From ae43cda4c5c5c3935624a98258571040a71e026b Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Thu, 29 Jun 2023 20:58:43 +1000
Subject: [PATCH] Added release notes for #7235

---
 docs/releasenotes/10.0.0.rst | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/docs/releasenotes/10.0.0.rst b/docs/releasenotes/10.0.0.rst
index 9b92e27d84f..01b15f38696 100644
--- a/docs/releasenotes/10.0.0.rst
+++ b/docs/releasenotes/10.0.0.rst
@@ -157,10 +157,15 @@ TODO
 Security
 ========
 
-TODO
-^^^^
+Limit size even if one dimension is zero
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
+When performing decompression bomb checks, Pillow did not reject images with
+excessive width and zero height, or zero width and excessive height. That has
+now been fixed.
+
+This effectively dates to the PIL fork, since problem images would still have
+been processed before Pillow started checking for decompression bombs.
 
 Other Changes
 =============