Skip to content

Latest commit

 

History

History
366 lines (246 loc) · 20.5 KB

CHANGELOG.md

File metadata and controls

366 lines (246 loc) · 20.5 KB

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[6.3.3] - 2024-12-27

Fixed

  • Overlays not checking for valid S3 buckets
  • Failures when updating deployments created in version 6.1.0 and prior #559

Security

  • Added allowlist on sharp operations. Info
  • Added deny list on custom headers for base64 encoded requests. Info
  • Added inference of Content-Type header if S3 Metadata provides an unsupported value

[6.3.2] - 2024-11-22

Fixed

[6.3.1] - 2024-10-02

Fixed

  • Base-64 encoded overlayWith call requiring strings in top/left options rather than numbers
  • CloudFront anonymized metrics missing for deployments outside of us-east-1

[6.3.0] - 2024-09-09

Added

  • Additional anonymized metrics system to help understand how the solution is being used, identify areas of improvement, and drive future roadmap decisions.

Changed

  • Cdk update to 2.151.0
  • Default log retention to 180 days
  • Cache-control header on fallback images to use (in order of priority), fallback image metadata, header provided in image request, and default cache control #563

Security

  • Upgraded micromatch to v4.0.8 for vulnerability CVE-2024-4067

[6.2.7] - 2024-08-19

Security

  • Upgraded axios to v1.7.4 for vulnerability CVE-2024-39338

[6.2.6] - 2024-06-27

Added

  • StackId tag to CloudFrontLoggingBucket and its bucket name as a CfnOutput #529
  • Test case to verify UTF-8 support in object key #320
  • Test cases to verify crop functionality #459
  • VERSION.txt and build script change to auto-update local package versions
  • S3:bucket-name tag for defining which source bucket to use in thumbor style requests #521
  • Ability to override whether an image should be animated #456
  • Support for 8-bit depth AVIF image type inference #360

Changed

  • Decreased permissions allotted to CustomResource Lambda and ImageHandler Lambda
  • cdk update to 2.124.0
  • aws-solutions-constructs update to 2.51.0
  • SourceBucketsParameter to require explicit bucket names
  • Demo-ui dependency update
  • Demo-ui to be a package and manage script/stylesheet dependencies through NPM
  • Modified JPEG SOI marker parsing to only check first 2 bytes [#429]

Security

  • Upgraded follow-redirects to v1.15.6 for vulnerability CVE-2024-28849
  • Upgraded braces to v3.0.3 for vulnerability CVE-2024-4068

Removed

  • Unused CopyS3Assets custom resource

Fixed

  • Some error messages indicating incorrect file types
  • Solution version and id not being passed to Backend Lambda
  • Thumbor-style URL matching being overly permissive

[6.2.5] - 2024-01-03

Fixed

  • Ensure accurate image metadata when generating Amazon Rekognition compatible images #374
  • Exclude demo-ui-config from being deleted upon BucketDeployment update sync when updating to a new version

Changed

  • Overlay requests with an overlay image with one or both dimensions greater than the base image now returns a 400 bad request status with the message "Image to overlay must have same dimensions or smaller", previously returned a 500 internal error #405
  • cdk update to 2.118.0
  • typescript update to 5.3.3
  • GIF files without multiple pages are now treated as non-animated, allowing all filters to be used on them #460

Security

  • Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159

[6.2.4] - 2023-12-06

Changed

  • node 20.x Lambda runtimes
  • cdk update to 2.111.0
  • disable gzip compression in cloudfront cache option to improve cache hit ratio #373
  • requests for webp images supported for upper/lower case Accept header #490
  • changed axios version to 1.6.2 for github dependabot reported vulnerability CVE-2023-45857
  • enabled thumbor filter chaining #343

[6.2.3] - 2023-10-20

Fixed

  • Fixing Security Vulnerabilities

Changed

  • Updated the versions of multiple dependencies

[6.2.2] - 2023-09-29

Changed

  • Update package.json Author
  • Modify some license headers to maintain consistency

Security

  • Upgraded sharp to v0.32.6 for vulnerability CVE-2023-4863
  • Upgraded outdated NPM packages

[6.2.1] - 2023-08-03

Fixed

  • Template fails to deploy unless demo UI is enabled #499
  • Thumbor requests of images without a file extension would fail
  • CloudFormation template description was not being generated

Changed

  • Upgraded build requirement to Node 16

[6.2.0] - 2023-08-01

Added

  • Add cdk-helper module to help with packaging cdk generated assets in solutions internal pipelines
  • Use DefaultStackSynthesizer with different configurations to generate template for cdk deploy and on internal solutions pipeline
  • Add esbuild bundler for lambda functions using NodejsFunction, reference aws_lambda_nodejs
  • Refactor pipeline scripts
  • Changes semver dependency version to 7.5.2 for github reported vulnerability CVE-2022-25883
  • Changes word-wrap dependency version to aashutoshrathi/word-wrap for github reported vulnerability CVE-2023-26115

[6.1.2] - 2023-04-14

Changed

  • added s3 bucket ownership control permission and ownership parameter to S3 logging bucket to account for changes in S3 default behavior
  • changed xml2js version to 0.5.0 for github dependabot reported vulnerability CVE-2023-0842

[6.1.1] - 2023-02-09

Added

  • package-lock.json for all modules #426
  • github workflows for running unit test, eslint and prettier formatting, cdk nag, security scans #402
  • demo-ui unicode support #416
  • support for multiple cloudformation stack deployments in the same region #438

Changed

  • axios version update to 1.2.3 #425
  • json5 version update to 1.0.2 #428
  • CodeQL advisory resolutions
  • contributing guidelines

[6.1.0] - 2022-11-10

Added

  • gif support
  • tif support
  • AWS Service Catalog AppRegistry

Changed

  • package version updates
  • CDK v2 migration
  • node 16.x Lambda runtimes

[6.0.0] - 2021-12-21

Changed

  • Note that Version 6.0.0 does not support upgrading from previous versions due to the update that uses the AWS CDK to generate the AWS CloudFormation template.

Added

  • Crop feature in Thumbor URLs: #202
  • TypeScript typings: #293
  • Reduction effort support: #289
  • Allow custom requests for keys without file extensions: #273

Fixed

  • Unexpected behavior after adding support for images without extension: #307
  • Quality filter does not work with format filter (thumbor): #266
  • Auto WebP activated, Content-Type: image/webp returned, but still it's JPG encoded: #305
  • inferImageType doesn't support binary/octet-stream but not application/octet-stream: #306
  • SmartCrop boundary exceeded: #263
  • Custom rewrite does not work without file extensions: #268
  • Secrets manager cost issue: #291
  • inferImageType is slow: #303
  • If the file name contain (),the API will return 404,NoSuchKey,The specified key does not exist: #299
  • fit-in segment in URL path generates 404: #281
  • overlayWith top/left return int after percent conversion: #276

[5.2.0] - 2021-01-29

Added

  • Support for ap-east-1 and me-south-1 regions: #192, #228, #232
  • Unit tests for custom-resource: 100% coverage
  • Cloudfront cache policy and origin request policy: #229
  • Circular cropping feature: #214, #216
  • Unit tests for image-handler: 100% coverage
  • Support for files without extension on thumbor requests: #169, #188
  • Inappropriate content detection feature: #243
  • Unit tests for image-request: 100% coverage

Fixed

  • Graceful failure when no faces are detected using smartCrop and fail on resizing before smartCrop: #132, #133
  • Broken SVG returned if no edits specified and Auto-WebP enabled: #247
  • Removed "--recursive" from README.md: #255
  • fixed issue with failure on resize if width or height is float: #254

Changed

  • Constructs test template for constructs unit test: 100% coverage

[5.1.0] - 2020-11-19

Added

  • Image URL signature: #111, #203, #221, #227
  • AWS Lambda 413 error handling. When the response payload is bigger than 6MB, it throws TooLargeImageException: #35, #97, #193, #204
  • Default fallback image: #137
  • Unit tests for custom resource: 100% coverage
  • Add SVG support. When any edits are used, the output would be automatically PNG unless the output format is specified: #31, #234
  • Custom headers: #182
  • Enabling ALB Support : #201

Fixed

  • Thumbor paths broken if they include "-" and "100x100": #208
  • Rewrite doesn't seem to be working: #121
  • Correct EXIF: #197, #220, #235, #236, #240
  • Sub folder support in Thumbor watermark filter: #231

Changed

  • AWS CDK and AWS Solutions Constructs version (from 1.57.0 to 1.64.1)
  • sharp base version (from 0.25.4 to 0.26.1)
  • Refactors the custom resource Lambda source code
  • Migrate unit tests to use jest
  • Move all aws-sdk in ImageHandler Lambda function to index.js for the best practice
  • Enhance the default error message not to show empty JSON: #206
  • Image URL Signature: When image URL signature is enabled, all URLs including existing URLs should have signature query parameter.

Removed

  • Remove manifest-generator

[5.0.0] - 2020-08-31

Added

  • AWS CDK and AWS Solutions Constructs to create AWS CloudFormation template

Fixed

  • Auto WebP does not work properly: #195, #200, #205
  • A bug where base64 encoding containing slash: #194
  • Thumbor issues:
    • 0 size support: #183
    • convolution filter does not work: #187
    • fill filter does not work: #190
  • Note that duplicated features has been merged gracefully.

Removed

  • AWS CloudFormation template: serverless-image-handler.template

Changed

  • sharp base version (from 0.23.4 to 0.25.4)
  • Remove Promise to return since async functions return promises: #189
  • Unit test statement coverage improvement:
    • image-handler.js: 79.05% to 100%
    • image-request.js: 93.58% to 100%
    • thumbor-mapping.js: 99.29% to 100%
    • overall: 91.55% to 100%

[4.2.0] - 2020-02-06

Added

  • Honor outputFormat Parameter from the pull request #117
  • Support serving images under s3 subdirectories, Fix to make /fit-in/ work; Fix for VipsJpeg: Invalid SOS error plus several other critical fixes from the pull request #130
  • Allow regex in SOURCE_BUCKETS for environment variable from the pull request #138
  • Fix build script on other platforms from the pull request #139
  • Add Cache-Control response header from the pull request #151
  • Add AUTO_WEBP option to automatically serve WebP if the client supports it from the pull request #152
  • Use HTTP 404 & forward Cache-Control, Content-Type, Expires, and Last-Modified headers from S3 from the pull request #158
  • fix: DeprecationWarning: Buffer() is deprecated from the pull request #174
  • Add hex color support for Thumbor filters:background_color and filters:fill #154
  • Add format and watermark support for Thumbor #109, #131, #109
  • Note that duplicated features has been merged gracefully.

Changed

  • sharp base version (from 0.23.3 to 0.23.4)
  • Image handler Amazon CloudFront distribution DefaultCacheBehavior.ForwardedValues.Header to ["Origin", "Accept"] for WebP
  • Image resize process change for filters:no_upscale() handling by withoutEnlargement edit key #144

Fixed

  • Add and fix Cache-control, Content-Type, Expires, and Last-Modified headers to response: #103, #107, #120
  • Fix Amazon S3 bucket subfolder issue: #106, #112, #119, #123, #167, #175
  • Fix HTTP status code for missing images from 500 to 404: #159
  • Fix European character in filename issue: #149
  • Fix image scaling issue for filename containing 'x' character: #163, #176
  • Fix regular expression issue: #114, #121, #125
  • Fix not working quality parameter: #129

[4.1.0] - 2019-12-31

Added

  • CHANGELOG file
  • Access logging to API Gateway

Changed

Removed

  • Reference to deprecated sharp function (overlayWith)
  • Capability to resize images proportionally if width or height is set to 0 (sharp v0.23.1 and later check that the width and height - if present - are positive integers)