All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Add basename and fix extension value for fog file (@leductienttkt #2587)
- Allow uploaders to accept unless conditions (@Vpatel1093 #2588)
- Add retry option to download from remote url (@tashirosota #2577)
- Completely migrate to allowlist/denylist terminology (@mshibuya 7a40ef7, #2536)
- Remove implementation-dependent information from an error message (@akihikodaki #2499)
- Replace mini_mime with marcel (@pjmartorell #2552)
- Drop support for Ruby < 2.5 and Rails 5.x (@mshibuya 229594f)
- Remove support for Merb (@seuros #2566)
- Add Workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@mshibuya 65bf0d9, #2628)
- Fix Ruby 2.7 keyword argument warning in uploader process (@nachiket87 #2636, #2635)
- Raise DownloadError when no content is returned (@BrianHawley #2633, #2632)
- Add workaround for the API change in ssrf_filter 1.1 (@BrianHawley #2629, #2625)
- Fix Content-Type not being copied when using fog-google (@smnscp #2614)
- Fix failing to save after limiting the columns with ActiveRecord's #select (@wonda-tea-coffee #2613, #2608)
- Fix content type detection for JSON files (@smnscp #2618)
- Remove invalid byte sequences from the sanitized filename (@alexdunae #2606)
- Fix issue with copying a fog file larger than 5GB (@slonopotamus #2583)
- Stop closing StringIO-based file after CarrierWave::SanitizedFile#read (@aleksandrs-ledovskis #2571)
- Remove uploaded files when transaction is rolled back (@fsateler #2546)
- Fix
no implicit conversion of CSV into Stringerror when parsing a CSV object (@pjmartorell #2562, #2559)
- Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@mshibuya 42c620a1, #2532)
- libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
- Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
- Support for the latest version of RMagick (@mshibuya 88f24451)
#(content_type|extension)_whitelist,#(content_type|extension)_blacklistare deprecated. Use#(content_type|extension)_allowlistand#(content_type|extension)_denylistinstead (@grantbdev #2442, 4c3cac75)
- Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
- Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
- Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
- Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
- Fix instance variables
@versions_to_*not initialized warning (@mshibuya c10b82ed, #2493) - Fix
SanitizedFile#move_towrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495) - Fix returning invalid content type on text files (@inkstak #2474, #2424)
- Skip content type and extension filters where possible (@alexpooley #2464)
- Fix file's
#urlbeing called twice, which might be costly for non-local files (@skyeagle #2519) - Fix mime type detection failing with types which contain
+symbol, such asimage/svg+xml(@sylvainbx #2489) - Fix
#cached?to return boolean instead of@cache_idvalue (@kmiyake #2510) - Fix mime type detection for MS Office files (@anthonypenner #2447)
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)
- Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)
- Fix Ruby 2.7 deprecations(@mshibuya 9a37fc9e)
- Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@Bonias #2439)
- Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@p8 #2437)
- Fix
#{column}_cacheunintentionally removing files on assigning empty string(@mshibuya 22e8005e, #2412)
No changes.
- Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
- Allow retrieval of uploader index within uploaders(@mshibuya #1771)
- Add ability to customize downloaders(@mshibuya #1636)
- Support internationalized domain names for downloader(@mshibuya #2086)
- Support authenticated_url for Aliyun provider(@Nitrino #2381)
- Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
- Support authenticated_url for AzureRM provider(@Nitrino #2375)
- Allow custom expires_at when building an authenticated_url(@stephankaag #2397)
- [BREAKING CHANGE] Use the storage given by
storageconfiguration also forcache_storageunless explicitly specified(@mshibuya 629afecb) - Improve Fog initialization(@mshibuya #2395)
- [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
- [BREAKING CHANGE]
#remote_#{column}_urls=was changed to preserve precedent updates(@mshibuya 8f18a95b) #serializable_hashnow returns string for version keys(@schovi #2246)- Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a
content_type_whitelist(@locriani #1934) - Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
- Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
- Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)
fog_providerconfiguration was deprecated and has no effect, just adding fog providers toGemfilewill load them(@mshibuya ca201ee2)CarrierWave::Uploader::Base#sanitized_filewas deprecated, use#fileinstead(@mshibuya 28190e99)
- Remove support for Rails 4.x and Ruby 2.0/2.1 (@mshibuya bada043f)
- Fix deleting files twice when marked for removal(@mshibuya 67800fde)
- Fix
uploader.cache!loads entire contents of file into memory(@mshibuya #2136) - Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
- Allow deleting all files for multiple file upload(@mshibuya #1990)
- Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
- Fix
#clean_cache!breaking with old format of cache id(@mshibuya aab402fb) - Fix
#exists?returning true after Fog file deletion(@mshibuya #2387) - Make
#identifieravailable for a retrieved file(@mshibuya #1581) - Make cache id generation less predictable(@mshibuya #2326)
- Uploaders not being cleared when
#reloador#initialize_dupare overridden in model(@mshibuya #2379) - Fix
#content_typereturning false, instead of nil(@longkt90 #2384) - Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
#recreate_versions!ignored:from_versionwhen versions to recreate are given(@hedgesky #1879 #1164)
- Fix Ruby 2.7 deprecations(@aubinlrx #2462)
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya eb9346df, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya 91714add, GHSA-fwcm-636p-68r5)
- Query parameter support for fog-google(@stanhu #2332)
- Jets Turbine Support(@tongueroo #2355)
- Add
allowed_typestocontent_type_whitelist_error(@mhluska #2270)
- S3 HTTPS url causes certificate issue when bucket name contains period(@ransombriggs #2359)
- Failed to get image dimensions when image is cached but not stored yet(@artygus #2349)
- Only include
x-amz-aclheader for AWS(@stanhu #2356) - Remove old caches when no space is left on disk(@dosuken123 #2342)
- Fix reading whole content of large files into memory on storing(@dosuken123 #2314)
- Reset Content-Type on converting file format(@kyoshidajp #2237)
- Locale check breaks when a Symbol is given to available_locales(@mshibuya #2234)
- Added Proc Support for Width and Height(@tomprats #2169)
- Decode unicode filenames from URL(@fedorkk #2131)
- Change file size of error message to human size(@aki77 #2199)
- Bundled en translation was not loaded by default, causing translation missing(@mshibuya 95ce39d3)
- Remove potentially redundant HEAD request on checking fog file existence(@eritiro #2140)
- Failing with uninitialized constant if uri is not loaded(@jasdeepsingh #2223)
- RMagick cloud not process remotely stored files(@zog #2185)
- Check if files are identical via FS rather than name before move(@riffraff #2191)
- Regexp
extension_whitelistis also case-insensitive now(@vmdhoke #2201) - Use
__send__instead ofsend(@dminuoso #2178)
- Rails 5.1 compatibility(@paulsturgess #2130, #2133)
- Support for
processcallback(@cfcosta #2045) - S3 Transfer Acceleration support(@krekoten #2108)
- Allow non-argument options to be passed in mini magick combine_options(@krismartin #2097)
- Stop falling back to en locale when I18n is missing(@kryzhovnik #2083)
- Allow negative timestamp in cache id(@NickOttrando #2092)
- Avoid calling
file.urltwice(@lukeasrodgers #2078) - Content Type being reset when moving cached file(@dweinand #2117)
No changes.
- Ability to set custom request headers on downloading remote URL(@mendab1e #2006)
- Re-enable
public_urloptimization for Google Cloud Storage(@nikz #2039)
- Fix
clean_cache!deleting unexpired files due to RegExp mismatch(@t-oginogin #2036)
- Rails 5 support (@mshibuya)
- Add
#widthand#heightmethods to the RMagick processor (@mehlah #1805) - Add a test matcher for the format (@yanivpr #1758)
- Support of MiniMagick's Combine options (@bernabas #1754)
- Validate with the actual content-type of files (@eavgerinos)
- Support for multiple file uploads with
mount_uploadersmethod (@jnicklas and @lisarutan #1481) - Add a
cache_onlyconfiguration option, useful for testing (@jeffkreeftmeijer #1456) - Add
#widthand#heightmethods to MiniMagick processor (@ShivaVS #1405) - Support for jRuby (@lephyrius #1377)
- Make cache storage configurable (@mshibuya #1312)
- Errors on file size (@gautampunhani #1026)
- Blank uploaders are now memoized on the model instance (@DarthSim #1860)
#content_type_whitelistandextension_whitelistnow takes either a string, a regexp, or an array of values (same thing for blacklists) (@mehlah #1825)- [BREAKING CHANGE] Rename
extension_white_list~>extension_whitelist(@mehlah #1819) - [BREAKING CHANGE] Rename
extension_black_list~>extension_blacklist(@mehlah #1819) - [BREAKING CHANGE] Rename i18n keys
extension_black_list_error~>extension_blacklist_errorandextension_white_list_error~>extension_whitelist_error(@mehlah) - Accept an array of strings or regexps to white/blacklist content types (@mehlah #1816)
- Add counter to cache_id (@thomasfedb #1797)
- [BREAKING CHANGE] Allow non-ASCII filename by default (@shuhei #1772)
- [BREAKING CHANGE]
to_jsonbehavior changed when serializing an uploader (@jnicklas and @lisarutan #1481) - Better error when the configured storage is unknown (@st0012 #1779)
- Allow to pass additional options to Rackspace
authenticated_url(@duhast #1722) - Reduced memory footprint (@schneems #1652, @simonprev #1706)
- Improve Fog Loading (@plribeiro3000 #1620, @eavgerinos)
- All locales from
config.i18n.available_localesare added to load_path (@printercu #1521) - Do not display RMagick exception in I18n message (manuelpradal #1361)
- [BREAKING CHANGE]
#default_urlnow accepts the same args passed to#url(@shekibobo #1347)
- All locale files other than
enare now in carrierwave-i18n (@mehlah #1848) - Remove
CarrierWave::MagicMimeTypesprocessor module (@mehlah #1816) - Remove dependency on
ruby-filemagicin white/blacklist content types (@mehlah #1816) - Remove
CarrierWave::MimeTypesprocessor module (@mehlah #1813) - Remove support for Rails 3.2 and Ruby 1.8/1.9 (@bensie 2517d668)
- Don't raise an error when content_type is called on a deleted file (@jvenezia #1915)
- #remove_previous fails to detect equality when mount_on option is set (@mshibuya 44cfb7c0)
- Fix
Mounter.blank?method (@Bonias #1746) - Reset
remove_#{column}after invokingremove_#{column}(@eavgerinos #1668) - Change Google's url to the
public_url(@m7moud #1683) - Do not write to
ActiveModel::Dirtychanges when assigning something blank to a mounter that was originally blank (@eavgerinos #1635) - Various grammar and typos fixes to error messages translations
- Don't error when size is called on a deleted file (@danielevans #1561)
- Flush mounters on
#dupof active record model (@danielevans #1544) Fog::File.readreturns its contents after upload instead of "closed stream" error (@stormsilver #1517)- Don't read file twice when calling
sanitized_fileorcache!(@felixbuenemann #1476) - Change image extension when converting formats (@nashby #1446)
- Fix file delete being called twice on remove (@adamcrown #1441)
- RSpec 3 support (@randoum #1421, @akiomik #1370)
- MiniMagick convert to a format all the pages by default and accept an optional page number parameter to convert specific pages (@harikrishnan83 #1408)
- Fix cache workfile collision between versions (@jvdp #1399)
- Reset mounter cache on record reload (@semenyukdmitriy #1383)
- Retrieve only active versions of files (@filipegiusti #1351)
- Fix default gravity in MiniMagick
resize_and_pad(@abevoelker #1358) - Skip loading RMagick if already loaded (@mshibuya #1346)
- Make the
#remove_#{column}accessor set the mounted column as changed (@nikz #1326) - Tempfile and @content_type assignment (@bensie #1487)
cache_idis now less collision-prone thanks to a counter (@stillwaiting and @mtsmfm #1866)
- Fix require RMagick deprecation warning (@thomasfedb and @bensie #1788)
Please check 0.10-stable for previous changes.