- Removed
convertprocessor and generator (which were quite insecure), in favour of utility commands inDragonfly::ImageMagick::Commands
- Better security for all job steps with parameter validations - addresses CVE-2021-33564
- Dropped official support for ruby < 2.2 - too annoying to maintain
- Fixed losing attachment when transaction rolled back on destroy (dlibanori)
- Fixed fetch_url edge case when redirect url includes special chars (thedanbob)
- Allow having no logger (setting to
nil) (kaimou1357)
- Fix URI.unescape deprecation warning (alberto-mota)
- Replaced
quotewithescapefor escaping shell commands - works with paths with apostrophes
- Replaced Open3.popen3 with now recommended Open3.capture3 (tomasc)
- Moved
destroy_dragonfly_attachmentsinto anafter_destroy- issue #477 (eldotz)
- Fixed data uris not working for long strings (reported dlibanori)
- Removed syntax warnings (swamp09)
- Correct ActiveRecord hook with
ActiveSupport.on_load(efatsi)
- Make sure imagemagick convert processor updates mime_type correctly when format is changed
- Allow relative redirect urls in
fetch_url(zorec) - Fixed Forwardable deprecation warnings (neodude)
- Fixed incorrect detection of empty directories in ruby 2.4 (yuszuv)
- Store content type in meta if it's available so we don't lose information (Lukas Svoboda)
- Added delegate option for imagemagick (Will Fisher)
- Use
Base64.urlsafe_encode64(Jan Raasch) Note that this changes b64 encodings from '/' to'_'and '+' to '-' in URLs, which will change a very small number of generated URLs (but shouldn't be enough to cause big recaching problems) URLs are encoded now according to the URL safe base64 specification in RFC 4648. Old URLs are still recognized so won't break.
- Fetch a URL with basic auth if it's present in the URI (Ben Pickles)
- Fix rack version problem for older rubies (rack 2.0 only works for ruby >= 2.2.2)
- Updated deprecated syntax in tests for WebMock, RSpec
- Dropped official support for Ruby <= 1.9.2 and Rubinius
- Made thumb processor args for a specific geometry publicly accesible
- Make sure tempfiles are created with paths matching the meta name
- Allow method signified by symbol in storage_options to take an attachment object
- Allow passing in "input_args" to convert processor
- correct Rack version
- Remove sha parameter being echoed back on error for better security
- Job#close re-added, so that tempfiles are immediately removed after each request
- Specs passing for 1.8.7, 1.9.2 (i18n gem version specified)
- Job#sha uses better algorithm
- renamed
protect_from_dos_attacks->verify_urlsand turn on by default
- env can be accessed by routed endpoint blocks
- analyser cache doesn't get stored in meta for a given piece of meta - can mess with stringifying analyser return values
- removed default secret, forcing user to specify one explicitly
- deal with "[" character problems in urls #337
- fetch_url wasn't correctly getting https endpoints on Ruby approx < 2
- fetch_url is more forgiving - assume escaped, if not escape
- changing meta on a job (e.g.
fetch('blah').encode('jpg')) was interfering with meta on its parent job (e.g.fetch('blah'))
- more secure generation of secret in rails generator
- ensure popen3 doesn't hang
- FileDataStore doesn't use hours_minutes_seconds in its path - it uses a random string instead (12_15_59_saf4fs_file.png -> sdf4c2G_file.png)
- model attribute
xxx_changed?method (useful e.g. in validations)
- proper support for Ruby 1.8.7 and JRuby (version 1.7.8)
- routed endpoints can deal with returned
Attachmentobjects (rather than returnedJobobjects) and return 404 if the endpoint proc returns nil - default Content-Disposition header doesn't url-encode filename unless the request is from IE
fetch_urldeals with urls that redirect to https (previously was blowing up)
- configuration
Dragonfly[:images]->Dragonfly.appandDragonfly.app(:named_app)- configuration block DSL overhaul
- Rails is set up using a generator, not by requiring the file "dragonfly/rails/images"
- Rack::Cache is not inserted by Dragonfly - this is up to the user
- data store spec
store/retrieve->read/writewritetakes aContent, not aTempObject(though the interface is much the same)- return nil on
readto signify not found instead of raising
- S3, Couch and Mongo data stores extracted into separate gems
- models
- easier and simpler to include in custom models using
Dragonfly::Model image_accessor,asset_accessor,xxx_accessor, etc. -> singledragonfly_accessor- user needs to extend
Dragonfly::Model::Validationsmanually to use dragonfly validations
- easier and simpler to include in custom models using
- Custom processors, datastores, generators and analysers are made easier by
Contentobject which has convenience methods - Removed "encoders" - these are covered by processors now
- Removed "job" shortcuts - they are not needed as processors can invoke other processors
- No "smart" determination of mime-type - just use file extension (anything more than that can be done by the user)
- metadata is required to be serializable to/from JSON
- removed
allow_fetch_fileandallow_fetch_urlin favour of more fine-control withfetch_file_whitelistandfetch_url_whitelist - switch off dealing with legacy urls by default
- proper requires throughout the code instead of autoloading
- simple 500 response for unknown errors
- model attachment default (by specifying a path to a e.g. a default image)
convertandthumbprocessors take a'frame'optionthumbtakes a'format'optionfetch_fileandmodel.attachment_url=accept a data uri stringAttachment#xxx_stored, e.g.my_model.my_attachment_stored?(my_attachmenthere being the attachment name)definefor creating custom methods onJob/Attachmentobjectsurl_path_prefixfor when mounted in Rack with a "SCRIPT_NAME"- when customizing response headers, ability to remove headers by setting to
nil - better logging
- for each response
- for shell commands
- inserting CookieMonster doesn't depend on existence of
ActionDispatch::Cookies image?returns false for pdfsfetch_urlraises more usefulErrorResponseon error- shell commands don't print warnings to stderr
- ability to assign attachment/job from other app
- Allow turning off support of legacy urls
- More conservative URL escaping - back to Rack::Utils.escape_path
- Don't check for malicious strings when deserializing from datastores (they're to be trusted)
- Attachment#b64_data
- Fix '+' character being converted to ' ' (revert to URI.escape instead of Rack::Utils.escape)
- Support old-style deprecated urls (with a check for malicious ones)
- Handle case where uid is an empty string
- URLS are encoded/decoded with JSON, not with Marshal
- Allow using a mongo replica set with mongo datastore
define_macro_on_includewas giving a stack error with multiple accessors on same app
- Allow the S3 base URL to be customised with
url_host(or per-request) - Added App#name (name as per
Dragonfly[:app_name])
- Better inspect for App, Processor, Analyser, Encoder, Generator, Job, TempObject, RoutedEndpoint, JobEndpoint
- Rescue from Excon::Errors::Conflict which apparently gets raised sometimes (don't know why - see #167)
- Alias portrait and landscape without question marks, so magic_attributes can be used with them
- Fixed stack error when using
define_macro_on_includetwice - Use fog's
sync_clockto overcome potential S3 time skew problems - Using :name in urls was causing problems when filenames had dashes in them
- FileDataStore was causing errors when the storage path was flat (not in a directory structure)
- Created tempfiles use the original file extension if known
- Added
:case_sensitiveoption tovalidates_propertyfor dealing with upper-case extensions and mime-types. - Github Markup syntax on readme for code highlighting
- S3DataStore can use https for remote urls (either configurable or per-url)
to_filecan take:modeoption for setting custom permissionsto_filecreates intermediate subdirs by default, can be turned off with:mkdirs => falseoption- Added some more S3 regions
- Datastores now use
temp_object.meta, not the second arg passed in tostore meta,name, etc. now lazily load the job on an attachment - previously you'd have to callapplyto get the meta from the datastore- When assigning an image via the activemodel extensions, mark that uid attribute will change
validates_propertyuses Rails 3 validators- Deprecated saved 'heroku' config, in favour of configuring S3 explicitly
- Model attachment urls are consistent now - the name is appended to the url (with format "/:job/:name") ONLY if it has the "name" magic attribute
identifywasn't working properly for files with capital letter extensions- S3 datastore sets content mime_type by default
- File extensions with numbers like JP2 weren't being processed/analysed properly
- Protect against object_ids being recycled and messing with analyser cache
- All url segments are correctly url-escaped now
- Fixed TempObject File.open mode
- S3DataStore was breaking on bucket_exists? when using AWS IAM
- Put CookieMonster before ActionDispatch::Cookies in rack middleware stack - that way Rack::Cache won't come between them and mess things up
- Regenerated gemspec again with ruby 1.8.7 - didn't seem to be fixed
- Regenerated gemspec to overcome annoying yaml issue (http://blog.rubygems.org/2011/08/31/shaving-the-yaml-yacc.html)
- Allow setting
content_typewhen storing in Mongo GridFS
- Tests use Rails 3.1
- Moved from fog's deprecated
get_object_urltoget_object_https_url - Allow initializing a TempObject with Rack::Test::UploadedFile
- Tests working in Windows (except feature that uses FileCommandAnalyser)
- Better shell quoting
- Added reflection method
app.analyser_methods
- Fixed
convertandidentifyfor files with spaces - Fixed size validations for Rails 3.0.7
- Made use of Rack calling
closeon the response body to clean up tempfiles. The response body is now the job, which delegateseachto the temp_object.
- TempObject#to_file sets file permissions 644 - copying wasn't previously guaranteeing this
- Added TempObject#close and closed?, which Rack uses to clean up tempfiles
- replaced '/' characters with '~' in base64 encoded urls (they were confusing url recognition)
- Added env['dragonfly.job'] for use in other Rack middlewares
- Added CookieMonster middleware for removing 'Set-Cookie' headers
- Remove 'Set-Cookie' header from any requests coming from a rails route
- Added reflection methods
app.processor_methods,app.generator_methodsandapp.job_methods
- Improved performance of
resize_and_cropmethod, using imagemagick built-in '^' operator - Improved server security validations
- Deal with Excon::Errors::SocketError: EOFError errors which get thrown sometimes from S3 connection
- Allow files with '..' (but not '../') in the middle of their name in file data store
- Model accessors are configurable
- added
after_assigncallback - added
after_unassigncallback - added
copy_tofor e.g. up-front thumbnailing - added
storage_optsandstorage_xxx
- added
- Added model
remove_xxxxxfor using with checkboxes - Added model
xxxx_urlfor assigning content from a url - Added job step
fetch_url - Added
retain!and modelretained_xxxxxfor avoiding multiple uploads when validations fail - Added
image?to imagemagick analyser - Added imagemagick
plaingenerator - Added
stripto imagemagick processor - Added CouchDataStore that uses a CouchDB as a data storage engine
- Added
before_servecallback - Allowed for configurable response headers
- Made url re-definable with
define_url validates_propertycan take a proc for the message- Saved configs can be registered now so they can be used with
configure_with(:symbol) - Configurable objects can fallback to a parent configuration, so e.g. the server can be configured through the parent app's configure block.
- Allowed initializing data by using a pathname
convert_commandandidentify_commandcan be configured on a per-app basis- Added
remote_urland ability for datastores to form urls- Added for File, Couch and S3 datastores
- Models automatically copy magic attributes into meta
- S3DataStore configurable headers
- 'dragonfly/rails/images' slightly smarter and added
file_accessorfor more semantic use of non-image attachments - Made dragonfly response configurable
- Mongo datastore can reuse an existing connection/db
- FileDataStore can be configured not to store meta (save on extra file)
- Removed
url_path_prefixandurl_suffixin favour ofurl_format- Middleware doesn't need mount point argument now
- Removed support for rails 2.3
- Removed RMagick support (and extracted into a plugin)
- ImageMagick processors etc. moved into the ImageMagick namespace
- moved from aws/s3 -> fog for S3 support
- Renamed SimpleEndpoint -> Server
- moved name and meta into Job, simplified, and now they don't cause the job to be applied
- FileDataStore stores metadata in xxx.meta now, not xxx.extra
- removed Job methods
uid_basename,uid_extname,encoded_formatandencoded_extnameas they are now unnecessary
- Performance tweaks regarding temp_objects model accessors and job objects
- Allow filenames that have '..' in them (but not '../') in the filedatastore
- Better security for server
- Security fix for file data store
- Renamed ActiveModel methods like 'attachments' to avoid name clashes
- Respond properly to HEAD, POST, PUT and DELETE requests
- Got it working with jRuby and Rubinius
- Made DOS protection SHA (and ETag) consistent
Removed runtime dependencies that Jeweler automatically takes from the Gemfile
- New ImageMagick generator, processor, encoder and analyser, which are now defaults (thanks to Henry Phan for work on this)
- Works with Rails 3.0.2 uploaded files (which has a changed API)
- Added username/password authentication to mongo data store
- Fixes for Windows, inc. tempfile binmode and closing files
- "IOError: closed stream" fix (hopefully!)
- Added methods for querying job steps, and Job#uid, Job#uid_basename, etc.
- Added Job#b64_data
- Added configurable url_suffix
- Added configurable content_disposition and content_filename
- Can pass extra GET params to url_for
- Can manually set uid on FileDataStore and S3DataStore (not yet documented because attachments have no way to pass it on yet)
- Model attachments store meta info about themselves
- Configurable module doesn't implicitly call 'call' if attribute set as proc
- Refactored Endpoint module -> Response object
- Ruby 1.9.2-p0 was raising encoding errors due to Tempfiles not being in binmode
- RMagick processor, encoder, analyser and generator all use the filesystem now They can be configured to use in-memory strings with the use_filesystem config option.
- Upgraded support from Rails 3.0.0.rc -> Rails.3.0.0
- Gave model accessors bang methods process! and encode!
- Seems as though inserting after Rails' Rack::Lock was worth it after all
- S3DataStore was breaking if previous data hadn't stored meta
- SimpleEndpoint was modifying env path_info so wasn't creating proper cache keys
- to_response accepts env, so can use if-not-modified, etc.
- Doc tweaks: Added mongo page, notes about Capistrano
- ETags generated by hash of job.serialize - was getting a bit long
- Ability to chain processing, encoding
- Added Generators for arbitrary content generation
- 'fetch_file' method for easily getting local files
- ActiveModel support
- Mongoid support
- Better Sinatra, etc. support (using 'to_response')
- Data stores now store meta, name and format information too
- Added Mongo Data Store
- temp_objects maintain name, meta, etc. across processing, encoding, etc.
- added portrait? and landscape? to RMagick analyser
- Ability to add single custom processor/encoder/analyser/generator
- added flip and flop to RMagick processor
- ability to configure whether it trusts the file extension
- nice text response for root path
- ability to configure url host
- ability to override path_prefix/host when calling url
- routed endpoints
- simple endpoints
- more intelligent working out of Content-Type to send back
- proper use of ETags
- remove whitespace from file/s3 datastore uids
- dragonfly/rails/images url-encodes rack-cache config for windows users
- Ruby 1.9.2 support
- Better RMagick memory management using image.destroy!
- Dragonfly::App[:images] -> Dragonfly[:images]
- Moved text/plasma generation into Generator
- Use of lazy 'Job' objects
- simplified shortcuts interface
- changed interface for attaching to ActiveRecord
- simplified saved configurations and allow referring to them as symbols
- Removed need for Base class for datastores, processors, analysers and encoders
- FileCommandAnalyser included in Rails config, not RMagick
- better use of logging module for sharing logs between classes
- mounting the app is down the middleware/elsewhere, not the app itself
- DOS protection off by default
- encoded urls
- got rid of unnecessary configurable sha_length
- Added ability for custom error messages in validations
- STI was breaking when the model had a mixin too
- Added 'scale factor' for text generation, which gives better quality font rendering for smaller fonts
- Configurable objects allow for passing args, and passing a block for extra config
- Added more 'saved configurations', for easier setting up on e.g. Heroku
- Added RMagickAnalyser#format
- Added greyscale to RMagickProcessor
- S3DataStore is configurable as to whether it uses the filesystem or not (to save a tempfile)
- Some specs refactoring, including making text processing specs less brittle
- RMagickEncoder::SUPPORTED_FORMATS was proving problematic - now we use a configurable list instead
- Got Rails 3 beta3 cucumber features working
- Added check to see if bucket already exists in S3DataStore - apparently this was problematic in EU
- temp_object.tempfile now returns a closed tempfile, which temp_object.file returns an open file. Can also pass a block to temp_object.file which closes the file automatically
- Processors/Analysers/Encoders know about app now so can log to app's log
- Imagemagick errors in RMagick processor/analyser/encoder now throw unable_to_handle and log a warning
- Removed Rails generators - better being more explicit with saved configurations which are more concise now
- Strip file command mime_type value because some versions of file command were appending a line-break
- Wasn't working properly with Single-Table Inheritance
- Rails 3 has changed 'metaclass' -> 'singleton_class' so adapt accordingly
- Allow setting the uid manually
- Assigning an accessor to nil wasn't working properly
- Assigning an accessor to nil wasn't working properly
- Added 'registered mime-types'
- Enhanced docs
- RMagickEncoder only encodes if not already in that format
- Fixed 'broken pipe' errors in FileCommandAnalyser due to outputting loads of stuff to the command line stdin
- support for Rails 3
Better late than never to start logging change history...
- added aspect_ratio to rmagick_analyser
- support for ruby 1.9
- added development dependencies to gemspec for easier setting up