python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,713 Commits 55 Branches 98 Tags 251 MiB
main
Commit Graph

20713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Murray
4af29fb732 Restrict SBOM upload to Pillow JSON 2026-04-30 18:41:41 +10:00
Andrew Murray
1f3b8a831d If PdfParser buffer is memoryview, release it when closing 2026-04-30 00:13:37 +10:00
Andrew Murray
0ef81c33af
Add Fedora 44 (#9594) 2026-04-29 10:30:17 +10:00
Hugo van Kemenade
3dda1d190f Git ignore generated SBOM 2026-04-28 15:58:33 +03:00
Hugo van Kemenade
f2ee74b2f8 Use versions from dependencies.json, remove historical 'tested on' 2026-04-28 15:58:33 +03:00
Hugo van Kemenade
99869f0313 Sort things alphabetically to make easier to find 2026-04-28 15:52:41 +03:00
Andrew Murray
fe054a1b3f
Added CVEs to 12.2.0 release notes (#9591) 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-04-28 08:53:21 +10:00
Hugo van Kemenade
852a832832
Deduplicate path triggers in workflows (#9590) 2026-04-27 18:35:58 +03:00
Hugo van Kemenade
755b73b274 Deduplicate path triggers in workflows 2026-04-27 14:14:13 +03:00
Hugo van Kemenade
f0fe496315 Fix typo to trigger on self change 2026-04-27 13:44:52 +03:00
Hugo van Kemenade
fba17910aa
Test Ubuntu 26.04 LTS (Resolute Raccoon) (#9587) 2026-04-26 12:05:56 +03:00
Jeffrey 'Alex' Clark
d2b20102e4
Generate CycloneDX SBOM at release time via CI (#9550) 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
 2026-04-26 00:35:21 +03:00
Hugo van Kemenade
8c522096e8 Archive non-amd64 variants of 24.04 2026-04-25 14:38:17 +03:00
Hugo van Kemenade
855774a175 Test Ubuntu 26.04 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-04-25 14:06:06 +03:00
Hugo van Kemenade
2ae2c4e84f
Skip EPS test_1 for Ghostscript 10.06.0 (#9588) 2026-04-25 08:58:02 +03:00
Andrew Murray
a908c62460 Skip test_1 for Ghostscript 10.06.0 2026-04-25 13:19:01 +10:00
Andrew Murray
53800d4fcf
Raise ValueError if ImageOps border has unsupported format (#9426) 2026-04-24 21:10:05 +10:00
Andrew Murray
a0cd878bed
Check PyLong_AsVoidPtr result (#9548) 2026-04-24 21:04:00 +10:00
Jeffrey 'Alex' Clark
4e0aeba4af
Revise development support information in README (#9583) 2026-04-22 22:22:50 -04:00
Jeffrey 'Alex' Clark
5f9112e862
Update README.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 22:22:33 -04:00
Jeffrey 'Alex' Clark
9605fccf00
Revise development support information in README 
Updated development support section with new sponsors.
 2026-04-22 21:25:52 -04:00
Jeffrey 'Alex' Clark
1382fc4767
Add INCIDENT_RESPONSE.md (#9555) 2026-04-22 20:12:57 -04:00
Jeffrey 'Alex' Clark
c8c391b9c0 Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 20:11:03 -04:00
Jeffrey 'Alex' Clark
ecef4fb33f
Add STRIDE threat model to security docs (#9562) 2026-04-22 12:33:03 -04:00
Jeffrey 'Alex' Clark
0cb00acc92 Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 12:32:08 -04:00
Jeffrey 'Alex' Clark
da06640873 docs: fix nested inline markup in E-3 and E-4 headings 
RST does not allow inline markup (backticks) nested inside bold
markers. Remove backticks from the E-3 and E-4 heading text so
they render correctly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:58:06 -04:00
Jeffrey 'Alex' Clark
d3b73ea462
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:33:48 -04:00
Jeffrey 'Alex' Clark
5af49b380e docs: address Andrew's review comments on security.rst 
- Add image.getexif() alongside image._getexif() in T-1 mitigations
- Remove 'appended bytes' from T-2 (Pillow does not preserve them on resave)
- Reframe R-1 threat as user-facing (not Pillow dev advice); add
  DecompressionBombError to the log/alert list
- Add blank line before E-3 heading
- Qualify dependency list in recommendation #4 as non-exhaustive

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:32:36 -04:00
Jeffrey 'Alex' Clark
1f026416f9
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:23:54 -04:00
Jeffrey 'Alex' Clark
114e4d5695 docs: list all 8 C extensions in security threat model diagram 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:22:58 -04:00
Jeffrey 'Alex' Clark
2911422753 s/littlecms/littlecms2/ 2026-04-21 11:11:00 -04:00
Jeffrey 'Alex' Clark
13433dc0a9 Update docs/handbook/security.rst 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-21 11:10:19 -04:00
Hugo van Kemenade
9f6a6a6921
Catch subprocess.CalledProcessError in test_grab_x11 (#9578) 2026-04-21 13:17:20 +03:00
Andrew Murray
9867b51d89 Catch subprocess.CalledProcessError in test_grab_x11 2026-04-21 07:51:50 +10:00
Hugo van Kemenade
087376dc18
Hash pin GitHub Actions (#9568) 2026-04-17 17:18:41 +03:00
Hugo van Kemenade
2593703e51 Hash pin GitHub Actions 2026-04-17 15:54:41 +03:00
Jeffrey 'Alex' Clark
74e07b5b8a Lint 2026-04-16 06:48:09 -04:00
Jeffrey 'Alex' Clark
07b20b3b33 Remove Sensitive exception messages 2026-04-16 06:45:55 -04:00
Jeffrey 'Alex' Clark
0c0bdf8d5a Update security docs 
- docs/handbook/security.rst
- .github/SECURITY.md

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-15 13:07:37 -04:00
Jeffrey 'Alex' Clark
b300e78838 Update docs/handbook/security.rst 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 13:07:30 -04:00
Andrew Murray
b893310045
Reorder renovate.json (#9565) 2026-04-16 00:22:23 +10:00
Andrew Murray
b27ae0b2fd Reorder to match dependencies order 2026-04-15 22:46:51 +10:00
Andrew Murray
237ab0763c Remove unneeded ? from matchStrings regex 2026-04-15 22:46:51 +10:00
Andrew Murray
ff00aaa6d3 Use keys from dependencies JSON 2026-04-15 22:46:51 +10:00
Andrew Murray
658d9ce258 Updated wheels path regex 2026-04-15 22:46:51 +10:00
Hugo van Kemenade
433e46471e
Move dependency versions to single JSON and enable Renovate (#9559) 2026-04-15 15:43:14 +03:00
Jeffrey 'Alex' Clark
082cf04e85
Add python-pillow GitHub Sponsors to FUNDING.yml (#9563) 2026-04-14 22:39:25 -04:00
Jeffrey 'Alex' Clark
2d89dcc7eb
Update .github/FUNDING.yml 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-14 22:37:55 -04:00
Jeffrey 'Alex' Clark
b71b4b98d9 Lint 2026-04-14 19:56:59 -04:00
Jeffrey 'Alex' Clark
c07f7e56a1 Add python-pillow GitHub Sponsors to FUNDING.yml 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-14 19:54:25 -04:00