All Versions
64
Latest Version
Avg Release Cycle
128 days
Latest Release
673 days ago

Changelog History
Page 1

  • v1.4.0 Changes

    May 19, 2021

    ๐Ÿ”„ Changes

    • โœ‚ Removed convert processor and generator (which were quite insecure), in favour of utility commands in Dragonfly::ImageMagick::Commands

    ๐Ÿ›  Fixes

    • ๐Ÿ‘ Better security for all job steps with parameter validations - addresses CVE-2021-33564

  • v1.3.0 Changes

    January 09, 2021

    ๐Ÿ”„ Changes

    • โฌ‡๏ธ Dropped official support for ruby < 2.2 - too annoying to maintain

    ๐Ÿ›  Fixes

    • ๐Ÿ›  Fixed losing attachment when transaction rolled back on destroy (dlibanori)
    • ๐Ÿ›  Fixed fetch_url edge case when redirect url includes special chars (thedanbob)

  • v1.2.1 Changes

    July 24, 2020

    ๐Ÿ”‹ Features

    • ๐Ÿ‘ Allow having no logger (setting to nil) (kaimou1357) Fixes
    • ๐Ÿ›  Fix URI.unescape deprecation warning (alberto-mota)

    # 1.2.0 (2018-11-13)

    Fixes

    • Replaced quote with escape for escaping shell commands - works with paths with apostrophes Changes
    • Replaced Open3.popen3 with now recommended Open3.capture3 (tomasc)

    # 1.1.5 (2018-03-23)

    Fixes

    • Moved destroy_dragonfly_attachments into an after_destroy - issue #477 (eldotz)

    # 1.1.4 (2017-12-31)

    Fixes

    • ๐Ÿ›  Fixed data uris not working for long strings (reported dlibanori)
    • โœ‚ Removed syntax warnings (swamp09)
    • ๐Ÿ‘ Correct ActiveRecord hook with ActiveSupport.on_load (efatsi)

    # 1.1.3 (2017-06-02)

    Fixes

    • โšก๏ธ Make sure imagemagick convert processor updates mime_type correctly when format is changed

    # 1.1.2 (2017-05-06)

    Fixes

    • ๐Ÿ‘ Allow relative redirect urls in fetch_url (zorec)
    • ๐Ÿ›  Fixed Forwardable deprecation warnings (neodude)
    • ๐Ÿ›  Fixed incorrect detection of empty directories in ruby 2.4 (yuszuv)
    • Store content type in meta if it's available so we don't lose information (Lukas Svoboda)

    # 1.1.1 (2016-10-26)

    Features

    • โž• Added delegate option for imagemagick (Will Fisher)

    ๐Ÿ›  Fixes

    • ๐Ÿ‘‰ Use Base64.urlsafe_encode64 (Jan Raasch) Note that this changes b64 encodings from '/' to '_' and '+' to '-' in URLs, which will change a very small number of generated URLs (but shouldn't be enough to cause big recaching problems) URLs are encoded now according to the URL safe base64 specification in RFC 4648. Old URLs are still recognized so won't break.

  • v1.2.0 Changes

    November 13, 2018

    ๐Ÿ›  Fixes

    • Replaced quote with escape for escaping shell commands - works with paths with apostrophes ๐Ÿ”„ Changes -----
    • Replaced Open3.popen3 with now recommended Open3.capture3 (tomasc)

  • v1.1.5 Changes

    March 23, 2018

    ๐Ÿ›  Fixes

    • Moved destroy_dragonfly_attachments into an after_destroy - issue #477 (eldotz)

  • v1.1.4 Changes

    December 31, 2017

    ๐Ÿ›  Fixes

    • ๐Ÿ›  Fixed data uris not working for long strings (reported dlibanori)
    • โœ‚ Removed syntax warnings (swamp09)
    • ๐Ÿ‘ Correct ActiveRecord hook with ActiveSupport.on_load (efatsi)

  • v1.1.3 Changes

    June 02, 2017

    ๐Ÿ›  Fixes

    • โšก๏ธ Make sure imagemagick convert processor updates mime_type correctly when format is changed

  • v1.1.2 Changes

    May 06, 2017

    ๐Ÿ›  Fixes

    • ๐Ÿ‘ Allow relative redirect urls in fetch_url (zorec)
    • ๐Ÿ›  Fixed Forwardable deprecation warnings (neodude)
    • ๐Ÿ›  Fixed incorrect detection of empty directories in ruby 2.4 (yuszuv)
    • Store content type in meta if it's available so we don't lose information (Lukas Svoboda)

  • v1.1.1 Changes

    October 26, 2016

    ๐Ÿ”‹ Features

    • โž• Added delegate option for imagemagick (Will Fisher)

    ๐Ÿ›  Fixes

    • ๐Ÿ‘‰ Use Base64.urlsafe_encode64 (Jan Raasch) Note that this changes b64 encodings from '/' to '_' and '+' to '-' in URLs, which will change a very small number of generated URLs (but shouldn't be enough to cause big recaching problems) URLs are encoded now according to the URL safe base64 specification in RFC 4648. Old URLs are still recognized so won't break.

  • v1.1.0 Changes

    October 24, 2016

    ๐Ÿ›  Fixes

    • Fetch a URL with basic auth if it's present in the URI (Ben Pickles)
    • ๐Ÿ›  Fix rack version problem for older rubies (rack 2.0 only works for ruby >= 2.2.2)
    • โšก๏ธ Updated deprecated syntax in tests for WebMock, RSpec

    ๐Ÿ”„ Changes

    • โฌ‡๏ธ Dropped official support for Ruby <= 1.9.2 and Rubinius

    # 1.0.12 (2015-09-16)

    Features

    • Made thumb processor args for a specific geometry publicly accesible

    # 1.0.11 (2015-09-04)

    Fixes

    • ๐Ÿ‘‰ Make sure tempfiles are created with paths matching the meta name

    # 1.0.10 (2015-05-14)

    Features

    • ๐Ÿ‘ Allow method signified by symbol in storage_options to take an attachment object
    • ๐Ÿ‘ Allow passing in "input_args" to convert processor Fixes
    • correct Rack version

    # 1.0.9 (2015-04-29)

    Fixes

    • โœ‚ Remove sha parameter being echoed back on error for better security

    # 1.0.8 (2015-04-23)

    Fixes

    • ๐Ÿšš Job#close re-added, so that tempfiles are immediately removed after each request
    • Specs passing for 1.8.7, 1.9.2 (i18n gem version specified)

    # 1.0.7 (2014-08-26)

    Changes

    • ๐Ÿ‘ท Job#sha uses better algorithm
    • renamed protect_from_dos_attacks -> verify_urls and turn on by default

    # 1.0.6 (2014-08-22)

    Features

    • env can be accessed by routed endpoint blocks

    ๐Ÿ›  Fixes

    • analyser cache doesn't get stored in meta for a given piece of meta - can mess with stringifying analyser return values
    • โœ‚ removed default secret, forcing user to specify one explicitly
    • deal with "[" character problems in urls https://github.com/markevans/dragonfly/pull/337

    # 1.0.5 (2014-05-15)

    Fixes

    • ๐Ÿ’Ž fetch_url wasn't correctly getting https endpoints on Ruby approx < 2

    # 1.0.4 (2014-04-11)

    Fixes

    • fetch_url is more forgiving - assume escaped, if not escape

    # 1.0.3 (2014-01-28)

    Fixes

    • ๐Ÿ‘ท changing meta on a job (e.g. fetch('blah').encode('jpg')) was interfering with meta on its parent job (e.g. fetch('blah'))

    # 1.0.2 (2013-12-20)

    Fixes

    • ๐Ÿš… more secure generation of secret in rails generator
    • ensure popen3 doesn't hang

    # 1.0.1 (2013-11-28)

    Changes

    • FileDataStore doesn't use hours_minutes_seconds in its path - it uses a random string instead (12_15_59_saf4fs_file.png -> sdf4c2G_file.png)

    ๐Ÿ”‹ Features

    • model attribute xxx_changed? method (useful e.g. in validations)

    ๐Ÿ›  Fixes

    • ๐Ÿ’Ž proper support for Ruby 1.8.7 and JRuby (version 1.7.8)
    • ๐Ÿ‘ท routed endpoints can deal with returned Attachment objects (rather than returned Job objects) and return 404 if the endpoint proc returns nil
    • 0๏ธโƒฃ default Content-Disposition header doesn't url-encode filename unless the request is from IE
    • fetch_url deals with urls that redirect to https (previously was blowing up)

    # 1.0.0 (2013-11-24)

    Changes

    • ๐Ÿ”ง configuration
      • Dragonfly[:images] -> Dragonfly.app and Dragonfly.app(:named_app)
      • configuration block DSL overhaul
      • Rails is set up using a generator, not by requiring the file "dragonfly/rails/images"
      • Rack::Cache is not inserted by Dragonfly - this is up to the user
    • data store spec
      • store/retrieve -> read/write
      • write takes a Content, not a TempObject (though the interface is much the same)
      • return nil on read to signify not found instead of raising
    • S3, Couch and Mongo data stores extracted into separate gems
    • models
      • easier and simpler to include in custom models using Dragonfly::Model
      • image_accessor, asset_accessor, xxx_accessor, etc. -> single dragonfly_accessor
      • user needs to extend Dragonfly::Model::Validations manually to use dragonfly validations
    • Custom processors, datastores, generators and analysers are made easier by Content object which has convenience methods
    • โœ‚ Removed "encoders" - these are covered by processors now
    • โœ‚ Removed "job" shortcuts - they are not needed as processors can invoke other processors
    • No "smart" determination of mime-type - just use file extension (anything more than that can be done by the user)
    • ๐Ÿ“‡ metadata is required to be serializable to/from JSON
    • removed allow_fetch_file and allow_fetch_url in favour of more fine-control with fetch_file_whitelist and fetch_url_whitelist
    • 0๏ธโƒฃ switch off dealing with legacy urls by default
    • proper requires throughout the code instead of autoloading
    • simple 500 response for unknown errors

    ๐Ÿ”‹ Features

    • 0๏ธโƒฃ model attachment default (by specifying a path to a e.g. a default image)
    • convert and thumb processors take a 'frame' option
    • thumb takes a 'format' option
    • fetch_file and model.attachment_url= accept a data uri string
    • Attachment#xxx_stored, e.g. my_model.my_attachment_stored? (my_attachment here being the attachment name)
    • ๐Ÿ‘ท define for creating custom methods on Job/Attachment objects
    • url_path_prefix for when mounted in Rack with a "SCRIPT_NAME"
    • ๐Ÿšš when customizing response headers, ability to remove headers by setting to nil
    • ๐Ÿ‘ better logging
      • for each response
      • for shell commands

    ๐Ÿ›  Fixes

    • inserting CookieMonster doesn't depend on existence of ActionDispatch::Cookies
    • image? returns false for pdfs
    • fetch_url raises more useful ErrorResponse on error
    • โš  shell commands don't print warnings to stderr
    • ๐Ÿ‘ท ability to assign attachment/job from other app

    # 0.9.15 (2013-05-04)

    Features

    • ๐Ÿ‘ Allow turning off support of legacy urls

    ๐Ÿ›  Fixes

    • More conservative URL escaping - back to Rack::Utils.escape_path
    • Don't check for malicious strings when deserializing from datastores (they're to be trusted)

    # 0.9.14 (2013-02-13)

    Features

    • Attachment#b64_data

    ๐Ÿ›  Fixes

    • ๐Ÿ›  Fix '+' character being converted to ' ' (revert to URI.escape instead of Rack::Utils.escape)
    • ๐Ÿ‘Œ Support old-style deprecated urls (with a check for malicious ones)
    • ๐Ÿ– Handle case where uid is an empty string

    # 0.9.13 (2013-01-30)

    Changes

    • URLS are encoded/decoded with JSON, not with Marshal

    # 0.9.12 (2012-04-08)

    Features

    • ๐Ÿ‘ Allow using a mongo replica set with mongo datastore

    ๐Ÿ›  Fixes

    • define_macro_on_include was giving a stack error with multiple accessors on same app

    # 0.9.11 (2012-03-12)

    Features

    • ๐Ÿ‘ Allow the S3 base URL to be customised with url_host (or per-request)
    • โž• Added App#name (name as per Dragonfly[:app_name])

    ๐Ÿ”„ Changes

    • ๐Ÿ‘ Better inspect for App, Processor, Analyser, Encoder, Generator, Job, TempObject, RoutedEndpoint, JobEndpoint

    ๐Ÿ›  Fixes

    • ๐Ÿ‘€ Rescue from Excon::Errors::Conflict which apparently gets raised sometimes (don't know why - see https://github.com/markevans/dragonfly/issues/167)
    • Alias portrait and landscape without question marks, so magic_attributes can be used with them
    • Fixed stack error when using define_macro_on_include twice
    • ๐Ÿ”€ Use fog's sync_clock to overcome potential S3 time skew problems
    • Using :name in urls was causing problems when filenames had dashes in them

    # 0.9.10 (2012-01-11)

    Fixes

    • FileDataStore was causing errors when the storage path was flat (not in a directory structure)

    # 0.9.9 (2011-12-30)

    Features

    • Created tempfiles use the original file extension if known
    • Added :case_sensitive option to validates_property for dealing with upper-case extensions and mime-types.
    • Github Markup syntax on readme for code highlighting
    • ๐Ÿ”ง S3DataStore can use https for remote urls (either configurable or per-url)
    • to_file can take :mode option for setting custom permissions
    • 0๏ธโƒฃ to_file creates intermediate subdirs by default, can be turned off with :mkdirs => false option
    • โž• Added some more S3 regions

    ๐Ÿ”„ Changes

    • Datastores now use temp_object.meta, not the second arg passed in to store
    • ๐Ÿ‘ท meta, name, etc. now lazily load the job on an attachment - previously you'd have to call apply to get the meta from the datastore
    • When assigning an image via the activemodel extensions, mark that uid attribute will change
    • ๐Ÿš… validates_property uses Rails 3 validators
    • ๐Ÿ”ง Deprecated saved 'heroku' config, in favour of configuring S3 explicitly

    ๐Ÿ›  Fixes

    • ๐Ÿ‘ท Model attachment urls are consistent now - the name is appended to the url (with format "/:job/:name") ONLY if it has the "name" magic attribute
    • identify wasn't working properly for files with capital letter extensions
    • 0๏ธโƒฃ S3 datastore sets content mime_type by default
    • File extensions with numbers like JP2 weren't being processed/analysed properly
    • Protect against object_ids being recycled and messing with analyser cache
    • All url segments are correctly url-escaped now
    • ๐Ÿ›  Fixed TempObject File.open mode
    • S3DataStore was breaking on bucket_exists? when using AWS IAM
    • Put CookieMonster before ActionDispatch::Cookies in rack middleware stack - that way Rack::Cache won't come between them and mess things up

    # 0.9.8 (2011-09-08)

    Fixes

    • ๐Ÿ‘€ Regenerated gemspec again with ruby 1.8.7 - didn't seem to be fixed

    # 0.9.7 (2011-09-08)

    Fixes

    # 0.9.6 (2011-09-06)

    Features

    • ๐Ÿ‘ Allow setting content_type when storing in Mongo GridFS

    ๐Ÿ”„ Changes

    • โœ… Tests use Rails 3.1

    ๐Ÿ›  Fixes

    • Moved from fog's deprecated get_object_url to get_object_https_url
    • ๐Ÿ‘ Allow initializing a TempObject with Rack::Test::UploadedFile
    • ๐Ÿ Tests working in Windows (except feature that uses FileCommandAnalyser)
    • ๐Ÿ‘ Better shell quoting

    # 0.9.5 (2011-07-27)

    Features

    • โž• Added reflection method app.analyser_methods

    ๐Ÿ›  Fixes

    • ๐Ÿ›  Fixed convert and identify for files with spaces
    • ๐Ÿ›  Fixed size validations for Rails 3.0.7

    # 0.9.4 (2011-06-10)

    Fixes

    • Made use of Rack calling close on the response body to clean up tempfiles. The response body is now the job, which delegates each to the temp_object.

    # 0.9.3 (2011-06-03)

    Fixes

    • TempObject#to_file sets file permissions 644 - copying wasn't previously guaranteeing this
    • โž• Added TempObject#close and closed?, which Rack uses to clean up tempfiles
    • replaced '/' characters with '~' in base64 encoded urls (they were confusing url recognition)

    # 0.9.2 (2011-05-19)

    Features

    • โž• Added env['dragonfly.job'] for use in other Rack middlewares
    • โž• Added CookieMonster middleware for removing 'Set-Cookie' headers

    ๐Ÿ›  Fixes

    • โœ‚ Remove 'Set-Cookie' header from any requests coming from a rails route

    # 0.9.1 (2011-05-11)

    Features

    • Added reflection methods app.processor_methods, app.generator_methods and app.job_methods

    ๐Ÿ›  Fixes

    • Improved performance of resize_and_crop method, using imagemagick built-in '' operator
    • ๐Ÿ‘Œ Improved server security validations
    • Deal with Excon::Errors::SocketError: EOFError errors which get thrown sometimes from S3 connection
    • ๐Ÿ‘ Allow files with '..' (but not '../') in the middle of their name in file data store

    # 0.9.0 (2011-04-27)

    Features

    • ๐Ÿ”ง Model accessors are configurable
      • added after_assign callback
      • added after_unassign callback
      • added copy_to for e.g. up-front thumbnailing
      • added storage_opts and storage_xxx
    • โž• Added model remove_xxxxx for using with checkboxes
    • โž• Added model xxxx_url for assigning content from a url
    • โž• Added job step fetch_url
    • โž• Added retain! and model retained_xxxxx for avoiding multiple uploads when validations fail
    • โž• Added image? to imagemagick analyser
    • โž• Added imagemagick plain generator
    • โž• Added strip to imagemagick processor
    • โž• Added CouchDataStore that uses a CouchDB as a data storage engine
    • โž• Added before_serve callback
    • ๐Ÿ‘ Allowed for configurable response headers
    • Made url re-definable with define_url
    • validates_property can take a proc for the message
    • ๐Ÿ’พ Saved configs can be registered now so they can be used with configure_with(:symbol)
    • ๐Ÿ”ง Configurable objects can fallback to a parent configuration, so e.g. the server can be configured through the parent app's configure block.
    • ๐Ÿ‘ Allowed initializing data by using a pathname
    • convert_command and identify_command can be configured on a per-app basis
    • โž• Added remote_url and ability for datastores to form urls
      • Added for File, Couch and S3 datastores
    • Models automatically copy magic attributes into meta
    • ๐Ÿ”ง S3DataStore configurable headers
    • ๐Ÿš… 'dragonfly/rails/images' slightly smarter and added file_accessor for more semantic use of non-image attachments
    • ๐Ÿ”ง Made dragonfly response configurable
    • Mongo datastore can reuse an existing connection/db
    • ๐Ÿ”ง FileDataStore can be configured not to store meta (save on extra file)

    ๐Ÿ”„ Changes

    • Removed url_path_prefix and url_suffix in favour of url_format
      • Middleware doesn't need mount point argument now
    • โœ‚ Removed support for rails 2.3
    • โœ‚ Removed RMagick support (and extracted into a plugin)
    • ๐Ÿšš ImageMagick processors etc. moved into the ImageMagick namespace
    • ๐Ÿšš moved from aws/s3 -> fog for S3 support
    • ๐Ÿ“‡ Renamed SimpleEndpoint -> Server
    • ๐Ÿšš moved name and meta into Job, simplified, and now they don't cause the job to be applied
    • ๐Ÿ“‡ FileDataStore stores metadata in xxx.meta now, not xxx.extra
    • removed Job methods uid_basename, uid_extname, encoded_format and encoded_extname as they are now unnecessary

    ๐Ÿ›  Fixes

    • ๐ŸŽ Performance tweaks regarding temp_objects model accessors and job objects

    # 0.8.5 (2011-05-11)

    Fixes

    • ๐Ÿ‘ Allow filenames that have '..' in them (but not '../') in the filedatastore
    • ๐Ÿ‘ Better security for server

    # 0.8.4 (2011-04-27)

    Fixes

    • ๐Ÿ”’ Security fix for file data store

    # 0.8.2 (2011-01-11)

    Fixes

    • ๐Ÿ“‡ Renamed ActiveModel methods like 'attachments' to avoid name clashes
    • Respond properly to HEAD, POST, PUT and DELETE requests
    • ๐Ÿ’Ž Got it working with jRuby and Rubinius
    • Made DOS protection SHA (and ETag) consistent

    # 0.8.1 (2010-11-22)

    Fixes

    โœ‚ Removed runtime dependencies that Jeweler automatically takes from the Gemfile