Skip to content

@adolski adolski released this Oct 2, 2019 · 153 commits to develop since this release

  • Fixed the health-check endpoint (at /health).
  • Fixed error responses when encountering empty request headers. (Thanks to @RRMoelker)
  • Fixed incorrect URIs in Link header values in certain IIIF Image API v2 image endpoint responses.
  • The ?response-content-disposition query argument correctly handles filenames containing spaces.
  • Image endpoints return HTTP 403 instead of 500 in response to AccessDeniedExceptions from the underlying Source.
  • Fixed two separate bugs in KakaduNativeProcessor that both caused empty regions to appear in certain images.
  • Fixed overly restrictive signature verification in KakaduDemoProcessor and OpenJpegProcessor that could cause errors with some valid images.
  • Fixed TurboJpegProcessor not respecting the processor.background_color configuration key.
  • Fixed the PurgeItemFromCache API method not working with S3Cache and AzureStorageCache.
  • When using AutomaticSelectionStrategy, processor initialization errors are logged at debug-level rather than error-level.
Assets 3

@adolski adolski released this Aug 1, 2019 · 177 commits to develop since this release

  • Added an undocumented HttpSource2 source which works the same as
    HttpSource, and uses the same configuration keys and delegate method, but
    is backed by a different HTTP client library. If you are having problems with
    HttpSource, try this one instead. The current implementation of
    HttpSource will probably be replaced by this one in the next major version.
  • Fixed a missing resulting_size key in the delegate script's options hash,
    introduced in 4.1.
  • Fixed a bug in KakaduNativeProcessor that could cause requests for certain
    scales to fail (or possibly even crash the JVM).
  • Fixed the behavior of response-content-disposition query arguments
    containing a filename argument.
  • Fixed failing to source-cache non-selectively-readable images when using
    Java2dProcessor or JaiProcessor with the source cache enabled and a source
    for which chunking is enabled.
  • The Jetty client used by HttpSource has been downgraded to the version used
    in 4.1.1 due to a bug in the version used in 4.1.2.
  • Fixed the behavior of the print_stack_trace_on_error_pages configuration key
    in the context of certain unrecoverable errors.
Assets 3

@adolski adolski released this May 22, 2019 · 201 commits to develop since this release

  • Fixed incorrect @id values in information responses when a query argument
    is present in the URI.
  • Fixed a potential failure to fall back to the next candidate processor when
    TurboJpegProcessor is in the candidate chain but libjpeg-turbo is not
  • Fixed a potential IIOException when reading certain JPEG images with
  • Fixed newlines (\n) appearing literally in string overlays.
  • Updated the Jetty dependency to address the following security vulnerability:
  • Updated the PDFBox dependency to address the following security
    vulnerability: CVE-2019-0228.
Assets 3

@adolski adolski released this Apr 18, 2019 · 228 commits to develop since this release

  • Fixed NoSuchMethodErrors from various processors when running in Java 8.
  • Fixed failure to locate the delegate script when delegate_script.pathname
    is set to a relative path outside of the current working directory.
  • Fixed a regression in the handling of the X-Forwarded-Path header.
  • Fixed breakage in manual processor selection from the Control Panel.
  • Fixed an error from Java2dProcessor when downscaling TIFF source images to a
    very small size.
  • Fixed improper codestream access in KakaduNativeProcessor that could cause
    cause degraded output for certain images.
  • Improved resilience when reading certain oddly-encoded GIFs in
    Java2dProcessor and JaiProcessor.
Assets 3

@adolski adolski released this Mar 29, 2019 · 246 commits to develop since this release


  • Configuration values can be obtained from the environment. See the user manual for more information.


  • The redirect() and authorized?() delegate methods have been merged into a new authorize() method, which enables a superset of their functionality, including challenge responses and redirects to "virtual" quality-limited versions. Authorization can also be set up to align with the IIIF Authentication API 1.0's "all or nothing access" or "tiered access" schemes.
  • The endpoint.public.auth.* keys that controlled global HTTP Basic protection have also been replaced by the authorize() delegate method.
  • The maximum allowed scale can set in the configuration.
  • Running tasks are displayed in the Control Panel.
  • Added HTTP API endpoints for status and health checks.
  • In the IIIF Image API 2.x endpoint, the Access-Control-Allow-Origin response header is always included in the information response regardless of whether an Origin header was sent in the request, in order to align more closely with the IIIF Image API.
  • Improved handling and documentation of the X-Forwarded-Port header.
  • The /iiif URI path no longer redirects to a specific Image API version, and now returns HTTP 404.
  • Bug fixes related to cropping-by-percent of EXIF-rotated images.
  • During image requests, authorize() is called earlier in the setup process, for better efficiency.
  • Removed the Restlet dependency.


  • HttpSource, S3Source, and AzureStorageSource are able to request chunks of resources on demand, which can improve performance when reading images in selectively-readable encodings like JPEG2000 and multi-resolution TIFF.
  • HttpSource sends initial HEAD requests instead of ranged GET requests.
  • The hash returned from the httpsource_resource_info() delegate method may include custom request headers.
  • HttpSource's HttpSource.trust_invalid_certs configuration key has been renamed HttpSource.allow_insecure. When enabled, insecure cipher suites are accepted as well as insecure certificates.
  • S3Source uses a Minio client instead of the AWS Java SDK client, to work around a possible thread-starvation bug in the AWS Java SDK when S3Source and S3Cache are in use at the same time.


  • Added configurable processor selection strategies, one of which uses the existing processor.* configuration keys, and the other of which uses an automatic strategy that attempts to choose a "best" processor on a per-request basis.
  • Added TurboJpegProcessor.
  • Added the repeat position for image overlays.
  • Efficiency improvements in KakaduNativeProcessor.
  • KakaduNativeProcessor supports sizeByDistortedWidthHeight.
  • Java2dProcessor and PdfBoxProcessor can preserve XMP metadata across most source and output formats.
  • KakaduNativeProcessor respects the processor.metadata.preserve configuration key for XMP metadata.
  • Worked around a bug in the GraphicsMagick gm command that causes occasional "broken pipe" errors from GraphicsMagickProcessor when reading images from a FileSource.
  • KakaduDemoProcessor has been deprecated, as it has been made more-or-less redundant by KakaduNativeProcessor.
  • Updated the PDFBox dependency.
  • Removed normalization.


  • S3Cache uses last-accessed rather than last-modified times.
  • Changed the S3Cache and AzureStorageCache key naming schemes to improve organization and avoid problems with edge cases.


  • The change log has moved from the website to this file.
  • Java 11 is supported.
Assets 3

@adolski adolski released this Jan 9, 2019 · 534 commits to develop since this release

  • Fixed a scaling-related regression in PdfBoxProcessor.
  • Streams consumed from S3Source are drained fully before closure, which makes its connection pool more efficient and fixes a warning-level error message from its internal HTTP client.
  • Fixed inability to use ScriptLookupStrategy with AzureStorageSource. (Thanks to @marc-sensenich)
  • Fixed a potential math error when cropping certain images with an embedded EXIF Orientation tag.
  • Improved exception handling in S3Source and S3Cache.
  • Fixed inability of S3Cache and AzureStorageCache to recognize a cache.server.derivative.ttl_seconds key value greater than 2^31.
  • Worked around an issue in OpenJPEG that could cause OpenJpegProcessor to fail when reading certain images from the source cache.
  • Corrected the gray quality to grey in the IIIF Image API 1.x endpoint.
  • Updated the Tika dependency to address the following security vulnerability: CVE-2018-17197.
  • Updated the Jackson dependency to address several security vulnerabilities.
  • Updated the PDFBox dependency.
Assets 3

@adolski adolski released this Oct 22, 2018 · 551 commits to develop since this release

  • The exploded application is more reliably cleaned up at shutdown when running in standalone mode.
  • KakaduNativeProcessor supports JPEG2000-compatible JPX source images.
  • Fixed an error from KakaduDemoProcessor in Windows when using a system locale that uses characters other than periods as decimal separators.
  • Fixed incorrect redaction positioning when scaling.
  • Fixed an error from processors that use a Java 2D processing pipeline when attempting to scale a source image that is natively less than three pixels in either dimension, or has been cropped to that size.
  • Fixed an empty response when image overlays are enabled but the overlay pathname or URL is invalid. Instead, images are served without the overlay, and warnings logged.
  • Updated Jetty to version 9.4.12, which fixes a potential connection leak in long-running servers when using HttpSource. (Thanks to @giancarlobi)
  • Miscellaneous other dependency updates.
Assets 3

@adolski adolski released this Aug 17, 2018 · 576 commits to develop since this release

  • Fixed a regression introduced in 3.4.3 that could cause URIs to appear with the wrong scheme in information responses and Link headers. (Thanks to @mmatela and @jweisman)
  • Fixed a bug that caused the minimum tile size in IIIF Image API 2.x information responses to be 512 regardless of the setting of endpoint.iiif.min_tile_size.
  • Fixed a connection leak in HttpSource.
  • Improved the resiliency of the internal JPEG2000 parser used by KakaduDemoProcessor and OpenJpegProcessor.
  • Fixed KakaduNativeProcessor's handling of sizeByDistortedWidthHeight requests.
  • Removed an error message that would appear in the log when the delegate script file was not found but the delegate script was disabled.
  • The X-Forwarded-Host reverse proxy header may contain a port number, which will be used if X-Forwarded-Port is not supplied.
Assets 3

@adolski adolski released this Aug 17, 2018 · 953 commits to develop since this release

  • Fixed a regression introduced in 3.4.3 that could cause URIs to appear with the wrong scheme in information responses and Link headers. (Thanks to @mmatela and @jweisman)
  • The X-Forwarded-Host reverse proxy header may contain a port, which will be used if X-Forwarded-Port is not supplied.
Assets 3

@adolski adolski released this May 31, 2018 · 610 commits to develop since this release


  • A new X-Forwarded-ID reverse proxy header replaces X-IIIF-ID, which has been deprecated, and will be removed in a future version.
  • Error response representations are in text/plain format in the absence of a client preference.
  • When endpoint.iiif.content_disposition is set to inline, the Content-Disposition header value includes a filename-safe version of the image identifier.


  • Resolvers have been renamed sources to better reflect their core function.
  • AmazonS3Resolver has been renamed S3Source, and it now supports non-AWS endpoints.
  • S3Source supports a configurable path prefix and suffix when using BasicLookupStrategy.
  • AzureStorageSource supports shared access signature (SAS) URIs. (Thanks to @ddisciascio)
  • Improved the efficiency of source cache content access when cache.server.resolve_first = false.
  • All sources fall back to checking the magic bytes in image data if they cannot infer a format any other way.


  • KakaduProcessor has been renamed KakaduDemoProcessor to reflect the fact that it interfaces with the Kakadu demo tool, kdu_expand, and not the native library.
  • Added KakaduNativeProcessor, as well as compiled binaries for Linux, macOS, and Windows, which are free to use with it for non-commercial purposes.
  • Added DownloadStrategy as another optional retrieval strategy for stream-based processors, and as an optional fallback strategy. This enables all processors to work with all sources with no extra configuration.
  • JPEG2000-compatible JPX images are readable by all processors that support JPEG2000.
  • JaiProcessor has been deprecated. See the user manual for more information.
  • KakaduDemoProcessor and OpenJpegProcessor work in Windows.
  • KakaduDemoProcessor and OpenJpegProcessor read image metadata using custom code, which is more efficient than using the respective kdu_jp2info and opj_dump tools, and enables them to read the number of decomposition levels, which improves reliability when decoding images with less-common level counts.
  • Image I/O plugins can be selected on a per-format basis.
  • Improved the efficiency of the Java 2D resample filters.
  • When using the Java 2D pipeline to downscale to less than three pixels on a side, an empty image with the correct dimensions is returned, rather than a downscaled 3x3 image, which is the smallest size that the Java 2D resample filters support.
  • Java2dProcessor supports animated GIFs.
  • Java2dProcessor supports CMYK & YCCK JPEGs.
  • Worked around some behavior of the opj_decompress tool that could cause OpenJpegProcessor to break. (Thanks to @adam-vessey)
  • Improved PdfBoxProcessor's validation of requests for multi-page PDFs whose pages have inconsistent dimensions.
  • The processor.limit_to_8_bits configuration option is no longer available. All output is limited to 8 bits.
  • Disabled support for GIF source images in JaiProcessor, as it was buggy and other processors can handle GIF better.


  • AmazonS3Cache has been renamed S3Cache, and it now supports non-AWS endpoints.
  • The time-to-live of the source and derivative caches is independently configurable.
  • The cache worker dumps the contents of HeapCache during its shifts, if both are enabled and if HeapCache persistence is also enabled.
  • The cache worker's work interval specifies the amount of time between the end of one shift and the beginning of the next, rather between the start of one shift and the next.
  • The deprecated DELETE /cache/:identifier HTTP API method has been removed.

Delegate Script

  • The delegate script has been redesigned as a class that is instantiated per-request. See the "Delegate Script" section of the user manual for detailed information.


  • Java 10 (18.3) is supported.
  • Updated JRuby to
Assets 3
You can’t perform that action at this time.