All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Fix Content-Type allowlist bypass vulnerability remained (@mshibuya 00676e2, GHSA-vfmv-jfc5-pjjw)
- Fix #derived_versions and #active_sibling_versions returning an Array where Hash is expected (@mshibuya 46e4f20)
- Fix incompatibility with Marcel 1.0.3 (@schinery #2728, #2729)
- Fix assigning a file with the same name not marking the column as changed (@mshibuya 4c65b39, #2719)
- Fix failing to remove files with ActiveRecord 7.1 after_commit order change enabled (@mshibuya 63113e9, #2713)
- Remove unnecessary if clause within #filename left in the uploader template (@rajyan, #2711)
- Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@mshibuya, 863d425, GHSA-gxhx-g4fq-49hj)
- Fix model's dirty state remaining after update (@rajyan #2707, #2702)
- Fix #dup modifying the original object (@rajyan #2690, #2706, #2689, #2700)
- Fix #dup not respecting the :mount_on option, causing MissingAttributeError (@marsz #2691)
- Fix #dup modifying the original object (@mshibuya 37f36f7, #2687)
- Fix wrongly removing files on transaction rollback (@mshibuya, @rajyan eb03fe1, #2686, #2685)
- Fix not respecting the parent's #enable_processing value after reading its own (@mshibuya 2df0f53, #2676)
- Fix NoMethodError when a record is rolled back (@y-yagi #2674, #2675)
- Fix filename suffix being removed due to unnecessary deduplication (@mshibuya d68a111, #2672)
- Fix #dup causing unintended name deduplication of copied files (@mshibuya b732acd, #2670)
- Fix initialization failing when active_support/core_ext is not loaded yet (@mshibuya 875d972)
No changes.
- Support adding suffix to filename on store when path collides with the existing ones (@mshibuya 07a5632, #1855)
- Add image dimension validation (@TsubasaYoshida #2592, 3b1f8b4)
- Provide validation error details via ActiveModel::Errors#details (@mshibuya 9013999, #2150)
- Support clearing #remote_urls by assigning nil (@mshibuya 8307f93, #2067)
- Support configuration of download retry wait time (@tricknotes #2646)
- Support for ActiveRecord::Base#dup (@mshibuya, @BrianHawley 19b33b8, #2645, #1962)
- Add CarrierWave::Storage::Fog::File#to_file for interface consistency with SanitizedFile (@mshibuya 68ce83a, #1960)
- Allow SanitizedFile to accept read with an optional length and output_buffer arguments (@mshibuya 9096459, #1959)
- Stop relying on ActiveModel::Dirty change tracking for removal of unnecessary files (@mshibuya aac25c1)
- Create versions lazily to reflect subclass configurations properly (@mshibuya 1531a67, #1957, #2619)
- [BREAKING CHANGE] Use the resulting file extension on changing format by :convert (@mshibuya #2659, #2125, #2126, #2254)
- Prioritize Magic-detected content type for spoof-tolerance (@mshibuya a2ca59c, #2570)
- Handle assignments in an ActiveModel::Dirty-friendly way (@mshibuya #2658, #2404, #2409, #2468)
- Give a stable name to classes created by the mount_uploader block (@mshibuya f5b09b8, #2407, #2471)
- Give a stable name to version classes (@mshibuya a9de756, #2407, #2471)
- Fix CarrierWave::Storage::Fog::File#read breaking when the file doesn't exist (@mshibuya 246eb01, #2524)
- Fix to preserve the original URI as much as possible on download (@mshibuya 2f3afaf, #2631)
- Fix not to invoke content type detection on #copy_to as it's costly (@mshibuya 6c6e2dc, #2465)
- Fix calling #=~ on non-String breaking in Ruby 3.2 (@aubinlrx #2653, fd03ddd)
- Fix #clean_cache! to respect the uploader's root, not the global one (@sawasaki-narumi #2652, 3cb9992, #2113)
- Fix to use helper method #fog_provider instead of checking #fog_credentials (@joshuamsager #2660)
- Fix being unable to delete a file by assigning nil (@mshibuya f8ea354, #2654, #2613)
- Fix to raise exception when ImageMagick is not installed (@mshibuya d90c399, #2060)
- Fix to remove unnecessary floodfill in CarrierWave::RMagick#resize_and_pad (@mshibuya f34a9bd)
- Fix
#{column}_cache=fails to be stored when set as a nested attribute (@mshibuya e84d11e, #2206) - Fix to use AWS S3 regional endpoints when using virtual-hosted style (@mshibuya 8dace34, #2523)
- Fix to respect condition on processing a derived version (@mshibuya 1fecddc, #2516)
- Fix #recreate_versions! affecting the original file (@mshibuya a67bfb6, 5f00715, #2480, #2655)
- Fix
remove_#{column}!doesn't remove the file immediately (@mshibuya b719fb3, #2540) - Fix column value populated without a file when using filename override (@mshibuya f1eff6e, #2284)
- Fix boolean configurations couldn't be set to false on a per-uploader basis (@megane42 #2642)
- Fix #clean_cache! breaking with directories that doesn't conform to CarrierWave's cache_id format (@BrianHawley #2641)
- Add basename and fix extension value for fog file (@leductienttkt #2587)
- Allow uploaders to accept unless conditions (@Vpatel1093 #2588)
- Add retry option to download from remote url (@tashirosota #2577)
- Completely migrate to allowlist/denylist terminology (@mshibuya 7a40ef7, #2536)
- Remove implementation-dependent information from an error message (@akihikodaki #2499)
- Replace mini_mime with marcel (@pjmartorell #2552)
- [BREAKING CHANGE] Change to store files on after_save hook instead of after_commit, with performing cleanup when transaction is rolled back (@fsateler #2546)
- Drop support for Ruby < 2.5 and Rails 5.x (@mshibuya 229594f)
- Remove support for Merb (@seuros #2566)
- Add Workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@mshibuya 65bf0d9, #2628)
- Fix Ruby 2.7 keyword argument warning in uploader process (@nachiket87 #2636, #2635)
- Raise DownloadError when no content is returned (@BrianHawley #2633, #2632)
- Add workaround for the API change in ssrf_filter 1.1 (@BrianHawley #2629, #2625)
- Fix Content-Type not being copied when using fog-google (@smnscp #2614)
- Fix failing to save after limiting the columns with ActiveRecord's #select (@wonda-tea-coffee #2613, #2608)
- Fix content type detection for JSON files (@smnscp #2618)
- Remove invalid byte sequences from the sanitized filename (@alexdunae #2606)
- Fix issue with copying a fog file larger than 5GB (@slonopotamus #2583)
- Stop closing StringIO-based file after CarrierWave::SanitizedFile#read (@aleksandrs-ledovskis #2571)
Please check 2.x-stable for previous changes.