2.2.1

Changed

• Replace mimemagic with marcel due to licensing concern (@pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@mshibuya 42c620a1, #2532)

2.2.0

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@inkstak #2474, #2424)
• Skip content type and extension filters where possible (@alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@kmiyake #2510)
• Fix mime type detection for MS Office files (@anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

1.3.2

Fixed

• Fix Ruby 2.7 deprecations(@aubinlrx #2462)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya eb9346df, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@mshibuya 91714add, GHSA-fwcm-636p-68r5)

2.1.0

Added

• Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)

Fixed

• Fix Ruby 2.7 deprecations(@mshibuya 9a37fc9e)
• Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@Bonias #2439)
• Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@p8 #2437)

2.0.2

Fixed

• Fix download causing nil error if the file has empty filename(@fukayatsu #2419, #2411)

2.0.1

Fixed

• Fix #{column}_cache unintentionally removing files on assigning empty string(@mshibuya 22e8005e, #2412)

2.0.0

Added

• Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
• Allow retrieval of uploader index within uploaders(@mshibuya #1771)
• Add ability to customize downloaders(@mshibuya #1636)
• Support internationalized domain names for downloader(@mshibuya #2086)
• Support authenticated_url for Aliyun provider(@Nitrino #2381)
• Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
• Support authenticated_url for AzureRM provider(@Nitrino #2375)
• Allow custom expires_at when building an authenticated_url(@stephankaag #2397)

Changed

• [BREAKING CHANGE] Use the storage given by storage configuration also for cache_storage unless explicitly specified(@mshibuya 629afecb)
• Improve Fog initialization(@mshibuya #2395)
• [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
• [BREAKING CHANGE] #remote_#{column}_urls= was changed to preserve precedent updates(@mshibuya 8f18a95b)
• #serializable_hash now returns string for version keys(@schovi #2246)
• Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a content_type_whitelist(@locriani #1934)
• Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
• Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
• Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)

Deprecated

• fog_provider configuration was deprecated and has no effect, just adding fog providers to Gemfile will load them(@mshibuya ca201ee2)
• CarrierWave::Uploader::Base#sanitized_file was deprecated, use #file instead(@mshibuya 28190e99)

Removed

• Remove support for Rails 4.x and Ruby 2.0/2.1 (@mshibuya bada043f)

Fixed

• Fix deleting files twice when marked for removal(@mshibuya 67800fde)
• Fix uploader.cache! loads entire contents of file into memory(@mshibuya #2136)
• Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
• Allow deleting all files for multiple file upload(@mshibuya #1990)
• Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
• Fix #clean_cache! breaking with old format of cache id(@mshibuya aab402fb)
• Fix #exists? returning true after Fog file deletion(@mshibuya #2387)
• Make #identifier available for a retrieved file(@mshibuya #1581)
• Make cache id generation less predictable(@mshibuya #2326)
• Uploaders not being cleared when #reload or #initialize_dup are overridden in model(@mshibuya #2379)
• Fix #content_type returning false, instead of nil(@longkt90 #2384)
• Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
• #recreate_versions! ignored :from_version when versions to recreate are given(@hedgesky #1879 #1164)

2.0.0.rc

Added

• Append, reorder, and remove-single-file feature for multiple file uploader(@mshibuya #2401)
• Allow retrieval of uploader index within uploaders(@mshibuya #1771)
• Add ability to customize downloaders(@mshibuya #1636)
• Support internationalized domain names for downloader(@mshibuya #2086)
• Support authenticated_url for Aliyun provider(@Nitrino #2381)
• Support passing options to authenticated_url for OpenStack provider(@stanhu #2377)
• Support authenticated_url for AzureRM provider(@Nitrino #2375)
• Allow custom expires_at when building an authenticated_url(@stephankaag #2397)

Changed

• Use the storage given by storage configuration also for cache_storage unless explicitly specified(@mshibuya 629afecb)
• Improve Fog initialization(@mshibuya #2395)
• [BREAKING CHANGE] Multiple file uploader now keeps successful files on update, only discarding failed ones(@mshibuya 7db9195d)
• [BREAKING CHANGE] #remote_#{column}_urls= was changed to preserve precedent updates(@mshibuya 8f18a95b)
• #serializable_hash now returns string for version keys(@schovi #2246)
• Use the MimeMagic gem to inspect file headers for the mime type. This allows for mitigation of CVE-2016-3714, in combination with a content_type_whitelist(@locriani #1934)
• Replace mime-types dependency with mini_mime to save memory(@bradleypriest #2292)
• Delegate MiniMagick processing to ImageProcessing gem(@janko #2298)
• Handle ActiveRecord transaction correctly, not storing or removing files on rollback(@skosh #2209)

Deprecated

• fog_provider configuration was deprecated and has no effect, just adding fog providers to Gemfile will load them(@mshibuya ca201ee2)
• CarrierWave::Uploader::Base#sanitized_file was deprecated, use #file instead(@mshibuya 28190e99)

Removed

• Remove support for Rails 4.x and Ruby 2.0/2.1 (@mshibuya bada043f)

Fixed

• Fix deleting files twice when marked for removal(@mshibuya 67800fde)
• Fix uploader.cache! loads entire contents of file into memory(@mshibuya #2136)
• Do not trigger *_will_change! when file is not to be removed(@mshibuya #2323)
• Allow deleting all files for multiple file upload(@mshibuya #1990)
• Failing to retrieve unquoted filenames from Content-Disposition(@mshibuya #2364)
• Fix #clean_cache! breaking with old format of cache id(@mshibuya aab402fb)
• Fix #exists? returning true after Fog file deletion(@mshibuya #2387)
• Make #identifier available for a retrieved file(@mshibuya #1581)
• Make cache id generation less predictable(@mshibuya #2326)
• Uploaders not being cleared when #reload or #initialize_dup are overridden in model(@mshibuya #2379)
• Fix #content_type returning false, instead of nil(@longkt90 #2384)
• Preserve connection cache when eagar-loading fog(@dmitryshagin #2383)
• #recreate_versions! ignored :from_version when versions to recreate are given(@hedgesky #1879 #1164)

v0.10.0

• [changed] Memoize uploaders and uploader_options (Derek Parker and Joshua Davey from Hashrocket)
• [changed] Don't force pad background color to white in resize_and_pad (@fnordfish)
• [changed] Remove auth access information when parsing URL for filename (@nddeluca)
• [changed] Read Content type from cached and uploaded file, adds mime-types as hard dependency
• [added] Added authenticated_url functionality for Openstack storage (@snoopie)
• [added] Add Polish I18n translations for errors (@ArturT)
• [added] Add Greek locale for error messages (@agorf)
• [added] Add French locale for error messages (@gdurelle)
• [added] Add Japanese locale for error messages (@tomodian)
• [added] Add Norwegian locale for error messages (@theodorton)
• [added] Add Portuguese locale for error messages (@pedrosmmoreira)
• [fixed] Overridden serializable_hash accepts an options hash (@bensie)
• [fixed] Fog connection object performance issues (@taavo)
• [fixed] Delete Tempfile after manipulate with MiniMagick (@dimko)
• [fixed] Ensure #remove_#{column} and #remove_#{column} return false after committing with ActiveRecord (@bensie)
• [fixed] Fix issue with content-disposition existing with no filename when downloading, reports that Google does this (@hasghari / @bensie / @taavo)