Vulnerability Patch release v3.0.2

[Darcy M]

Pydicom has release a patch version (v3.0.2) due to the reporting of a security vulnerability [1].

In brief, prior to v3.0.2, a crafted DICOMDIR file could allow access to files outside the DICOMDIR root directory when read with pydicom's FileSet class.

It is recommended to upgrade immediately to version 3.0.2.

There is also a patch release for the pydicom v2.4 branch (v2.4.5, Python 3.10/3.11 only).  However we recommend everyone move to the v3.X releases if they have not already done so.  The 2.X versions will be declared end-of-life with the upcoming pydicom v3.1 release.

We have opened a Discussion page [2] in the pydicom repository for any comments or questions about this release.

[1] https://github.com/pydicom/pydicom/security/advisories/GHSA-v856-2rf8-9f28

Thanks to jhanks (https://github.com/jh4nks) for reporting this issue.

[2] https://github.com/pydicom/pydicom/discussions/2313