gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
Browse Source

Mandate Pillow>=10.0.1 because of libwebp CVE (#16347)

tags/v1.93.0rc1
Mathieu Velten 8 months ago
committed by GitHub
parent
5ad1714d42
commit
4663d55502
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      changelog.d/16347.misc
  2. +3
    -1
      pyproject.toml

+ 1
- 0
changelog.d/16347.misc View File

@@ -0,0 +1 @@
Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels.

+ 3
- 1
pyproject.toml View File

@@ -180,7 +180,9 @@ PyYAML = ">=3.13"
pyasn1 = ">=0.1.9"
pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7"
Pillow = ">=5.4.0"
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
Pillow = ">=10.0.1"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0"


Write Preview
Loading…
Cancel
Save