Skip to content

Commit

Permalink
Revert "Mandate Pillow>=10.0.1 because of libwebp CVE (matrix-org#16347
Browse files Browse the repository at this point in the history 
…)"

It's not needed to update Pillow in Fedora because it has
no bundled libwebp.

Fedora has older version of Pillow, and it's OK because it's not
vulnerable to this bug.

This reverts commit 053155a.
  • Loading branch information
Oleg Girko committed Nov 17, 2023
1 parent 721176f commit 7e4800a
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,9 +181,7 @@ PyYAML = ">=3.13"
pyasn1 = ">=0.1.9"
pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7"
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
Pillow = ">=10.0.1"
Pillow = ">=5.4.0"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0"
Expand Down

0 comments on commit 7e4800a

Please sign in to comment.