To protect against potential DOS attacks when using arbitrary strings as text input, Pillow will now raise a :pyValueError
if the number of characters passed into :pyPIL.ImageFont.ImageFont.getmask
is over a certain limit, :pyPIL.ImageFont.MAX_STRING_LENGTH
.
This threshold can be changed by setting :pyPIL.ImageFont.MAX_STRING_LENGTH
. It can be disabled by setting ImageFont.MAX_STRING_LENGTH = None
.
A decompression bomb check has also been added to :pyPIL.ImageFont.ImageFont.getmask
.
To protect against potential DOS attacks when using PIL fonts, :pyPIL.ImageFont.ImageFont
now trims the size of individual glyphs so that they do not extend beyond the bitmap image.
If an attacker has control over the keys passed to the environment
argument of :pyPIL.ImageMath.eval
, they may be able to execute arbitrary code. To prevent this, keys matching the names of builtins and keys containing double underscores will now raise a :pyValueError
.
ImageFile.raise_oserror()
has been deprecated and will be removed in Pillow 12.0.0 (2025-10-15). The function is undocumented and is only useful for translating error codes returned by a codec's decode()
method, which ImageFile already does automatically.
The functions IptcImageFile.dump
and IptcImageFile.i
, and the constant IptcImageFile.PAD
have been deprecated and will be removed in Pillow 12.0.0 (2025-10-15). These are undocumented helper functions intended for internal use, so there is no replacement. They can each be replaced by a single line of code using builtin functions in Python.
When creating a :py~PIL.ImageFont.FreeTypeFont
instance, either directly or through :py~PIL.ImageFont.truetype
, if the font size is zero or less, a :pyValueError
will now be raised.
:py~PIL.DdsImagePlugin.DDSD
, :py~PIL.DdsImagePlugin.DDSCAPS
, :py~PIL.DdsImagePlugin.DDSCAPS2
, :py~PIL.DdsImagePlugin.DDPF
, :py~PIL.DdsImagePlugin.DXGI_FORMAT
and :py~PIL.DdsImagePlugin.D3DFMT
enums have been added to :pyPIL.DdsImagePlugin
.
When saving JPEG files, keep_rgb
can now be set to True
. This will store RGB images in the RGB color space instead of being converted to YCbCr automatically by libjpeg. When this option is enabled, attempting to chroma-subsample RGB images with the subsampling
option will raise an :pyOSError
.
When saving JPEG files, restart_marker_blocks
and restart_marker_rows
can now be used to emit restart markers whenever the specified number of MCU blocks or rows have been produced.
When saving JPEG files, streamtype
can now be set to 1, for tables-only. This will output only the quantization and Huffman tables for the image.
Support has been added to read the BC4U format of DDS images.
Support has also been added to read DX10 BC1 and BC4, whether UNORM or TYPELESS.
All masks are now supported when reading DDS images with uncompressed RGB data, allowing for bit counts other than 24 and 32.
When saving TIFF images, the TIFF tag RowsPerStrip can now be one of the tags set by the user, rather than always being calculated by Pillow.
The color calculations of :py~PIL.ImageColor.getrgb
and :py~PIL.ImageColor.getcolor
are now cached using :pyfunctools.lru_cache
. Cached calls of getrgb
are 3.1 - 91.4 times as fast and getcolor
are 5.1 - 19.6 times as fast.
The lookups made by :py~PIL.ImageMode.getmode
are now cached using :pyfunctools.lru_cache
instead of a custom cache. Cached calls are 1.2 times as fast.
Calculating the :py~PIL.ImageStat.Stat.count
and :py~PIL.ImageStat.Stat.extrema
statistics is now faster. After the histogram is created in st = ImageStat.Stat(im)
, st.count
is 3 times as fast on average and st.extrema
is 12 times as fast on average.
:pyOSError
exceptions from image encoders now include a textual description of the error instead of a numeric error code.
Work has begun to add type annotations to Pillow, including:
- :py
~PIL.ContainerIO
- :py
~PIL.FontFile
, :py~PIL.BdfFontFile
and :py~PIL.PcfFontFile
- :py
~PIL.ImageChops
- :py
~PIL.ImageMode
- :py
~PIL.ImageSequence
- :py
~PIL.ImageTransform
- :py
~PIL.TarIO