CarrierWave changelog

Changelog History

Page 1

• v2.2.2 Changes

  May 28, 2021

  🛠 Fixed

  • 🛠 Fix no implicit conversion of CSV into String error when parsing a CSV object (@pjmartorell #2562, #2559)

• v2.2.1 Changes

  March 30, 2021

  🔄 Changed

  • Replace mimemagic with marcel due to licensing concern (@pjmartorell #2551, #2548)

  🛠 Fixed

  • Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@mshibuya 42c620a1, #2532)

• v2.2.0 Changes

  February 23, 2021

  ➕ Added

  • 💎 libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
  • 🗄 Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
  • 👌 Support for the latest version of RMagick (@mshibuya 88f24451)

  🗄 Deprecated

  • #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@grantbdev #2442, 4c3cac75)

  🛠 Fixed

  • Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
  • Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
  • 🛠 Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
  • 🛠 Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
  • Fix instance variables @versions_to_* not initialized warning (@mshibuya c10b82ed, #2493)
  • Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495)
  • 🛠 Fix returning invalid content type on text files (@inkstak #2474, #2424)
  • Skip content type and extension filters where possible (@alexpooley #2464)
  • 🛠 Fix file's #url being called twice, which might be costly for non-local files (@skyeagle #2519)
  • 🛠 Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@sylvainbx #2489)
  • 🛠 Fix #cached? to return boolean instead of @cache_id value (@kmiyake #2510)
  • 🛠 Fix mime type detection for MS Office files (@anthonypenner #2447)

  🔒 Security

  • 🛠 Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
  • 🛠 Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)

• v2.1.1 Changes

  February 08, 2021

  🔒 Security

  • 🛠 Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
  • 🛠 Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

• v2.1.0 Changes

  February 16, 2020

  ➕ Added

  • 👌 Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)

  🛠 Fixed

  • 🛠 Fix Ruby 2.7 deprecations(@mshibuya 9a37fc9e)
  • 🛠 Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@Bonias #2439)
  • 👉 Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@p8 #2437)

• v2.0.2 Changes

  September 28, 2019

  🛠 Fixed

  • 🛠 Fix download causing nil error if the file has empty filename(@fukayatsu #2419, #2411)

• v2.0.1 Changes

  August 31, 2019

  🛠 Fixed

  • 🛠 Fix #{column}_cache unintentionally removing files on assigning empty string(@mshibuya 22e8005e, #2412)

• v2.0.0 Changes

  August 18, 2019

  No changes.

• v2.0.0.rc Changes

  June 23, 2019

  ➕ Added

  • 🚚 Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
  • 👍 Allow retrieval of uploader index within uploaders(@mshibuya #1771)
  • ➕ Add ability to customize downloaders(@mshibuya #1636)
  • 👌 Support internationalized domain names for downloader(@mshibuya #2086)
  • 👌 Support authenticated_url for Aliyun provider(@Nitrino #2381)
  • 👌 Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
  • 👌 Support authenticated_url for AzureRM provider(@Nitrino #2375)
  • 🏗 Allow custom expires_at when building an authenticated_url(@stephankaag #2397)

  🔄 Changed

  • 🔧 Use the storage given by storage configuration also for cache_storage unless explicitly specified(@mshibuya 629afecb)
  • 👌 Improve Fog initialization(@mshibuya #2395)
  • ⚡️ [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
  • [BREAKING CHANGE] #remote_#{column}_urls= was changed to preserve precedent updates(@mshibuya 8f18a95b)
  • #serializable_hash now returns string for version keys(@schovi #2246)
  • Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a content_type_whitelist(@locriani #1934)
  • Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
  • Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
  • 🔥️ Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)

  🗄 Deprecated

  • 🔧 fog_provider configuration was deprecated and has no effect, just adding fog providers to Gemfile will load them(@mshibuya ca201ee2)
  • 🗄 CarrierWave::Uploader::Base#sanitized_file was deprecated, use #file instead(@mshibuya 28190e99)

  ✂ Removed

  • ✂ Remove support for Rails 4.x and Ruby 2.0/2.1 (@mshibuya bada043f)

  🛠 Fixed

  • 🛠 Fix deleting files twice when marked for removal(@mshibuya 67800fde)
  • 🛠 Fix uploader.cache! loads entire contents of file into memory(@mshibuya #2136)
  • Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
  • 👍 Allow deleting all files for multiple file upload(@mshibuya #1990)
  • Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
  • 🛠 Fix #clean_cache! breaking with old format of cache id(@mshibuya aab402fb)
  • 🛠 Fix #exists? returning true after Fog file deletion(@mshibuya #2387)
  • 👉 Make #identifier available for a retrieved file(@mshibuya #1581)
  • 👉 Make cache id generation less predictable(@mshibuya #2326)
  • Uploaders not being cleared when #reload or #initialize_dup are overridden in model(@mshibuya #2379)
  • 🛠 Fix #content_type returning false, instead of nil(@longkt90 #2384)
  • Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
  • 🔖 #recreate_versions! ignored :from_version when versions to recreate are given(@hedgesky #1879 #1164)

• v1.3.2 Changes

  February 08, 2021

  🛠 Fixed

  • 🛠 Fix Ruby 2.7 deprecations(@aubinlrx #2462)

  🔒 Security

  • 🛠 Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya eb9346df, GHSA-cf3w-g86h-35x4)
  • 🛠 Fix SSRF vulnerability in the remote file download feature (@mshibuya 91714add, GHSA-fwcm-636p-68r5)

• 1
• 2
• 3
• Next ›
• Last »