alex' Clark
55989595ea Add private channels note to internal communication guidance 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:17:39 -04:00
Jeffrey 'Alex' Clark
b579577aa0 Link to section 1.3 in Plan Maintenance 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:15:25 -04:00
Jeffrey 'Alex' Clark
6f815c2d8d Clarify advisory thread purpose as reporter coordination 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:13:43 -04:00
Jeffrey 'Alex' Clark
80a91fdb4e Add setuptools to Python-level dependencies 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:08:44 -04:00
Jeffrey 'Alex' Clark
0d440b7d09 Trim Plan Maintenance section 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:04:00 -04:00
Jeffrey 'Alex' Clark
00ff8636a2 Remove section 7.5 Rollback Procedures 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 18:01:08 -04:00
Jeffrey 'Alex' Clark
e74a89f70e Trim version support matrix prose 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:59:29 -04:00
Jeffrey 'Alex' Clark
20af4ec89c Change Critical/High SLA targets to best effort 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:55:11 -04:00
Jeffrey 'Alex' Clark
3f90d5c4da Replace section sign (§) with plain Section references 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:53:04 -04:00
Jeffrey 'Alex' Clark
68be7f30ff Remove Tidelift notification step from triage 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:50:45 -04:00
Jeffrey 'Alex' Clark
e0f9e2b98e Fix severity classification cross-reference, remove incident lead assignment step 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:46:58 -04:00
Jeffrey 'Alex' Clark
ad582c1a8e Simplify Roles section note 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:38:34 -04:00
Jeffrey 'Alex' Clark
c2ac2da31c Inline Readiness Review procedure as prose 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:28:42 -04:00
Jeffrey 'Alex' Clark
3aa076129f Remove backport comment from version support matrix 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:25:32 -04:00
Jeffrey 'Alex' Clark
4a74a20b86 Update Readiness Review: quarterly cadence, trim checklist 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 17:23:52 -04:00
Jeffrey 'Alex' Clark
64ed4710b9 Fix version support matrix to reflect main-only security policy 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-09 16:59:41 -04:00
Jeffrey 'Alex' Clark
cdaa1bf9ef Add sections from Bootstrap example 
At the risk of making this document larger, add in sections in Bootstrap
IRP but not ours.

- https://github.com/twbs/bootstrap/blob/main/.github/INCIDENT_RESPONSE.md
 2026-04-09 12:57:16 -04:00
Jeffrey 'Alex' Clark
4d63d0b3a6 Fix links 2026-04-09 12:47:50 -04:00
Jeffrey 'Alex' Clark
cb5736ea3e Add INCIDENT_RESPONSE.md 2026-04-09 12:36:00 -04:00