Added
- libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
- Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
- Support for the latest version of RMagick (@mshibuya 88f24451)
Deprecated
#(content_type|extension)_whitelist,#(content_type|extension)_blacklistare deprecated. Use#(content_type|extension)_allowlistand#(content_type|extension)_denylistinstead (@grantbdev #2442, 4c3cac75)
Fixed
- Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
- Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
- Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
- Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
- Fix instance variables
@versions_to_*not initialized warning (@mshibuya c10b82ed, #2493) - Fix
SanitizedFile#move_towrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495) - Fix returning invalid content type on text files (@inkstak #2474, #2424)
- Skip content type and extension filters where possible (@alexpooley #2464)
- Fix file's
#urlbeing called twice, which might be costly for non-local files (@skyeagle #2519) - Fix mime type detection failing with types which contain
+symbol, such asimage/svg+xml(@sylvainbx #2489) - Fix
#cached?to return boolean instead of@cache_idvalue (@kmiyake #2510) - Fix mime type detection for MS Office files (@anthonypenner #2447)
Security
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)