Skip to content

Commit 42902eb

Browse files
radarhereradarhere
committed
Merge branch 'main' into open
2 parents 1fc8011 + 599ddd3 commit 42902eb

46 files changed

Lines changed: 1785 additions & 246 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.ci/requirements-cibw.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
cibuildwheel==3.4.0
1+
cibuildwheel==3.4.1

.ci/requirements-mypy.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
mypy==1.19.1
1+
mypy==1.20.2
22
arro3-compute
33
arro3-core
44
IceSpringPySideStubs-PyQt6

.ci/requirements-sbom.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
check-jsonschema==0.37.1

.github/INCIDENT_RESPONSE.md

Lines changed: 424 additions & 0 deletions
Large diffs are not rendered by default.

.github/SECURITY.md

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,21 @@
11
# Security policy
22

3+
## Reporting a vulnerability
4+
35
To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security/advisories/new).
46

5-
If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
7+
If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/docs/security). Tidelift will coordinate the fix and disclosure.
8+
9+
**DO NOT report sensitive vulnerability information in public.**
10+
11+
## Threat model
12+
13+
Pillow's primary attack surface is parsing untrusted image data. A full STRIDE threat model covering spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege is maintained in the [Security handbook page](https://pillow.readthedocs.io/en/latest/handbook/security.html).
14+
15+
Key risks to be aware of when using Pillow to process untrusted images:
616

7-
DO NOT report sensitive vulnerability information in public.
17+
- **Decompression bombs** — do not set `Image.MAX_IMAGE_PIXELS = None` in production.
18+
- **EPS files invoke Ghostscript** — block EPS input at the application layer unless strictly required.
19+
- **`ImageMath.unsafe_eval()`** — never pass user-controlled strings to this function; use `lambda_eval` instead.
20+
- **C extension memory safety** — keep Pillow and its bundled C libraries (libjpeg, libpng, libtiff, libwebp, etc.) up to date.
21+
- **Sandboxing** — for high-risk deployments, run image processing in a sandboxed subprocess.

.github/dependencies.json

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{
2+
"brotli": "1.2.0",
3+
"bzip2": "1.0.8",
4+
"freetype": "2.14.3",
5+
"fribidi": "1.0.16",
6+
"harfbuzz": "14.2.0",
7+
"jpegturbo": "3.1.4.1",
8+
"lcms2": "2.19",
9+
"libavif": "1.4.1",
10+
"libimagequant": "4.4.1",
11+
"libpng": "1.6.58",
12+
"libwebp": "1.6.0",
13+
"libxcb": "1.17.0",
14+
"openjpeg": "2.5.4",
15+
"tiff": "4.7.1",
16+
"xz": "5.8.3",
17+
"zlib-ng": "2.3.3",
18+
"zstd": "1.5.7"
19+
}

0 commit comments

Comments
 (0)