9.1.1

This release addresses several security problems.

CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.

Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

9.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.1.0.html

Changes

• Add support for multiple component transformation to JPEG2000 #5500 [@scaramallion]
• Fix loading FriBiDi on Alpine #6165 [@nulano]
• Added setting for converting GIF P frames to RGB #6150 [@radarhere]
• Allow 1 mode images to be inverted #6034 [@radarhere]
• Raise ValueError when trying to save empty JPEG #6159 [@radarhere]
• Always save TIFF with contiguous planar configuration #5973 [@radarhere]
• Connected discontiguous polygon corners #5980 [@radarhere]
• Corrected memory allocation #5958 [@radarhere]
• Ensure Tkinter hook is activated for getimage() #6032 [@radarhere]
• Fixed comparison warnings #5970 [@radarhere]
• Use screencapture arguments to crop on macOS #6152 [@radarhere]
• Do not mark L mode JPEG as 1 bit in PDF #6151 [@radarhere]
• Fixed saving L mode GIF with background as WebP #6147 [@radarhere]
• Do not expand GIF during n_frames #6148 [@radarhere]
• Added support for reading I;16R TIFF images #6132 [@radarhere]
• If an error occurs after creating a file, remove the file #6134 [@radarhere]
• decode() should return -1 when finished #6130 [@radarhere]
• Fixed calling DisplayViewer or XVViewer without a title #6136 [@radarhere]
• Retain RGBA transparency when saving multiple GIF frames #6128 [@radarhere]
• Save additional ICO frames with other bit depths if supplied #6122 [@radarhere]
• Handle EXIF data truncated to just the header #6124 [@radarhere]
• Added support for reading BMP images with RLE8 compression #6102 [@radarhere]
• Support Python distributions where _tkinter is compiled in #6006 [@lukegb]
• Added WebP default duration of zero when saving #6140 [@radarhere]
• Added support for PPM arbitrary maxval #6119 [@radarhere]
• Removed unused variable #6137 [@radarhere]
• libwebp 1.2.2 fixed endian bugs #5984 [@radarhere]
• Added BigTIFF reading #6097 [@radarhere]
• GIF seek performance improvements #6077 [@radarhere]
• Removed load_prepare nearly identical to ImageFile load_prepare #6116 [@radarhere]
• When converting, clip I;16 to be unsigned, not signed #6112 [@radarhere]
• Check if self.im is not None #6108 [@radarhere]
• Fixed loading L mode GIF with transparency #6086 [@radarhere]
• Ensure cleanup() is called for PyEncoders #6096 [@radarhere]
• Various _accept changes #6092 [@radarhere]
• Improved handling of PPM header #5121 [@Piolie]
• Reset size when seeking away from "Large Thumbnail" MPO frame #6101 [@radarhere]
• Replace requirements.txt with extras #6072 [@hugovk]
• Added PyEncoder and support BLP saving #6069 [@radarhere]
• Handle TGA images with packets that cross scan lines #6087 [@radarhere]
• Added FITS reading #6056 [@radarhere]
• Added rawmode argument to Image.getpalette() #6061 [@radarhere]
• Fixed BUFR, GRIB and HDF5 stub saving #6071 [@radarhere]
• Changed quantize default dither to FLOYDSTEINBERG #6068 [@radarhere]
• Do not automatically remove temporary ImageShow files on Unix #6045 [@radarhere]
• Correctly read JPEG compressed BLP images #4685 [@Meithal]
• Merged _MODE_CONV typ into ImageMode as typestr #6057 [@radarhere]
• Consider palette size when converting and in getpalette() #6060 [@radarhere]
• Added enums #5954 [@radarhere]
• Ensure image is opaque after converting P to PA with RGB palette #6052 [@radarhere]
• Replaced absolute PIL import with relative import #6058 [@radarhere]
• Attach RGBA palettes from putpalette() when suitable #6054 [@radarhere]
• Simplified code #6053 [@radarhere]
• Clarify code and comments #6042 [@radarhere]
• Added get_photoshop_blocks() to parse Photoshop TIFF tag #6030 [@radarhere]
• Drop excess values in BITSPERSAMPLE #6041 [@mikhail-iurkov]
• Issue warning if Raqm layout is requested, but Raqm is not available #6035 [@nulano]
• Added unpacker from RGBA;15 to RGB #6031 [@radarhere]

Dependencies

• Updated freetype to 2.12 #6169 [@radarhere]
• Updated harfbuzz to 4.2.0 #6164 [@radarhere]
• Updated zlib to 1.2.12 #6160 [@radarhere]
• Updated harfbuzz to 4.1.0 #6153 [@radarhere]
• Updated harfbuzz to 4.0.1 #6125 [@radarhere]
• Updated harfbuzz to 4.0.0 #6104 [@radarhere]
• Updated harfbuzz to 3.4.0 #6048 [@radarhere]
• Updated lcms2 to 2.13.1 #6017 [@radarhere]
• Updated harfbuzz to 3.3.2 #6029 [@radarhere]
• Updated libimagequant to 4.0.0 #6014 [@radarhere]

Documentation

• Add musllinux wheels to 9.1.0 release notes #6168 [@hugovk]
• Document "keep" for JPEG save quality option #6135 [@carandraug]
• Document support for RLE8 reading in BMP #6155 [@radarhere]
• Removed period before colon #6143 [@radarhere]
• Added merging images example #6129 [@radarhere]
• decode() should return -1 when finished #6117 [@radarhere]
• Improved codec documentation #6094 [@radarhere]
• Document alternatives to accessing individual pixels #6099 [@radarhere]
• Document that histogram() uses 256 bins per channel #6106 [@radarhere]
• Added release notes for #6069 #6095 [@radarhere]
• Improved ImageShow documentation #6078 [@radarhere]
• Corrected docstring #6081 [@radarhere]
• Corrected JPEG subsampling documentation #6067 [@radarhere]
• Use --no-binary when installing from source #6066 [@radarhere]
• macOS: 'brew install openjpeg' for JPEG2000 support #6065 [@hugovk]
• Updated comment #6063 [@radarhere]
• Updated macOS tested Pillow versions #6038 [@radarhere]
• Fix return in docs #6040 [@hugovk]
• Corrected sentence #6016 [@radarhere]

Testing

• Added pytest-timeout to AppVeyor #6157 [@radarhere]
• Do not always require ctypes in tests #6141 [@radarhere]
• Updated setup-python, checkout and upload-artifact actions to v3 #6111 [@radarhere]
• pre-commit autoupdate --freeze #6109 [@radarhere]
• Updated Python for doccheck to 3.10 #6098 [@radarhere]
• Updated libjpeg-turbo to 2.1.3 #6091 [@radarhere]
• Enable heap verification without gflags #6089 [@radarhere]
• Test that n_frames and is_animated do not change GIF #6080 [@radarhere]
• Added Gentoo to Docker jobs #6088 [@radarhere]
• Removed duplicate test #6082 [@radarhere]
• Updated checks that no warnings were raised #6076 [@radarhere]
• Updated comment #6063 [@radarhere]
• Replaced test image to avoid copyrighted color space #6062 [@radarhere]
• Only skip test if libimagequant is earlier than 4 on ppc64le #6050 [@radarhere]
• Added CentOS Stream 9 #6036 [@radarhere]
• Upgraded AppVeyor Python 3.10 image to Visual Studio 2022 #6026 [@radarhere]

9.0.1

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

Changes

• In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@radarhere, @hugovk]
• Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

• Restrict builtins for ImageMath.eval() #5923 [@radarhere]
• Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]
• Fixed ImagePath.Path array handling #5920 [@radarhere]
• Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]
• Removed redundant part of condition #5915 [@radarhere]
• Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]
• Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]
• Changed error type to allow for incremental WebP parsing #5404 [@radarhere]
• Improved I;16 operations on big endian #5901 [@radarhere]
• Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]
• Limit quantized palette to number of colors #5879 [@radarhere]
• Use latin1 encoding to decode bytes #5870 [@radarhere]
• Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]
• When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]
• Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]
• Added rounding when converting P and PA #5824 [@radarhere]
• Improved putdata() documentation and data handling #5910 [@radarhere]
• Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]
• Image.NONE is only used for resampling and dithers #5908 [@radarhere]
• Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]
• Add Tidelift alignment action and badge #5763 [@aclark4life]
• Replaced further direct invocations of setup.py #5906 [@radarhere]
• Added ImageShow support for xdg-open #5897 [@m-shinder]
• Fixed typo #5902 [@radarhere]
• Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]
• Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]
• Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]
• Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]
• WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]
• Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]
• Added support for top right and bottom right TGA orientations #5829 [@radarhere]
• Corrected ICNS file length in header #5845 [@radarhere]
• Block tile TIFF tags when saving #5839 [@radarhere]
• Added line width argument to ImageDraw polygon #5694 [@radarhere]
• Do not redeclare class each time when converting to NumPy #5844 [@radarhere]
• Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]
• Fix pushes_fd method signature #5833 [@hoodmane]
• Add support for pickling TrueType fonts #5826 [@hugovk]
• Only prefer command line tools SDK on macOS over default MacOSX SDK #5828 [@radarhere]
• Fix compilation on 64-bit Termux #5793 [@landfillbaby]
• Replace 'setup.py sdist' with '-m build --sdist' #5785 [@hugovk]
• Use declarative package configuration #5784 [@hugovk]
• Use title for display in ImageShow #5788 [@radarhere]
• Fix for PyQt6 #5775 [@hugovk]
• Rename master to main #5770 [@hugovk]

Dependencies

• Updated winbuild libimagequant to 2.17.0 #5916 [@radarhere]
• Updated harfbuzz to 3.2.0 #5883 [@radarhere]
• Updated libimagequant to 2.17.0 #5876 [@radarhere]
• Updated freetype to 2.11.1 #5867 [@radarhere]
• Updated harfbuzz to 3.1.2 #5853 [@radarhere]
• Updated harfbuzz to 3.1.1 #5820 [@radarhere]
• Updated harfbuzz to 3.1.0 #5808 [@radarhere]

Documentation

• CVEs TBD #5924 [@radarhere]
• Added release notes for #5919, #5920 and #5921 #5922 [@radarhere]
• Updated copyright year #5918 [@radarhere]
• Added release notes for pillow-wheels#237 #5917 [@radarhere]
• Added release notes for #5897 #5905 [@radarhere]
• Added PIL + pathlib Tutorial #5862 [@kolibril13]
• Dedicate the next release to Fredrik Lundh #5885 [@hugovk]
• Added release notes for #5857 #5874 [@radarhere]
• Improved example code #5866 [@radarhere]
• Improved explanation of fromarray "mode" parameter #5849 [@radarhere]
• Documentation for #5829 and #5694 #5847 [@radarhere]
• Updated macOS tested Pillow versions #5822 [@radarhere]
• Docs: Remove docutils pin #5821 [@hugovk]
• Changed URLs to https #5796 [@radarhere]
• Added release notes for #5788 #5792 [@radarhere]
• Update expected Pillow 10 release date: 2023-07-01 #5779 [@hugovk]
• Document #5788: "Use title for display" #5790 [@nulano]
• Improved image lifecycle documentation #5773 [@radarhere]
• Docs: No security updates in 8.4.0 #5767 [@hugovk]

Removals

• Drop support for soon-EOL Python 3.6 #5768 [@hugovk]
• Remove support for FreeType 2.7 and older #5777 [@hugovk]
• Removed deprecated PILLOW_VERSION, Image.show command parameter, Image._showxv and ImageFile.raise_ioerror #5776 [@radarhere]

Testing

• Added sys import #5913 [@radarhere]
• Do not compare properties to themselves #5907 [@radarhere]
• GHA: Still use macos-latest for non-PyPy builds #5888 [@radarhere]
• GHA: Use macos-10.15 to fix build #5886 [@hugovk]
• GHA: Add workflow_dispatch to enable manually triggering builds #5861 [@hugovk]
• Added context managers #5851 [@radarhere]
• Updated libjpeg-turbo to 2.1.2 #5841 [@radarhere]
• GHA: Use actions/setup-python's pip cache #5840 [@hugovk]
• Removed setuptools install from AppVeyor #5823 [@radarhere]
• Added Fedora 35 #5806 [@radarhere]
• Test Python 3.10.0 final on AppVeyor #5805 [@hugovk]
• Test PyPy3.8 #5778 [@hugovk]
• CI: Install pytest-timeout for MinGW CI #5780 [@hugovk]
• Removed Fedora 33 docker job #5766 [@radarhere]

8.4.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.4.0.html

Changes

• Don't use bitmap glyphs when drawing text with stroker #5761 [@nulano]
• Make TIFF strip size configurable #5744 [@kmilos]
• Fixed Python errors when saving a (0, 0) TIFF image #5750 [@radarhere]
• Prefer global transparency in GIF when replacing with background color #5756 [@radarhere]
• Update winbuild libimagequant to 2.16.0 #5727 [@nulano]
• Accept methods cleanup #5724 [@radarhere]
• Remove raqm.cmake #5722 [@nulano]
• Moved _info function into docstring #5710 [@radarhere]
• Added "exif" keyword argument to TIFF saving #5575 [@radarhere]
• Copy Python palette to new image in quantize() #5696 [@radarhere]
• Read ICO AND mask from end #5667 [@radarhere]
• Actually check the framesize in FliDecode.c #5659 [@wiredfool]

Dependencies

• Upgrade Raqm to 0.7.2 #5736 [@nulano]
• Updated Ghostscript to 9.55.0 #5735 [@radarhere]
• Updated fribidi to 1.0.11 #5732 [@radarhere]
• Updated libimagequant to 2.16.0 #5726 [@radarhere]
• Updated harfbuzz to 3.0.0 #5720 [@radarhere]
• Updated harfbuzz to 2.9.1 #5705 [@radarhere]

Documentation

• Updated capitalization #5746 [@radarhere]
• Updated macOS tested Pillow versions #5737 [@radarhere]
• Updated macOS tested Pillow versions #5719 [@radarhere]
• Docs: Update CI targets table #5713 [@hugovk]
• Updated docstring #5708 [@radarhere]
• Docs: Temporarily pin docutils to fix bullets in sphinx_rtd_theme #5704 [@hugovk]

Testing

• Delete tidelift.yml #5765 [@hugovk]
• Test Python 3.10.0 final on GitHub Actions #5748 [@hugovk]
• [pre-commit.ci] pre-commit autoupdate #5747 [@pre-commit-ci]
• Add CentOS Stream 8 #5714 [@hugovk]
• Improve the fuzzer wrt. the current atheris version #5688 [@Google-Autofuzz]
• CI: Split MINGW to own workflow, remove redundant job #5709 [@hugovk]
• Install numpy on Python 3.10 #5702 [@radarhere]

8.3.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

Security

• CVE-2021-23437 Raise ValueError if color specifier is too long
  [hugovk, radarhere]

• Fix 6-byte OOB read in FliDecode
  [wiredfool]

Python 3.10 wheels

• Add support for Python 3.10 #5569, #5570
  [hugovk, radarhere]

Fixed regressions

• Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588
  [kmilos, radarhere]

• Updates for ImagePalette channel order #5599
  [radarhere]

• Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651
  [nulano]

8.3.1

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html

Changes

• Catch OSError when checking if fp is sys.stdout #5585 [@radarhere]
• Handle removing orientation from alternate types of EXIF data #5584 [@radarhere]
• Make Image.array take optional dtype argument #5572 [@t-vi]

8.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

Changes

• Use snprintf instead of sprintf #5567 [@radarhere]
• Limit TIFF strip size when saving with LibTIFF #5514 [@kmilos]
• Allow ICNS save on all operating systems #4526 [@newpanjing]
• De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [@gofr]
• Do not use background or transparency index for new color #5564 [@radarhere]
• Simplified code #5315 [@radarhere]
• Replaced xml.etree.ElementTree #5565 [@radarhere]
• Corrected border position for P mode in ImageOps.expand() #5562 [@radarhere]
• Moved CVE image to pillow-depends #5561 [@radarhere]
• Added tag data for IFD groups #5554 [@radarhere]
• Improved ImagePalette #5552 [@radarhere]
• Add DDS saving #5402 [@radarhere]
• Improved getxmp() #5455 [@radarhere]
• Convert to float for comparison with float in IFDRational eq #5412 [@radarhere]
• Allow getexif() to access TIFF tag_v2 data #5416 [@radarhere]
• Read FITS image mode and size #5405 [@radarhere]
• Merge parallel horizontal edges in ImagingDrawPolygon #5347 [@radarhere]
• Use transparency behind first GIF frame and when disposing to background #5557 [@radarhere]
• Fixed undefined variable in logging #5556 [@radarhere]
• Avoid unstable nature of qsort in Quant.c #5367 [@radarhere]
• Copy palette to new images in ImageOps expand #5551 [@radarhere]
• Ensure palette string matches RGB mode #5549 [@radarhere]
• Do not modify EXIF of original image instance in exif_transpose() #5547 [@radarhere]
• Fixed default numresolution for small JPEG2000 images #5540 [@radarhere]
• Fixed format warning #5535 [@radarhere]
• Updated declaration to match definition #5534 [@radarhere]
• Added DDS BC5 reading #5501 [@radarhere]
• Raise an error if ImageDraw.textbbox is used without a TrueType font #5510 [@radarhere]
• Added ICO saving in BMP format #5513 [@radarhere]
• Ensure PNG seeks to end of previous chunk at start of load_end #5493 [@radarhere]
• Do not allow TIFF to seek to a past frame #5473 [@radarhere]
• Avoid race condition when displaying images with eog #5507 [@mconst]
• Added specific error messages when ink has incorrect number of bands #5504 [@radarhere]
• Allow converting an image to a numpy array to raise errors #5379 [@radarhere]
• Use METH_NOARGS when no arguments are required #5488 [@radarhere]
• Fixed typo #5505 [@radarhere]
• Added CFAPattern, ExifVersion and FlashpixVersion UNDEFINED tags #5495 [@radarhere]
• Removed DPI rounding from BMP, JPEG and PNG loading #5476 [@radarhere]
• Removed WMF DPI rounding #5470 [@radarhere]
• Remove spikes when drawing thin pieslices #5460 [@xtsm]
• Updated default value for SAMPLESPERPIXEL TIFF tag #5452 [@radarhere]
• HTTP link is not valid (wrong redirect) #5481 [@homm]
• Removed TIFF DPI rounding #5446 [@radarhere]
• Include code in WebP error #5471 [@radarhere]
• Replaced uint16 and uint32 with uint16_t and uint32_t to resolve TIFF deprecations #5458 [@radarhere]
• Do not alter pixels outside mask when drawing text on an image with transparency #5434 [@radarhere]
• Reset handle when seeking backwards in TIFF #5443 [@radarhere]
• Fix build with libraqm < 0.7.0 #5462 [@adrian-the-git]
• Replace sys.stdout with sys.stdout.buffer when saving #5437 [@radarhere]
• Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip #5426 [@radarhere]
• Fixed bug when checking FreeType2 version if it is not installed #5445 [@radarhere]
• Do not round dimensions when saving PDF #5459 [@radarhere]
• Added ImageOps contain() #5417 [@radarhere]
• Clarified error message #5457 [@radarhere]
• Changed WebP default "method" value to 4 #5450 [@radarhere]
• Switched to saving 1-bit PDFs with DCTDecode #5430 [@radarhere]
• Use bpp from ICO header #5429 [@radarhere]
• Corrected JPEG APP14 transform value #5408 [@radarhere]
• Changed TIFF tag 33723 length to 1 #5425 [@radarhere]
• Changed ImageMorph incorrect mode errors to ValueError #5414 [@radarhere]
• Add EXIF tags specified in EXIF 2.32 #5419 [@gladiusglad]
• Treat previous contents of first GIF frame as transparent #5391 [@radarhere]
• Changed quantize and quantize2 to static #5374 [@radarhere]
• For special image modes, revert default resize resampling to NEAREST #5411 [@radarhere]
• Changed mode for TGA 16-bit palette to BGR;15 #5400 [@radarhere]
• TGA color map entry size is only 1 byte #5396 [@radarhere]
• JPEG2000: Support decoding subsampled RGB and YCbCr images #4996 [@nulano]
• Stop decoding BC1 punchthrough alpha in BC2&3 #4144 [@jansol]
• Added TransferFunction and ReferenceBlackWhite to core TIFF tags #5384 [@radarhere]
• Use zero if GIF background color index is missing #5390 [@radarhere]
• Fixed ensuring that GIF previous frame was loaded #5386 [@radarhere]
• Valgrind fixes #5397 [@wiredfool]
• Use python3 in shebang line #5395 [@radarhere]
• Round down the radius in rounded_rectangle #5382 [@radarhere]
• Fixed reading uncompressed RGB data from DDS #5383 [@radarhere]
• Changed register_open calls to be consistent #5380 [@radarhere]

Dependencies

• Updated libimagequant to 2.15.1 #5492 [@radarhere]
• Updated libimagequant to 2.15.0 #5479 [@radarhere]
• Updated harfbuzz to 2.8.1 #5464 [@radarhere]
• Updated libjpeg-turbo to 2.1.0 #5433 [@radarhere]
• Updated libtiff to 4.3.0 #5421 [@radarhere]

Documentation

• Added release notes #5566 [@radarhere]
• Add Twitter to PyPI project URLs #5563 [@hugovk]
• Modified docstring for GaussianBlur #5539 [@kdpenner]
• Copies of an image do not retain the format #5532 [@radarhere]
• Fix differing background colors in right sidebar in dark mode docs #5515 [@PH-KDX]
• Updated macOS tested Pillow versions #5521 [@radarhere]
• Build docs with sphinx_copybutton and sphinxext.opengraph #5498 [@hugovk]
• Updated badges for wheels #5483 [@radarhere]
• Use python3 #5477 [@radarhere]
• Corrected code references in docstring #5468 [@radarhere]
• Updated tested libtiff versions #5466 [@radarhere]
• Updated macOS tested Pillow versions #5427 [@radarhere]
• Added info about mode when saving ICO for Windows #5423 [@radarhere]
• Add Raspberry Pi OS to platform support #5424 [@thijstriemstra]
• Changed wording to avoid confusion with IMAGING_TYPE_SPECIAL #5410 [@radarhere]
• Fix PDF file format documentation #5399 [@cholojuanito]

Testing

• Corrected comments #5560 [@radarhere]
• Reverse test order for two CI jobs #5542 [@radarhere]
• Fixed errors when running tests in random order #5533 [@radarhere]
• Fix lcms2_static target for msbuild #5522 [@kmilos]
• Removed setuptools version requirement on GHA macOS and Windows #5496 [@radarhere]
• Removed GitHub Actions Ubuntu setuptools version requirement #5482 [@radarhere]
• Corrected errors in restoring sys.stdout in tests #5474 [@radarhere]
• Revert "Fixed Python 3.10 at alpha.7": use 3.10-dev #5456 [@hugovk]
• GHA: Update test-windows for 64-bit PyPy 7.3.4 release #5453 [@nulano]
• Fixed Python 3.10 at alpha.7 #5447 [@radarhere]
• Added Fedora 34 #5451 [@radarhere]
• Updated nasm to 2.15.05 in AppVeyor #5422 [@radarhere]
• Corrected test #5420 [@radarhere]
• Add test for CVE-2021-25292 ReDoS #5393 [@hugovk]
• Removed Fedora 32 docker job #5378 [@radarhere]

8.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html

Changes

• Security fixes for 8.2.0 #5377 [@hugovk]
• Move getxmp() to JpegImageFile #5376 [@radarhere]
• Added getxmp() method #5144 [@UrielMaD]
• Compile LibTIFF with CMake on Windows #5359 [@nulano]
• Add ImageShow support for GraphicsMagick #5349 [@latosha-maltba]
• Tiff crash fixes in TiffDecode.c #5372 [@wiredfool]
• Remove redundant check (addition to #5364) #5366 [@kkopachev]
• Do not load transparent pixels from subsequent GIF frames #5333 [@radarhere]
• Use LZW encoding when saving GIF images #5291 [@raygard]
• Set all transparent colors to be equal in quantize() #5282 [@radarhere]
• Allow PixelAccess to use Python int when parsing x and y #5206 [@radarhere]
• Removed Image._MODEINFO #5316 [@radarhere]
• Add preserve_tone option to autocontrast #5350 [@elejke]
• Only import numpy when necessary #5323 [@radarhere]
• Fixed linear_gradient and radial_gradient I and F modes #5274 [@radarhere]
• Add support for reading TIFFs with PlanarConfiguration=2 #5364 [@wiredfool]
• More OSS-Fuzz support #5328 [@wiredfool]
• Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [@nulano]
• Use quantization method attributes #5353 [@radarhere]
• Dynamically link FriBiDi instead of Raqm #5062 [@nulano]
• Removed build_distance_tables return value #5363 [@radarhere]
• Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [@radarhere]
• Use duration from info dictionary when saving WebP #5338 [@radarhere]
• Improved efficiency when creating GIF disposal images #5326 [@radarhere]
• Stop flattening EXIF IFD into getexif() #4947 [@radarhere]
• Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [@radarhere]
• Save ICC profile from TIFF encoderinfo #5321 [@radarhere]
• Moved RGB fix inside ImageQt class #5268 [@radarhere]
• Fix -Wformat error in TiffDecode #5305 [@lukegb]
• Allow alpha_composite destination to be negative #5313 [@radarhere]
• Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [@radarhere]
• Added ImageDraw rounded_rectangle method #5208 [@radarhere]
• Added IPythonViewer #5289 [@radarhere]
• Only draw each rectangle outline pixel once #5183 [@radarhere]
• Use mmap instead of built-in Win32 mapper #5224 [@radarhere]
• Handle PCX images with an odd stride #5214 [@radarhere]
• Only read different sizes for "Large Thumbnail" MPO frames #5168 [@radarhere]

Dependencies

• Updated harfbuzz to 2.8.0 #5334 [@radarhere]

Deprecations

• Deprecated categories #5351 [@radarhere]

Documentation

• Docs: Fix link in release notes #5371 [@hugovk]
• Corrected grammar #5332 [@radarhere]
• Document Raqm/FriBiDi linking changes #5365 [@nulano]
• Deprecated categories #5351 [@radarhere]
• Document quantize method defaults and mode support #5352 [@radarhere]
• Document prerequisites and Python development libraries for Alpine #5361 [@radarhere]
• Listed Debian packages #5360 [@radarhere]
• Contributing docs: Include release notes as needed or appropriate #5357 [@hugovk]
• Updated macOS tested Pillow versions #5354 [@radarhere]
• Added release notes for #4947 #5344 [@radarhere]
• Updated list of TIFF compression methods #5336 [@radarhere]
• Document #5321 #5327 [@radarhere]
• Added link to class and function in release notes #5318 [@radarhere]
• Document license for several fonts #5215 [@radarhere]

Testing

• Fix pytest valgrind warnings #5373 [@wiredfool]
• Updated Ghostscript to 9.54.0 #5368 [@radarhere]
• Increased use of assert_image_equal_tofile #5345 [@radarhere]
• Added test for saving PNG with bits keyword #5331 [@radarhere]
• Updated harfbuzz to 2.8.0 #5334 [@radarhere]
• Add pytest-timeout to CI and requirements.txt #5329 [@wiredfool]
• Fixed unclosed file warning #5325 [@radarhere]
• Updated shell for mkdir commands #5219 [@radarhere]
• Document and add tests for SBIX color font support #5155 [@nulano]

8.1.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html