Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to 9.4.0 to fix security vulnerabilities #129

Closed
wants to merge 106 commits into from

Conversation

Dawars
Copy link

@Dawars Dawars commented Mar 14, 2023

Recently several vulnerabilities have been uncovered.
https://github.com/advisories?query=type%3Areviewed+Pillow

It is crucial to apply these fixes for use in production.

This PR is a straightforward merge from 9.4.x containing security vulnerability fixes, specifically:

Only test failing is test_file_fits:test_open which is caused by one-off error in simd implementation of rgb2l().
https://github.com/Dawars/pillow-simd/blob/simd/9.4.x/Tests/test_file_fits.py#L21

This seems negligible, how should I proceed?

The update also contains Github Actions related changes which I'm not familiar with and therefore probably incorrectly set up.

homm and others added 30 commits January 3, 2022 12:00
Squashed commits:
[c45b871] update for Pillow-SIMD 3.4.0
[bedd83f] no alpha compositing in this release
[e8fe730] update results for latest version
add Skia results
[a16ff97] add SIMD changes
[82ffbd6] fix readme (+4 squashed commits)
Squashed commits:
[85677f9] fix error
[f44ebb1] update results for unrolled implementation
[83968c3] fix uploadcare#4
[cd73c51] update link (+11 squashed commits)
Squashed commits:
[5882178] correct spelling
[a0e5956] Why Pillow-SIMD is even faster
[108e72e] Why Pillow itself is so fast
[e8eeda1] spelling fixes
[e816e9c] spelling
[d2eefef] methodology, why not contributed
[2e55786] installation and conclusion
[9f6415e] more info
[67e55b7] more benchmarks
test files
[471d4c5] remove spaces
[904d89d] add performance tests
[4fe17fe] simple readme

SIMD. clarify Following fork

SIMD. update readme

SIMD. update versions in readme

SIMD. Changes
SIMD. Updated according to the review

SIMD. fix markup
SIMD. for resizing

SIMD. Update readme

SIMD. fix mark

SIMD. Update Uploadcare logo in readme
@mrkiril94
Copy link

Is this repo still alive ?

@gingerlime
Copy link

There's also a high-severity vulnerability in webp that was fixed in python-pillow#7395

@homm
Copy link
Collaborator

homm commented Oct 12, 2023

This changes are unrelated to Pillow-simd, which doesn’t have binary builds. It always uses system-provided versions of libraries

@homm homm force-pushed the simd/master branch 5 times, most recently from 26b82ba to 6eacce9 Compare August 12, 2024 18:12
@homm homm closed this Aug 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants