python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,683 Commits 55 Branches 98 Tags 251 MiB
1cd2d0f67a
Commit Graph

20683 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hugo van Kemenade
1cd2d0f67a
Update dependency lcms2 to v2.19 (#9609) 2026-05-03 19:06:59 +03:00
Hugo van Kemenade
5f469b6bd2
Update dependency libpng to v1.6.58 (#9608) 2026-05-03 19:06:30 +03:00
Hugo van Kemenade
ead2f34515
Update dependency harfbuzz to v14 (#9610) 2026-05-03 19:06:13 +03:00
Hugo van Kemenade
a6fc9992f2
Update dependency mypy to v1.20.2 (#9599) 2026-05-03 19:05:49 +03:00
Andrew Murray
4bba24632f Update docs 2026-05-03 22:13:11 +10:00
Andrew Murray
21790fc0da Check if sys.stdout is a TextIOWrapper instance 2026-05-03 13:26:42 +03:00
Andrew Murray
c234720aca Convert Exif to dictionary before checking 2026-05-03 13:26:42 +03:00
renovate[bot]
575b33d811 Update dependency mypy to v1.20.2 2026-05-03 13:26:42 +03:00
Hugo van Kemenade
82614324ed
Raise error if PNG transparency has incorrect type or length when saving (#9536) 2026-05-03 13:25:49 +03:00
renovate[bot]
32b6c5f0ee
Update dependency harfbuzz to v14 2026-05-03 10:25:32 +00:00
renovate[bot]
956d434c68
Update dependency lcms2 to v2.19 2026-05-03 10:25:27 +00:00
renovate[bot]
3bbb7a2a04
Update dependency libpng to v1.6.58 2026-05-03 10:25:22 +00:00
Hugo van Kemenade
b656f900b4
If PdfParser buffer is memoryview, release it when closing (#9596) 2026-05-03 13:23:51 +03:00
Hugo van Kemenade
586604d0c3
Update github-actions (#9611) 2026-05-03 10:20:37 +03:00
renovate[bot]
d92b826c4a
Update github-actions 2026-05-03 06:03:07 +00:00
renovate[bot]
2d02654c54
Update dependency cibuildwheel to v3.4.1 (#9607) 2026-05-03 14:11:33 +10:00
Hayato Ikoma
7e4ca8b3ab
Correct integer overflow in 16-bit resampling (#9480) 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-05-02 14:36:20 +10:00
Hugo van Kemenade
be8563347b
SBOM: Use real versions from dependencies.json (#9593) 2026-05-01 00:05:37 +03:00
Hugo van Kemenade
fc47d07603
No need to sort a sorted list 2026-04-30 16:17:39 +03:00
Hugo van Kemenade
7fe1b9ee04
Restrict SBOM upload to only Pillow JSON (#9598) 2026-04-30 16:13:24 +03:00
Andrew Murray
4af29fb732 Restrict SBOM upload to Pillow JSON 2026-04-30 18:41:41 +10:00
Andrew Murray
1f3b8a831d If PdfParser buffer is memoryview, release it when closing 2026-04-30 00:13:37 +10:00
Andrew Murray
0ef81c33af
Add Fedora 44 (#9594) 2026-04-29 10:30:17 +10:00
Hugo van Kemenade
3dda1d190f Git ignore generated SBOM 2026-04-28 15:58:33 +03:00
Hugo van Kemenade
f2ee74b2f8 Use versions from dependencies.json, remove historical 'tested on' 2026-04-28 15:58:33 +03:00
Hugo van Kemenade
99869f0313 Sort things alphabetically to make easier to find 2026-04-28 15:52:41 +03:00
Andrew Murray
fe054a1b3f
Added CVEs to 12.2.0 release notes (#9591) 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-04-28 08:53:21 +10:00
Hugo van Kemenade
852a832832
Deduplicate path triggers in workflows (#9590) 2026-04-27 18:35:58 +03:00
Hugo van Kemenade
755b73b274 Deduplicate path triggers in workflows 2026-04-27 14:14:13 +03:00
Hugo van Kemenade
f0fe496315 Fix typo to trigger on self change 2026-04-27 13:44:52 +03:00
Hugo van Kemenade
fba17910aa
Test Ubuntu 26.04 LTS (Resolute Raccoon) (#9587) 2026-04-26 12:05:56 +03:00
Jeffrey 'Alex' Clark
d2b20102e4
Generate CycloneDX SBOM at release time via CI (#9550) 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
 2026-04-26 00:35:21 +03:00
Hugo van Kemenade
8c522096e8 Archive non-amd64 variants of 24.04 2026-04-25 14:38:17 +03:00
Hugo van Kemenade
855774a175 Test Ubuntu 26.04 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-04-25 14:06:06 +03:00
Hugo van Kemenade
2ae2c4e84f
Skip EPS test_1 for Ghostscript 10.06.0 (#9588) 2026-04-25 08:58:02 +03:00
Andrew Murray
a908c62460 Skip test_1 for Ghostscript 10.06.0 2026-04-25 13:19:01 +10:00
Andrew Murray
53800d4fcf
Raise ValueError if ImageOps border has unsupported format (#9426) 2026-04-24 21:10:05 +10:00
Andrew Murray
a0cd878bed
Check PyLong_AsVoidPtr result (#9548) 2026-04-24 21:04:00 +10:00
Jeffrey 'Alex' Clark
4e0aeba4af
Revise development support information in README (#9583) 2026-04-22 22:22:50 -04:00
Jeffrey 'Alex' Clark
5f9112e862
Update README.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 22:22:33 -04:00
Jeffrey 'Alex' Clark
9605fccf00
Revise development support information in README 
Updated development support section with new sponsors.
 2026-04-22 21:25:52 -04:00
Jeffrey 'Alex' Clark
1382fc4767
Add INCIDENT_RESPONSE.md (#9555) 2026-04-22 20:12:57 -04:00
Jeffrey 'Alex' Clark
c8c391b9c0 Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 20:11:03 -04:00
Jeffrey 'Alex' Clark
ecef4fb33f
Add STRIDE threat model to security docs (#9562) 2026-04-22 12:33:03 -04:00
Jeffrey 'Alex' Clark
0cb00acc92 Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 12:32:08 -04:00
Jeffrey 'Alex' Clark
da06640873 docs: fix nested inline markup in E-3 and E-4 headings 
RST does not allow inline markup (backticks) nested inside bold
markers. Remove backticks from the E-3 and E-4 heading text so
they render correctly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:58:06 -04:00
Jeffrey 'Alex' Clark
d3b73ea462
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:33:48 -04:00
Jeffrey 'Alex' Clark
5af49b380e docs: address Andrew's review comments on security.rst 
- Add image.getexif() alongside image._getexif() in T-1 mitigations
- Remove 'appended bytes' from T-2 (Pillow does not preserve them on resave)
- Reframe R-1 threat as user-facing (not Pillow dev advice); add
  DecompressionBombError to the log/alert list
- Add blank line before E-3 heading
- Qualify dependency list in recommendation #4 as non-exhaustive

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:32:36 -04:00
Jeffrey 'Alex' Clark
1f026416f9
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:23:54 -04:00
Jeffrey 'Alex' Clark
114e4d5695 docs: list all 8 C extensions in security threat model diagram 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:22:58 -04:00