All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Overlays not checking for valid S3 buckets
- Failures when updating deployments created in version 6.1.0 and prior #559
- Added allowlist on sharp operations. Info
- Added deny list on custom headers for base64 encoded requests. Info
- Added inference of Content-Type header if S3 Metadata provides an unsupported value
- Upgrade cross-spawn to v7.0.6 for vulnerability CVE-2024-9506
- Base-64 encoded overlayWith call requiring strings in top/left options rather than numbers
- CloudFront anonymized metrics missing for deployments outside of us-east-1
- Additional anonymized metrics system to help understand how the solution is being used, identify areas of improvement, and drive future roadmap decisions.
- Cdk update to 2.151.0
- Default log retention to 180 days
- Cache-control header on fallback images to use (in order of priority), fallback image metadata, header provided in image request, and default cache control #563
- Upgraded micromatch to v4.0.8 for vulnerability CVE-2024-4067
- Upgraded axios to v1.7.4 for vulnerability CVE-2024-39338
- StackId tag to CloudFrontLoggingBucket and its bucket name as a CfnOutput #529
- Test case to verify UTF-8 support in object key #320
- Test cases to verify crop functionality #459
- VERSION.txt and build script change to auto-update local package versions
- S3:bucket-name tag for defining which source bucket to use in thumbor style requests #521
- Ability to override whether an image should be animated #456
- Support for 8-bit depth AVIF image type inference #360
- Decreased permissions allotted to CustomResource Lambda and ImageHandler Lambda
- cdk update to 2.124.0
- aws-solutions-constructs update to 2.51.0
- SourceBucketsParameter to require explicit bucket names
- Demo-ui dependency update
- Demo-ui to be a package and manage script/stylesheet dependencies through NPM
- Modified JPEG SOI marker parsing to only check first 2 bytes [#429]
- Upgraded follow-redirects to v1.15.6 for vulnerability CVE-2024-28849
- Upgraded braces to v3.0.3 for vulnerability CVE-2024-4068
- Unused CopyS3Assets custom resource
- Some error messages indicating incorrect file types
- Solution version and id not being passed to Backend Lambda
- Thumbor-style URL matching being overly permissive
- Ensure accurate image metadata when generating Amazon Rekognition compatible images #374
- Exclude demo-ui-config from being deleted upon BucketDeployment update sync when updating to a new version
- Overlay requests with an overlay image with one or both dimensions greater than the base image now returns a 400 bad request status with the message "Image to overlay must have same dimensions or smaller", previously returned a 500 internal error #405
- cdk update to 2.118.0
- typescript update to 5.3.3
- GIF files without multiple pages are now treated as non-animated, allowing all filters to be used on them #460
- Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159
- node 20.x Lambda runtimes
- cdk update to 2.111.0
- disable gzip compression in cloudfront cache option to improve cache hit ratio #373
- requests for webp images supported for upper/lower case Accept header #490
- changed axios version to 1.6.2 for github dependabot reported vulnerability CVE-2023-45857
- enabled thumbor filter chaining #343
- Fixing Security Vulnerabilities
- Updated the versions of multiple dependencies
- Update package.json Author
- Modify some license headers to maintain consistency
- Upgraded sharp to v0.32.6 for vulnerability CVE-2023-4863
- Upgraded outdated NPM packages
- Template fails to deploy unless demo UI is enabled #499
- Thumbor requests of images without a file extension would fail
- CloudFormation template description was not being generated
- Upgraded build requirement to Node 16
- Add
cdk-helper
module to help with packaging cdk generated assets in solutions internal pipelines - Use DefaultStackSynthesizer with different configurations to generate template for
cdk deploy
and on internal solutions pipeline - Add esbuild bundler for lambda functions using
NodejsFunction
, reference aws_lambda_nodejs - Refactor pipeline scripts
- Changes semver dependency version to 7.5.2 for github reported vulnerability CVE-2022-25883
- Changes word-wrap dependency version to aashutoshrathi/word-wrap for github reported vulnerability CVE-2023-26115
- added s3 bucket ownership control permission and ownership parameter to S3 logging bucket to account for changes in S3 default behavior
- changed xml2js version to 0.5.0 for github dependabot reported vulnerability CVE-2023-0842
- package-lock.json for all modules #426
- github workflows for running unit test, eslint and prettier formatting, cdk nag, security scans #402
- demo-ui unicode support #416
- support for multiple cloudformation stack deployments in the same region #438
- axios version update to 1.2.3 #425
- json5 version update to 1.0.2 #428
- CodeQL advisory resolutions
- contributing guidelines
- gif support
- tif support
- AWS Service Catalog AppRegistry
- package version updates
- CDK v2 migration
- node 16.x Lambda runtimes
- Note that Version 6.0.0 does not support upgrading from previous versions due to the update that uses the AWS CDK to generate the AWS CloudFormation template.
- Crop feature in Thumbor URLs: #202
- TypeScript typings: #293
- Reduction effort support: #289
- Allow custom requests for keys without file extensions: #273
- Unexpected behavior after adding support for images without extension: #307
- Quality filter does not work with format filter (thumbor): #266
- Auto WebP activated,
Content-Type: image/webp
returned, but still it's JPG encoded: #305 inferImageType
doesn't support binary/octet-stream but not application/octet-stream: #306- SmartCrop boundary exceeded: #263
- Custom rewrite does not work without file extensions: #268
- Secrets manager cost issue: #291
inferImageType
is slow: #303- If the file name contain
()
,the API will return 404,NoSuchKey,The specified key does not exist: #299 fit-in
segment in URL path generates 404: #281overlayWith
top/left return int after percent conversion: #276
- Support for ap-east-1 and me-south-1 regions: #192, #228, #232
- Unit tests for custom-resource:
100%
coverage - Cloudfront cache policy and origin request policy: #229
- Circular cropping feature: #214, #216
- Unit tests for image-handler:
100%
coverage - Support for files without extension on thumbor requests: #169, #188
- Inappropriate content detection feature: #243
- Unit tests for image-request:
100%
coverage
- Graceful failure when no faces are detected using smartCrop and fail on resizing before smartCrop: #132, #133
- Broken SVG returned if no edits specified and Auto-WebP enabled: #247
- Removed "--recursive" from README.md: #255
- fixed issue with failure on resize if width or height is float: #254
- Constructs test template for constructs unit test:
100%
coverage
- Image URL signature: #111, #203, #221, #227
- AWS Lambda
413
error handling. When the response payload is bigger than 6MB, it throwsTooLargeImageException
: #35, #97, #193, #204 - Default fallback image: #137
- Unit tests for custom resource:
100%
coverage - Add
SVG
support. When any edits are used, the output would be automaticallyPNG
unless the output format is specified: #31, #234 - Custom headers: #182
- Enabling ALB Support : #201
- Thumbor paths broken if they include "-" and "100x100": #208
- Rewrite doesn't seem to be working: #121
- Correct EXIF: #197, #220, #235, #236, #240
- Sub folder support in Thumbor
watermark
filter: #231
- AWS CDK and AWS Solutions Constructs version (from 1.57.0 to 1.64.1)
- sharp base version (from 0.25.4 to 0.26.1)
- Refactors the custom resource Lambda source code
- Migrate unit tests to use
jest
- Move all
aws-sdk
inImageHandler
Lambda function toindex.js
for the best practice - Enhance the default error message not to show empty JSON: #206
- Image URL Signature: When image URL signature is enabled, all URLs including existing URLs should have
signature
query parameter.
- Remove
manifest-generator
- AWS CDK and AWS Solutions Constructs to create AWS CloudFormation template
- Auto WebP does not work properly: #195, #200, #205
- A bug where base64 encoding containing slash: #194
- Thumbor issues:
- Note that duplicated features has been merged gracefully.
- AWS CloudFormation template:
serverless-image-handler.template
- sharp base version (from 0.23.4 to 0.25.4)
- Remove
Promise
to return sinceasync
functions return promises: #189 - Unit test statement coverage improvement:
image-handler.js
:79.05%
to100%
image-request.js
:93.58%
to100%
thumbor-mapping.js
:99.29%
to100%
overall
:91.55%
to100%
- Honor outputFormat Parameter from the pull request #117
- Support serving images under s3 subdirectories, Fix to make /fit-in/ work; Fix for VipsJpeg: Invalid SOS error plus several other critical fixes from the pull request #130
- Allow regex in SOURCE_BUCKETS for environment variable from the pull request #138
- Fix build script on other platforms from the pull request #139
- Add Cache-Control response header from the pull request #151
- Add AUTO_WEBP option to automatically serve WebP if the client supports it from the pull request #152
- Use HTTP 404 & forward Cache-Control, Content-Type, Expires, and Last-Modified headers from S3 from the pull request #158
- fix: DeprecationWarning: Buffer() is deprecated from the pull request #174
- Add hex color support for Thumbor
filters:background_color
andfilters:fill
#154 - Add format and watermark support for Thumbor #109, #131, #109
- Note that duplicated features has been merged gracefully.
- sharp base version (from 0.23.3 to 0.23.4)
- Image handler Amazon CloudFront distribution
DefaultCacheBehavior.ForwardedValues.Header
to["Origin", "Accept"]
for WebP - Image resize process change for
filters:no_upscale()
handling bywithoutEnlargement
edit key #144
- Add and fix Cache-control, Content-Type, Expires, and Last-Modified headers to response: #103, #107, #120
- Fix Amazon S3 bucket subfolder issue: #106, #112, #119, #123, #167, #175
- Fix HTTP status code for missing images from 500 to 404: #159
- Fix European character in filename issue: #149
- Fix image scaling issue for filename containing 'x' character: #163, #176
- Fix regular expression issue: #114, #121, #125
- Fix not working quality parameter: #129
- CHANGELOG file
- Access logging to API Gateway
- Lambda functions runtime to nodejs12.x
- sharp version (from 0.21.3 to 0.23.3)
- Image handler function to use Composite API (https://sharp.pixelplumbing.com/en/stable/api-composite/)
- License to Apache-2.0
- Reference to deprecated sharp function (overlayWith)
- Capability to resize images proportionally if width or height is set to 0 (sharp v0.23.1 and later check that the width and height - if present - are positive integers)