CarrierWave v2.2.0 Release Notes
Release Date: 2021-02-23 // about 3 years ago-
โ Added
- ๐ libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
- ๐ Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
- ๐ Support for the latest version of RMagick (@mshibuya 88f24451)
๐ Deprecated
#(content_type|extension)_whitelist,#(content_type|extension)_blacklistare deprecated. Use#(content_type|extension)_allowlistand#(content_type|extension)_denylistinstead (@grantbdev #2442, 4c3cac75)
๐ Fixed
- Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
- Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
- ๐ Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
- ๐ Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
- Fix instance variables
@versions_to_*not initialized warning (@mshibuya c10b82ed, #2493) - Fix
SanitizedFile#move_towrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495) - ๐ Fix returning invalid content type on text files (@inkstak #2474, #2424)
- Skip content type and extension filters where possible (@alexpooley #2464)
- ๐ Fix file's
#urlbeing called twice, which might be costly for non-local files (@skyeagle #2519) - ๐ Fix mime type detection failing with types which contain
+symbol, such asimage/svg+xml(@sylvainbx #2489) - ๐ Fix
#cached?to return boolean instead of@cache_idvalue (@kmiyake #2510) - ๐ Fix mime type detection for MS Office files (@anthonypenner #2447)
๐ Security
- ๐ Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
- ๐ Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)