Update to 9.4.0 to fix security vulnerabilities #129
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Squashed commits: [c45b871] update for Pillow-SIMD 3.4.0 [bedd83f] no alpha compositing in this release [e8fe730] update results for latest version add Skia results [a16ff97] add SIMD changes [82ffbd6] fix readme (+4 squashed commits) Squashed commits: [85677f9] fix error [f44ebb1] update results for unrolled implementation [83968c3] fix uploadcare#4 [cd73c51] update link (+11 squashed commits) Squashed commits: [5882178] correct spelling [a0e5956] Why Pillow-SIMD is even faster [108e72e] Why Pillow itself is so fast [e8eeda1] spelling fixes [e816e9c] spelling [d2eefef] methodology, why not contributed [2e55786] installation and conclusion [9f6415e] more info [67e55b7] more benchmarks test files [471d4c5] remove spaces [904d89d] add performance tests [4fe17fe] simple readme SIMD. clarify Following fork SIMD. update readme SIMD. update versions in readme SIMD. Changes
SIMD. Updated according to the review SIMD. fix markup
SIMD. for resizing SIMD. Update readme SIMD. fix mark SIMD. Update Uploadcare logo in readme
… of _mm256_mullo_epi32
Remove extra parenthesis. Now the link can be parsed as a link
Simd/fix builds
Update the gaussian-blur-changes in the README.md file. The previous link appeared to be faulty.
docs: update faulty gaussian-blur-changes link
# Conflicts: # .github/workflows/cifuzz.yml # .github/workflows/test-docker.yml # README.md # Tests/test_image_resample.py # src/PIL/_version.py # src/libImaging/ColorLUT.c
|
Is this repo still alive ? |
|
There's also a high-severity vulnerability in webp that was fixed in python-pillow#7395 |
This was referenced Oct 11, 2023
|
This changes are unrelated to Pillow-simd, which doesn’t have binary builds. It always uses system-provided versions of libraries |
homm
force-pushed
the
simd/master
branch
5 times, most recently
from
26b82ba
to
6eacce9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recently several vulnerabilities have been uncovered.
https://github.com/advisories?query=type%3Areviewed+Pillow
It is crucial to apply these fixes for use in production.
This PR is a straightforward merge from 9.4.x containing security vulnerability fixes, specifically:
Only test failing is test_file_fits:test_open which is caused by one-off error in simd implementation of rgb2l().
https://github.com/Dawars/pillow-simd/blob/simd/9.4.x/Tests/test_file_fits.py#L21
This seems negligible, how should I proceed?
The update also contains Github Actions related changes which I'm not familiar with and therefore probably incorrectly set up.