2.6.0 (2014-10-01)

Security

CVE-2014-3589: Fix DOS attack

PIL/IcnsImagePlugin.py in Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Found and reported by Andrew Drake of Dropbox.