All Versions
22
Latest Version
Avg Release Cycle
168 days
Latest Release
672 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v2.2.2 Changes
May 28, 2021 -
v2.2.1 Changes
March 30, 2021 -
v2.2.0 Changes
February 23, 2021โ Added
- ๐ libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
- ๐ Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
- ๐ Support for the latest version of RMagick (@mshibuya 88f24451)
๐ Deprecated
#(content_type|extension)_whitelist
,#(content_type|extension)_blacklist
are deprecated. Use#(content_type|extension)_allowlist
and#(content_type|extension)_denylist
instead (@grantbdev #2442, 4c3cac75)
๐ Fixed
- Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
- Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
- ๐ Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
- ๐ Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
- Fix instance variables
@versions_to_*
not initialized warning (@mshibuya c10b82ed, #2493) - Fix
SanitizedFile#move_to
wrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495) - ๐ Fix returning invalid content type on text files (@inkstak #2474, #2424)
- Skip content type and extension filters where possible (@alexpooley #2464)
- ๐ Fix file's
#url
being called twice, which might be costly for non-local files (@skyeagle #2519) - ๐ Fix mime type detection failing with types which contain
+
symbol, such asimage/svg+xml
(@sylvainbx #2489) - ๐ Fix
#cached?
to return boolean instead of@cache_id
value (@kmiyake #2510) - ๐ Fix mime type detection for MS Office files (@anthonypenner #2447)
๐ Security
- ๐ Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
- ๐ Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)
-
v2.1.1 Changes
February 08, 2021๐ Security
- ๐ Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
- ๐ Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)
-
v2.1.0 Changes
February 16, 2020 -
v2.0.2 Changes
September 28, 2019 -
v2.0.1 Changes
August 31, 2019 -
v2.0.0 Changes
August 18, 2019No changes.
-
v2.0.0.rc Changes
June 23, 2019โ Added
- ๐ Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
- ๐ Allow retrieval of uploader index within uploaders(@mshibuya #1771)
- โ Add ability to customize downloaders(@mshibuya #1636)
- ๐ Support internationalized domain names for downloader(@mshibuya #2086)
- ๐ Support authenticated_url for Aliyun provider(@Nitrino #2381)
- ๐ Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
- ๐ Support authenticated_url for AzureRM provider(@Nitrino #2375)
- ๐ Allow custom expires_at when building an authenticated_url(@stephankaag #2397)
๐ Changed
- ๐ง Use the storage given by
storage
configuration also forcache_storage
unless explicitly specified(@mshibuya 629afecb) - ๐ Improve Fog initialization(@mshibuya #2395)
- โก๏ธ [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
- [BREAKING CHANGE]
#remote_#{column}_urls=
was changed to preserve precedent updates(@mshibuya 8f18a95b) #serializable_hash
now returns string for version keys(@schovi #2246)- Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a
content_type_whitelist
(@locriani #1934) - Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
- Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
- ๐ฅ๏ธ Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)
๐ Deprecated
- ๐ง
fog_provider
configuration was deprecated and has no effect, just adding fog providers toGemfile
will load them(@mshibuya ca201ee2) - ๐
CarrierWave::Uploader::Base#sanitized_file
was deprecated, use#file
instead(@mshibuya 28190e99)
โ Removed
๐ Fixed
- ๐ Fix deleting files twice when marked for removal(@mshibuya 67800fde)
- ๐ Fix
uploader.cache!
loads entire contents of file into memory(@mshibuya #2136) - Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
- ๐ Allow deleting all files for multiple file upload(@mshibuya #1990)
- Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
- ๐ Fix
#clean_cache!
breaking with old format of cache id(@mshibuya aab402fb) - ๐ Fix
#exists?
returning true after Fog file deletion(@mshibuya #2387) - ๐ Make
#identifier
available for a retrieved file(@mshibuya #1581) - ๐ Make cache id generation less predictable(@mshibuya #2326)
- Uploaders not being cleared when
#reload
or#initialize_dup
are overridden in model(@mshibuya #2379) - ๐ Fix
#content_type
returning false, instead of nil(@longkt90 #2384) - Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
- ๐
#recreate_versions!
ignored:from_version
when versions to recreate are given(@hedgesky #1879 #1164)
-
v1.3.2 Changes
February 08, 2021๐ Fixed
- ๐ Fix Ruby 2.7 deprecations(@aubinlrx #2462)
๐ Security
- ๐ Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya eb9346df, GHSA-cf3w-g86h-35x4)
- ๐ Fix SSRF vulnerability in the remote file download feature (@mshibuya 91714add, GHSA-fwcm-636p-68r5)