What's Changed
- GHA: publish container images using GITHUB_TOKEN by @NyanKiyoshi in #15293
- deps: update pillow, cryptography, jinja2 to latest by @NyanKiyoshi in #15300
CVE fixes:- (cryptography) CVE-2023-49083: NULL-dereference when loading PKCS7 certificates.
- (pillow) CVE-2023-50447: Arbitrary Code Execution in Pillow.
- (pillow) No CVE: ImageFont.getmask: (2x) potential DoS.
- (jinja2) CVE-2024-22195: vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter.
- async webhooks: add extra data in failure logs by @NyanKiyoshi in #15311
Full Changelog: 3.18.12...3.18.13