The image formats we've selected to fuzz test libvips with are typically
those likely to originate from untrusted sources, and this very much
includes the web.
libjxl was added as a dependency of libvips around 18 months ago in
anticipation the JPEG-XL format being adopted for the web. A year ago we
added a couple of the libjxl maintainers to help triage OSS-Fuzz issues
as its inclusion generated a relatively large number of new problems,
including one that was later issued a CVE.
https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libvips%20libjxl&can=1
The libvips maintainers would love for JPEG-XL to succeed as a format
and we hope to add libjxl back soon, but for now we would like to remove
it to help reduce the support overhead.
/cc @jcupitt
* [presubmit] Enforce language attribute in projectt.yaml to be always set.
* Update documentation, better presubmit check, new project template.
* add docstring to templates.py
* Add example values in the project.yaml template and remove python value for now
* Add "project: c++" to 256 projects
* format
* Add labels and selective_unpack sections to the presubmit check
* fix incorrect auto_ccs format in three projects
* fix nss emails after rebase
Lovell Fuller