10.2.0 (2024-01-02)¶
Security¶
ImageFont.getmask: Applied ImageFont.MAX_STRING_LENGTH¶
To protect against potential DOS attacks when using arbitrary strings as text input,
Pillow will now raise a ValueError if the number of characters passed into
PIL.ImageFont.ImageFont.getmask() is over a certain limit,
PIL.ImageFont.MAX_STRING_LENGTH.
This threshold can be changed by setting PIL.ImageFont.MAX_STRING_LENGTH. It
can be disabled by setting ImageFont.MAX_STRING_LENGTH = None.
A decompression bomb check has also been added to
PIL.ImageFont.ImageFont.getmask().
ImageFont.getmask: Trim glyph size¶
To protect against potential DOS attacks when using PIL fonts,
PIL.ImageFont.ImageFont now trims the size of individual glyphs so that
they do not extend beyond the bitmap image.
CVE-2023-50447: ImageMath.eval: Restricted environment keys¶
If an attacker has control over the keys passed to the
environment argument of PIL.ImageMath.eval(), they may be able to execute
arbitrary code. To prevent this, keys matching the names of builtins and keys
containing double underscores will now raise a ValueError.
Deprecations¶
ImageFile.raise_oserror¶
ImageFile.raise_oserror() has been deprecated and will be removed in Pillow
12.0.0 (2025-10-15). The function is undocumented and is only useful for translating
error codes returned by a codec’s decode() method, which ImageFile already does
automatically.
IptcImageFile helper functions¶
The functions IptcImageFile.dump and IptcImageFile.i, and the constant
IptcImageFile.PAD have been deprecated and will be removed in Pillow
12.0.0 (2025-10-15). These are undocumented helper functions intended
for internal use, so there is no replacement. They can each be replaced
by a single line of code using builtin functions in Python.
API Changes¶
Zero or negative font size error¶
When creating a FreeTypeFont instance, either directly or
through truetype(), if the font size is zero or less, a
ValueError will now be raised.
API Additions¶
Added DdsImagePlugin enums¶
DDSD, DDSCAPS,
DDSCAPS2, DDPF,
DXGI_FORMAT and D3DFMT
enums have been added to PIL.DdsImagePlugin.
JPEG RGB color space¶
When saving JPEG files, keep_rgb can now be set to True. This will store RGB
images in the RGB color space instead of being converted to YCbCr automatically by
libjpeg. When this option is enabled, attempting to chroma-subsample RGB images with
the subsampling option will raise an OSError.
JPEG restart marker interval¶
When saving JPEG files, restart_marker_blocks and restart_marker_rows can now
be used to emit restart markers whenever the specified number of MCU blocks or rows
have been produced.
JPEG tables-only streamtype¶
When saving JPEG files, streamtype can now be set to 1, for tables-only. This will
output only the quantization and Huffman tables for the image.
Other Changes¶
Added DDS BC4U and DX10 BC1 and BC4 reading¶
Support has been added to read the BC4U format of DDS images.
Support has also been added to read DX10 BC1 and BC4, whether UNORM or TYPELESS.
Support arbitrary masks for uncompressed RGB DDS images¶
All masks are now supported when reading DDS images with uncompressed RGB data, allowing for bit counts other than 24 and 32.
Saving TIFF tag RowsPerStrip¶
When saving TIFF images, the TIFF tag RowsPerStrip can now be one of the tags set by the user, rather than always being calculated by Pillow.
Optimized ImageColor.getrgb and getcolor¶
The color calculations of getrgb and
getcolor are now cached using
functools.lru_cache(). Cached calls of getrgb are 3.1 - 91.4 times
as fast and getcolor are 5.1 - 19.6 times as fast.
Optimized ImageMode.getmode¶
The lookups made by getmode are now cached using
functools.lru_cache() instead of a custom cache. Cached calls are 1.2 times as
fast.
Optimized ImageStat.Stat count and extrema¶
Calculating the count and
extrema statistics is now faster. After the
histogram is created in st = ImageStat.Stat(im), st.count is 3 times as fast on
average and st.extrema is 12 times as fast on average.
Encoder errors now report error detail as string¶
OSError exceptions from image encoders now include a textual description of
the error instead of a numeric error code.
Type hints¶
Work has begun to add type annotations to Pillow, including: