Update dependency pillow to v12 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	==11.3.0 → ==12.1.1

GitHub Vulnerability Alerts

CVE-2026-25990

Impact

An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

Patches

Pillow 12.1.1 will be released shortly with a fix for this.

Workarounds

Image.open() has a formats parameter that can be used to prevent PSD images from being opened.

References

Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html

---

Release Notes

python-pillow/Pillow (pillow)

v12.1.1

Compare Source

v12.1.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #​9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #​9368 [@​radarhere]
• Added release notes for #​9350 #​9366 [@​radarhere]
• Update ImageMorph documentation #​9349 [@​radarhere]
• Docs: update major bump cadence #​9334 [@​hugovk]
• Add release notes for #​9070 #​9320 [@​radarhere]
• Updated Ubuntu version #​9306 [@​radarhere]
• Update macOS tested Pillow versions #​9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #​9355 [@​radarhere]
• Update xz to 5.8.2 #​9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #​9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #​9324 [@​radarhere]
• Updated libpng to 1.6.53 #​9325 [@​radarhere]
• Update actions/checkout action to v6 #​9323 [@​renovate[bot]]
• Update dependency mypy to v1.19.0 #​9322 [@​renovate[bot]]
• Updated libpng to 1.6.51 #​9305 [@​radarhere]
• Updated brotli to 1.2.0 #​9284 [@​radarhere]
• Update libimagequant to 4.4.1 #​9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #​9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #​9289 [@​radarhere]
• Update github-actions #​9277 [@​renovate[bot]]

Testing

• Replace pre-commit with prek #​9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #​9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #​9345 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Fix ResourceWarnings in selftest.py #​9332 [@​hugovk]
• Fix testing good P mode BMP images #​9319 [@​radarhere]
• Test Python 3.15 pre-release #​9331 [@​hugovk]
• Test ImageFont.ImageFont, in case freetype2 is not supported #​9287 [@​radarhere]
• Add Fedora 43 #​9290 [@​radarhere]
• Remove Fedora 41 #​9260 [@​radarhere]

Type hints

• Add ImageFile context manager #​9367 [@​radarhere]
• Assert fp is not None #​8617 [@​radarhere]
• Added return type to ImageFile _close_fp() #​9356 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9316 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Improve type hints #​9317 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9268 [@​radarhere]
• Added type hints #​9269 [@​radarhere]
• Correct getitem return type #​9264 [@​radarhere]

Other changes

• Simplify band splitting #​9291 [@​radarhere]
• Support saving APNG float durations #​9365 [@​radarhere]
• Allow 1 mode images in MorphOp #​9348 [@​radarhere]
• Use minimum supported Python version for Lint #​9364 [@​radarhere]
• Allow for duplicate font variation styles #​9362 [@​radarhere]
• Call parent verify method #​9357 [@​radarhere]
• Return LUT from LutBuilder build_default_lut() #​9350 [@​radarhere]
• Simplify WebP code #​9329 [@​radarhere]
• Use unsigned long for DWORD #​9352 [@​radarhere]
• Cast to UINT32 before shifting bits #​9347 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9318 [@​pre-commit-ci[bot]]
• Allow window ID to be passed to ImageGrab.grab() on macOS #​9070 [@​yankeguo]
• Apply encoder options when saving multiple PNG frames #​9300 [@​radarhere]
• Read all non-zero transparency from mode 1 PNG images as 255 #​9282 [@​radarhere]
• Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #​9276 [@​radarhere]
• Remove unused modes #​9275 [@​radarhere]
• Correct allocating new color to RGBA palette #​9313 [@​radarhere]
• Close image on ImageFont exception #​9304 [@​radarhere]
• Reapply "Use macos-latest for iOS arm64 simulator" #​9259 [@​radarhere]
• Escape period in pre-commit-config #​9036 [@​radarhere]
• Add Apache-2.0 notice to IcoImagePlugin #​8947 [@​stefan6419846]
• [pre-commit.ci] pre-commit autoupdate #​9288 [@​pre-commit-ci[bot]]
• Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #​9263 [@​radarhere]
• Remove BytesIO from DdsImagePlugin #​9273 [@​radarhere]
• Fix ZeroDivisionError in DdsImagePlugin #​9272 [@​radarhere]
• Fix warnings #​9257 [@​radarhere]

v12.0.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

• Remove support for FreeType <= 2.9.0 #​9159 [@​radarhere]
• Drop support for Python 3.9 #​9119 [@​hugovk]
• Remove deprecations for Pillow 12.0.0 #​9053 [@​radarhere]

Deprecations

• Deprecate Image._show #​9186 [@​radarhere]
• Deprecate ImageCmsProfile product_name and product_info #​8995 [@​lukegb]

Documentation

• ImagingHistogramInstance can use two bands #​9251 [@​radarhere]
• Update 12.0.0 release notes #​9247 [@​hugovk]
• Added ImageDraw alpha channel examples #​9201 [@​radarhere]
• Update Python version #​9230 [@​radarhere]
• Updated macOS tested Pillow versions #​9209 [@​radarhere]
• Add GitHub profile link to release notes #​9197 [@​radarhere]
• Split versionadded info #​9190 [@​radarhere]
• Document ImageFile.MAXBLOCK #​9163 [@​radarhere]
• Updated macOS version in CI targets #​9157 [@​radarhere]
• Fix typos #​9135 [@​radarhere]
• Added "Colors" to concepts #​9067 [@​radarhere]
• Update macOS tested Pillow versions #​9068 [@​radarhere]
• Thanks, folks! #​9056 [@​aclark4life]
• Setup nit: "fork" should be lowercased #​9055 [@​aclark4life]

Dependencies

• Update dependency cibuildwheel to v3.2.1 #​9246 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9233 [@​pre-commit-ci[bot]]
• Update harfbuzz to 12.1.0 #​9218 [@​radarhere]
• Update libtiff to 4.7.1 #​9222 [@​radarhere]
• Update FreeType to 2.14.1 on macOS and Linux wheels #​9217 [@​radarhere]
• Update dependency cibuildwheel to v3.2.0 #​9219 [@​renovate[bot]]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Update openjpeg to 2.5.4 #​9215 [@​radarhere]
• Update harfbuzz to 11.5.0 #​9203 [@​radarhere]
• Update dependency mypy to v1.18.2 #​9213 [@​renovate[bot]]
• Update dependency mypy to v1.18.1 #​9207 [@​renovate[bot]]
• Update github-actions #​9194 [@​renovate[bot]]
• Updated harfbuzz to 11.4.5 #​9150 [@​radarhere]
• Update zlib-ng to 2.2.5 #​9140 [@​radarhere]
• Update raqm to 0.10.3 #​9137 [@​radarhere]
• Update libjpeg-turbo to 3.1.2 #​9188 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9180 [@​pre-commit-ci[bot]]
• Update dependency cibuildwheel to v3.1.4 #​9164 [@​renovate[bot]]
• Update actions/checkout action to v5 #​9156 [@​renovate[bot]]
• Update actions/download-artifact action to v5 #​9141 [@​renovate[bot]]
• Updated harfbuzz to 11.3.3 #​9103 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9131 [@​pre-commit-ci[bot]]
• Updated libimagequant to 4.4.0 #​9074 [@​radarhere]
• Update dependency mypy to v1.17.1 #​9130 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.3 #​9129 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.2 #​9118 [@​renovate[bot]]
• Updated libpng to 1.6.50 #​9058 [@​radarhere]
• Update cygwin/cygwin-install-action action to v6 #​9108 [@​renovate[bot]]
• Update dependency mypy to v1.17.0 #​9092 [@​renovate[bot]]
• Updated libwebp to 1.6.0 #​9082 [@​radarhere]
• Update dependency cibuildwheel to v3.0.1 #​9075 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9073 [@​pre-commit-ci[bot]]

Testing

• Check return types #​9045 [@​radarhere]
• Upgrade from macos-13 #​9212 [@​radarhere]
• Wheels CI: Check number of expected dists #​9239 [@​hugovk]
• Assert image type #​8845 [@​radarhere]
• Test GD transparency #​9196 [@​radarhere]
• Test mode when saving PPM images #​9195 [@​radarhere]
• Test unsupported BMP bitfields layout #​9193 [@​radarhere]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Use monkeypatch #​9192 [@​radarhere]
• Always check XMLPacket value #​9113 [@​radarhere]
• Rename variable to not shadow import #​9124 [@​radarhere]
• Removed unused code #​9182 [@​radarhere]
• Add has_feature_version helper #​9172 [@​radarhere]
• Replace print with assert #​9171 [@​radarhere]
• Add Debian 13 Trixie #​9147 [@​hugovk]
• Do not import from Tests directory in checks #​9143 [@​radarhere]
• Improve features test coverage #​9077 [@​radarhere]
• Remove WebP feature handling #​9096 [@​radarhere]
• Update for pyroma 5.0 #​9093 [@​radarhere]
• Improve WmfImagePlugin test coverage #​9090 [@​radarhere]
• Improve DdsImagePlugin test coverage #​9091 [@​radarhere]
• Improve ImageMath test coverage #​9087 [@​radarhere]
• Fix unclosed file warning #​9065 [@​radarhere]
• Pyroma now supports PEP 639 #​9064 [@​radarhere]

Type hints

• Install arro3 dependencies when type checking #​9254 [@​radarhere]
• Check return types #​9045 [@​radarhere]
• Assert image type #​8845 [@​radarhere]
• Move imports into TYPE_CHECKING #​9123 [@​radarhere]
• Remove support for NumPy 1.20 when type checking #​9125 [@​radarhere]

Other changes

• Use macos-14 for iOS arm64 simulator #​9258 [@​hugovk]
• Use enums for Modes and RawModes in C #​9256 [@​radarhere]
• Add ImageText #​9098 [@​radarhere]
• Shift bits before making value negative #​9255 [@​radarhere]
• Support saving variable length rational TIFF tags by default #​9241 [@​radarhere]
• Added four private SGI TIFF tags #​9245 [@​radarhere]
• Band names for arrow exported images #​9099 [@​wiredfool]
• Use macos-latest for iOS arm64 simulator #​9250 [@​radarhere]
• If pasting an image onto itself at a lower position, copy from bottom #​8882 [@​radarhere]
• Removed unused access for I;32L and I;32B #​9238 [@​radarhere]
• Corrected scientific-python-nightly-wheels pattern #​9252 [@​radarhere]
• Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index #​9248 [@​radarhere]
• Removed shebang lines and executable flags #​9179 [@​radarhere]
• Remove Pillow version from PDF comment #​9176 [@​radarhere]
• Support saving variable length rational TIFF tags #​9111 [@​radarhere]
• Build Python 3.14 on macOS 10.15 #​9234 [@​radarhere]
• Test largest CUR cursor #​9191 [@​radarhere]
• Do not unnecessarily update FLI __offset #​9184 [@​radarhere]
• Fill alpha channel when quantizing RGB images #​9133 [@​radarhere]
• Allow RGBA palettes to work with ImageOps.expand() #​9138 [@​radarhere]
• Fixed loading rotated PCD images #​9177 [@​radarhere]
• Cast before shifting bits #​9236 [@​radarhere]
• Use _ensure_mutable() #​9200 [@​radarhere]
• Seek past BeginBinary data when parsing EPS metadata #​9211 [@​radarhere]
• Do not allow negative offset with memory mapping #​9235 [@​radarhere]
• Clear C image when MPO frame image size changes #​9208 [@​radarhere]
• When converting RGBA to PA, use RGB to P quantization #​9153 [@​radarhere]
• Remove use of sudo from libavif and raqm install scripts #​9231 [@​radarhere]
• Load image palette into Python after converting to PA #​9152 [@​radarhere]
• Check all reserved bytes in FLI header #​9183 [@​radarhere]
• Limit length of read operation in ImageFont._load_pilfont_data() #​9181 [@​radarhere]
• Python 3.9 wheels are no longer needed #​9214 [@​radarhere]
• Remove unused Image _expand() #​9227 [@​radarhere]
• Updated FreeType to 2.14.1 on Windows #​9206 [@​radarhere]
• Only deprecate fromarray mode for changing data types #​9063 [@​radarhere]
• Fix reading RGB and CMYK IPTC images #​9088 [@​radarhere]
• Install zstd for libtiff on Linux wheels #​9097 [@​radarhere]
• Improve WalImageFile test coverage #​9189 [@​radarhere]
• ImageMorph operations must have length 1 #​9102 [@​radarhere]
• Set correct size for rotated PCD images after opening #​9086 [@​radarhere]
• Simplify check for GBR width and height #​9089 [@​radarhere]
• Make in parallel when building libjpeg-turbo and openjpeg for macOS and Linux wheels #​9144 [@​radarhere]
• Fix ZeroDivisionError in ImageStat #​9105 [@​radarhere]
• When deleting EXIF IFD tag, delete IFD data #​9083 [@​radarhere]
• Allow alpha_composite to use LA images #​9066 [@​radarhere]
• Improve _accept length check #​9170 [@​radarhere]
• Do not set core to DeferredError #​9166 [@​radarhere]
• Use macos-14 for iOS arm64 simulator #​9161 [@​radarhere]
• Make in parallel when building brotli and libavif for macOS and Linux wheels #​9142 [@​radarhere]
• Use Python 3.14 for gcc problem matching #​9134 [@​radarhere]
• Add libavif support for iOS #​9117 [@​freakboy3742]
• Restore pyroma test for iOS #​9116 [@​freakboy3742]
• Use correct bands for two band histograms #​9054 [@​radarhere]
• Add support for Python 3.14 #​9120 [@​hugovk]
• Drop support for PyPy3.10 #​9112 [@​radarhere]
• Add parallel compile from pybind11 #​8990 [@​wiredfool]
• Remove unused _save_cjpeg #​9084 [@​radarhere]
• Ensure dynamic libjpeg libraries are not linked #​9081 [@​freakboy3742]
• Remove reference to libtiff 3.x #​9072 [@​radarhere]
• Restored manylinux2014 wheels #​9059 [@​radarhere]

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.