From 5339c1cf63bb4ea43739ac293bdd801a316e66b2 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade Date: Fri, 3 Nov 2023 11:59:37 +0200 Subject: [PATCH] Add CVE-2023-44271 to ImageFont.MAX_STRING_LENGTH fix in release notes --- docs/releasenotes/10.0.0.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/releasenotes/10.0.0.rst b/docs/releasenotes/10.0.0.rst index 06acfc7afd2..a3f238119f0 100644 --- a/docs/releasenotes/10.0.0.rst +++ b/docs/releasenotes/10.0.0.rst @@ -173,8 +173,8 @@ been processed before Pillow started checking for decompression bombs. Added ImageFont.MAX_STRING_LENGTH ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -To protect against potential DOS attacks when using arbitrary strings as text -input, Pillow will now raise a ``ValueError`` if the number of characters +:cve:`2023-44271`: To protect against potential DOS attacks when using arbitrary strings as text +input, Pillow will now raise a :py:exc:`ValueError` if the number of characters passed into ImageFont methods is over a certain limit, :py:data:`PIL.ImageFont.MAX_STRING_LENGTH`.