Note: This changes the CVE URL from cve.org/CVERecord?id=CVE-%s to cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s

Thanks, I've opened sphinx-doc/sphinx#13006 to update it in Sphinx.

Sphinx 8 doesn't support Python 3.9. Maybe we should hold off on this until Pillow 12?

Building docs is a different application to the Pillow API's version support policy. And we already upgraded to Sphinx 7.3 (#7985) which also doesn't support Python 3.9 :)

Sphinx's support policy is derived from SPEC 0 meaning they support fewer versions than we do. If we required Sphinx to build on all our supported versions, we'd have to use quite old Sphinx versions.