Note that at the time of its release (May 2026), this release is part of the "obsolete" 3.0 family, and the current fully supported family of releases is 3.1.
Release 3.0.18.0 (May 1, 2026) -- compared to 3.0.17.0
- ImageSpec: ImageSpec::get_string_attribute didn't correctly translate to string #5161
- bmp: Correctly handle the combination of greyscale + RLE compression #5163
- dds: Corruption protection: validate resolution + overflow care #5131
- heif: Fix incorrect tracking of current subimage #5166
- jpeg2000: Watch out for int overflow in buffer size computation #5143
- rla: Harden against corrupted files #5153
- sgi: Better detection of corrupt RLE info that could overflow #5141
- softimage: Hardening against corrupted input: prevent buffer overruns from corrupt RLE, malformed channel packets, and other invalid data. #5142 #5155 #5156
- targa: Protection against corrupt, mis-sized palette #5165
- tiff: Care with missing rowsperstrip #5160
- tiff: More care ignoring XMP tags that should not be used #5162
- xmp: Correctly parse XMP with self-closing elements #5106
- build: Fix Makefile wrapper to properly quote test regex #5146
- ci: Fix breakage because fmtlib changed 'master' to 'main' #5127
- ci: Unbreak Mac CI by adding jpeg-xl install #5139
- admin: Update security instructions to emphasize reporting via GitHub #5149