A regression was recently discovered in OpenEXR 2.4.2, a bug in Imath::succf() and Imath::predf(). Also, several CVE's have been filed for issues that are addressed in 3.0.1 but still present in 2.4 and 2.5, so I'm going to patch those releases:
v2.4.3:
fix for the Imath::succf()/Imath::predf() regression
fixes for CVE-2021-3474, CVE-2021-34745, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-34789, CVE-2021-20296
v2.5.6:
fix for the Imath::succf()/Imath::predf() regression
fixes for CVE-2021-3474, CVE-2021-34745, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-34789, CVE-2021-20296
Also, we are ready for v3.0.2, a patch release with miscellaneous fixes since v3.0.1:
#1015 Improvements for Bazel build support
#1013 Fixed regression in Imath::succf() and Imath::predf() when negative values are given
#1011 Restore fix to macOS universal 2 build lost from #854
#1009 Remove test/warning about CMake version < 3.11
#1008 Clean up setting of OpenEXR version
#1007 Fix TimeCode.frame max value to be 29 instead of 59
#1003 Prevent overflow in getScanlineChunkOffsetTableSize
#1001 Update CHANGES and SECURITY with recent CVE's
#995 Don't impose C++14 on downstream projects
#993 Add STATUS message showing Imath_DIR
#992 exrcheck -v prints OpenEXR and Imath versions and lib versions
#991 exrcheck: make readDeepTile allocate memory for just one tile
Beyond that, we're planning a v3.1 for the summer, with a beta release in early July and an official release in early August. This will include:
C-language support for the half type, and new optimized table-less half-float conversion.
C-language extension to the OpenEXR core API with significantly improved threading performance.
Thanks
OpenEXR TSC
--
Cary Phillips | R&D Supervisor | ILM | San Francisco
