Safety vulnerability ID: 61503
The information on this page was manually curated by our Cybersecurity Intelligence Team.
[This advisory has been limited. Please create a free account to view the full advisory.]
Latest version: 4.62.1
Tools to manipulate font files
[This affected versions has been limited. Please create a free account to view the full affected versions.]
[This fixed versions has been limited. Please create a free account to view the full fixed versions.]
----------------------------
- [subset] Set up lxml ``XMLParser(resolve_entities=False)`` when parsing OT-SVG documents
to prevent XML External Entity (XXE) attacks (9f61271dc):
https://codeql.github.com/codeql-query-help/python/py-xxe/
- [varLib.iup] Added workaround for a Cython bug in ``iup_delta_optimize`` that was
leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas
(60126435d, cython/cython5732).
- [varLib] Added new command-line entry point ``fonttools varLib.avar`` to add an
``avar`` table to an existing VF from axes mappings in a .designspace file (0a3360e52).
- [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned
after VarData optimization (3268).
- Added support for Python 3.12 (3283).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application