upcoming OpenEXR release plans

Cary Phillips


A regression was recently discovered in OpenEXR 2.4.2, a bug in Imath::succf() and Imath::predf().  Also, several CVE's have been filed for issues that are addressed in 3.0.1 but still present in 2.4 and 2.5, so I'm going to patch those releases:
  • v2.4.3:
    •  fix for the Imath::succf()/Imath::predf() regression
    •  fixes for CVE-2021-3474, CVE-2021-34745, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-34789, CVE-2021-20296
  • v2.5.6:
    • fix for the Imath::succf()/Imath::predf() regression
    • fixes for CVE-2021-3474, CVE-2021-34745, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-34789, CVE-2021-20296
Also, we are ready for v3.0.2,  a patch release with miscellaneous fixes since v3.0.1: 
  • #1015  Improvements for Bazel build support 
  • #1013  Fixed regression in Imath::succf() and Imath::predf() when negative values are given
  • #1011  Restore fix to macOS universal 2 build lost from #854
  • #1009  Remove test/warning about CMake version < 3.11
  • #1008  Clean up setting of OpenEXR version 
  • #1007  Fix TimeCode.frame max value to be 29 instead of 59
  • #1003  Prevent overflow in getScanlineChunkOffsetTableSize 
  • #1001  Update CHANGES and SECURITY with recent CVE's
  • #995   Don't impose C++14 on downstream projects
  • #993   Add STATUS message showing Imath_DIR
  • #992   exrcheck -v prints OpenEXR and Imath versions and lib versions
  • #991   exrcheck: make readDeepTile allocate memory for just one tile
Beyond that, we're planning a v3.1 for the summer, with a beta release in early July and an official release in early August. This will include:
  • C-language support for the half type, and new optimized table-less half-float conversion.
  • C-language extension to the OpenEXR core API with significantly improved threading performance.

Cary Phillips | R&D Supervisor | ILM | San Francisco

Join openexr-dev@lists.aswf.io to automatically receive all group messages.