From 3cb814f33899b4d50eb04c316e66a737751c70a8 Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Date: Tue, 31 Mar 2026 23:15:06 +0300
Subject: [PATCH 1/2] Update 12.2.0 release notes

---
 docs/releasenotes/12.2.0.rst | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/docs/releasenotes/12.2.0.rst b/docs/releasenotes/12.2.0.rst
index 209fa782f83..d02d6541466 100644
--- a/docs/releasenotes/12.2.0.rst
+++ b/docs/releasenotes/12.2.0.rst
@@ -67,6 +67,11 @@ or scaling, optionally with a font size limit::
     text.wrap(58, 10, "grow")
     text.wrap(50, 50, ("grow", 12))
 
+EXIF tag FrameRate
+^^^^^^^^^^^^^^^^^^
+
+The EXIF tag ``FrameRate`` has been added.
+
 Other changes
 =============
 
@@ -75,3 +80,16 @@ Support reading JPEG2000 images with CMYK palettes
 
 JPEG2000 images with CMYK palettes can now be read. This is the first integration of
 CMYK palettes into Pillow.
+
+Lazy plugin loading
+^^^^^^^^^^^^^^^^^^^
+
+When opening or saving an image, Pillow now lazily loads only the required plugin
+based on the file extension, instead of importing all plugins upfront. This makes
+``open`` 2.3-15.6x faster and ``save`` 2.2-9x faster for common formats.
+
+Thread safety for free-threaded Python
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Critical sections are now used to protect FreeType font objects, improving thread
+safety when using fonts in the free-threaded build of Python.

From c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Wed, 1 Apr 2026 16:49:20 +1100
Subject: [PATCH 2/2] Added security release notes

---
 docs/releasenotes/12.2.0.rst | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/docs/releasenotes/12.2.0.rst b/docs/releasenotes/12.2.0.rst
index d02d6541466..05d5dee2567 100644
--- a/docs/releasenotes/12.2.0.rst
+++ b/docs/releasenotes/12.2.0.rst
@@ -4,15 +4,34 @@
 Security
 ========
 
-TODO
-^^^^
+Prevent FITS decompression bomb
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
+When decompressing GZIP data from a FITS image, Pillow did not limit the amount of data
+being read, meaning that it was vulnerable to GZIP decompression bombs. This was
+introduced in Pillow 10.3.0.
 
-:cve:`YYYY-XXXXX`: TODO
-^^^^^^^^^^^^^^^^^^^^^^^
+The data being read is now limited to only the necessary amount.
+
+Fix OOB write with invalid tile extents
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Pillow 12.1.1 added improved checks for tile extents to prevent an OOB write from
+specially crafted PSD images in Pillow >= 10.3.0. However, these checks did not
+consider integer overflow. This has been corrected.
+
+Prevent PDF parsing trailer infinite loop
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+When parsing a PDF, if a trailer refers to itself, or a more complex cyclic loop
+exists, then an infinite loop occurs. Pillow now keeps a record of which trailers it
+has already processed. PdfParser was added in Pillow 4.2.0.
+
+Integer overflow when processing fonts
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
+If a font advances for each glyph by an exceeding large amount, when Pillow keeps track
+of the current position, it may lead to an integer overflow. This has been fixed.
 
 API changes
 ===========