Security issue with Pillow as reported by snyk.io
JPedersen opened this issue · comments
Josua Pedersen commented
It seems there is a critical issue in Pillow 8.4 that is fixed in Pillow 9:
https://security.snyk.io/vuln/SNYK-PYTHON-PILLOW-2331901
Wagtail seems to be pinned to 8.4:
https://github.com/wagtail/wagtail.io/blob/main/requirements.txt#L6
Josua Pedersen commented
I realise now I filed this in the wrong project, I can see that this was released with wagtail/wagtail#7817 being fixed. Thanks a lot everyone!