3.0.1

Fixed

• Fix not respecting the parent's #enable_processing value after reading its own (@mshibuya 2df0f53, #2676)
• Fix NoMethodError when a record is rolled back (@y-yagi #2674, #2675)
• Fix filename suffix being removed due to unnecessary deduplication (@mshibuya d68a111, #2672)
• Fix #dup causing unintended name deduplication of copied files (@mshibuya b732acd, #2670)
• Fix initialization failing when active_support/core_ext is not loaded yet (@mshibuya 875d972)

3.0.0

Added

• Support adding suffix to filename on store when path collides with the existing ones (@mshibuya 07a5632, #1855)
• Add image dimension validation (@TsubasaYoshida #2592, 3b1f8b4)
• Provide validation error details via ActiveModel::Errors#details (@mshibuya 9013999, #2150)
• Support clearing #remote_urls by assigning nil (@mshibuya 8307f93, #2067)
• Support configuration of download retry wait time (@tricknotes #2646)
• Support for ActiveRecord::Base#dup (@mshibuya, @BrianHawley 19b33b8, #2645, #1962)
• Add CarrierWave::Storage::Fog::File#to_file for interface consistency with SanitizedFile (@mshibuya 68ce83a, #1960)
• Allow SanitizedFile to accept read with an optional length and output_buffer arguments (@mshibuya 9096459, #1959)
• Add basename and fix extension value for fog file (@leductienttkt #2587)
• Allow uploaders to accept unless conditions (@Vpatel1093 #2588)
• Add retry option to download from remote url (@tashirosota #2577)

Changed

• Stop relying on ActiveModel::Dirty change tracking for removal of unnecessary files (@mshibuya aac25c1)
• Create versions lazily to reflect subclass configurations properly (@mshibuya 1531a67, #1957, #2619)
• [BREAKING CHANGE] Use the resulting file extension on changing format by :convert (@mshibuya #2659, #2125, #2126, #2254)
• Prioritize Magic-detected content type for spoof-tolerance (@mshibuya a2ca59c, #2570)
• Handle assignments in an ActiveModel::Dirty-friendly way (@mshibuya #2658, #2404, #2409, #2468)
• Give a stable name to classes created by the mount_uploader block (@mshibuya f5b09b8, #2407, #2471)
• Give a stable name to version classes (@mshibuya a9de756, #2407, #2471)
• Completely migrate to allowlist/denylist terminology (@mshibuya 7a40ef7, #2536)
• Remove implementation-dependent information from an error message (@akihikodaki #2499)
• Replace mini_mime with marcel (@pjmartorell #2552)
• [BREAKING CHANGE] Change to store files on after_save hook instead of after_commit, with performing cleanup when transaction is rolled back (@fsateler #2546)

Deprecated

• #denylist was deprecated to prefer explicitly opting-in (@mshibuya 7a40ef7, #2536)

Removed

• Drop support for Ruby < 2.5 and Rails 5.x (@mshibuya 229594f)
• Remove support for Merb (@seuros #2566)

Fixed

• Fix CarrierWave::Storage::Fog::File#read breaking when the file doesn't exist (@mshibuya 246eb01, #2524)
• Fix to preserve the original URI as much as possible on download (@mshibuya 2f3afaf, #2631)
• Fix not to invoke content type detection on #copy_to as it's costly (@mshibuya 6c6e2dc, #2465)
• Fix calling #=~ on non-String breaking in Ruby 3.2 (@aubinlrx #2653, fd03ddd)
• Fix #clean_cache! to respect the uploader's root, not the global one (@sawasaki-narumi #2652, 3cb9992, #2113)
• Fix to use helper method #fog_provider instead of checking #fog_credentials (@joshuamsager #2660)
• Fix being unable to delete a file by assigning nil (@mshibuya f8ea354, #2654, #2613)
• Fix to raise exception when ImageMagick is not installed (@mshibuya d90c399, #2060)
• Fix to remove unnecessary floodfill in CarrierWave::RMagick#resize_and_pad (@mshibuya f34a9bd)
• Fix #{column}_cache= fails to be stored when set as a nested attribute (@mshibuya e84d11e, #2206)
• Fix to use AWS S3 regional endpoints when using virtual-hosted style (@mshibuya 8dace34, #2523)
• Fix to respect condition on processing a derived version (@mshibuya 1fecddc, #2516)
• Fix #recreate_versions! affecting the original file (@mshibuya a67bfb6, 5f00715, #2480, #2655)
• Fix remove_#{column}! doesn't remove the file immediately (@mshibuya b719fb3, #2540)
• Fix column value populated without a file when using filename override (@mshibuya [f1eff6e](f1eff6e212fb0c374c92359...

3.0.0.rc

Added

• Support adding suffix to filename on store when path collides with the existing ones (@mshibuya 07a5632, #1855)
• Add image dimension validation (@TsubasaYoshida #2592, 3b1f8b4)
• Provide validation error details via ActiveModel::Errors#details (@mshibuya 9013999, #2150)
• Support clearing #remote_urls by assigning nil (@mshibuya 8307f93, #2067)
• Support configuration of download retry wait time (@tricknotes #2646)
• Support for ActiveRecord::Base#dup (@mshibuya, @BrianHawley 19b33b8, #2645, #1962)
• Add CarrierWave::Storage::Fog::File#to_file for interface consistency with SanitizedFile (@mshibuya 68ce83a, #1960)
• Allow SanitizedFile to accept read with an optional length and output_buffer arguments (@mshibuya 9096459, #1959)

Changed

• Stop relying on ActiveModel::Dirty change tracking for removal of unnecessary files (@mshibuya aac25c1)
• Create versions lazily to reflect subclass configurations properly (@mshibuya 1531a67, #1957, #2619)
• [BREAKING CHANGE] Use the resulting file extension on changing format by :convert (@mshibuya #2659, #2125, #2126, #2254)
• Prioritize Magic-detected content type for spoof-tolerance (@mshibuya a2ca59c, #2570)
• Handle assignments in an ActiveModel::Dirty-friendly way (@mshibuya #2658, #2404, #2409, #2468)
• Give a stable name to classes created by the mount_uploader block (@mshibuya f5b09b8, #2407, #2471)
• Give a stable name to version classes (@mshibuya a9de756, #2407, #2471)

Fixed

• Fix CarrierWave::Storage::Fog::File#read breaking when the file doesn't exist (@mshibuya 246eb01, #2524)
• Fix to preserve the original URI as much as possible on download (@mshibuya 2f3afaf, #2631)
• Fix not to invoke content type detection on #copy_to as it's costly (@mshibuya 6c6e2dc, #2465)
• Fix calling #=~ on non-String breaking in Ruby 3.2 (@aubinlrx #2653, fd03ddd)
• Fix #clean_cache! to respect the uploader's root, not the global one (@sawasaki-narumi #2652, 3cb9992, #2113)
• Fix to use helper method #fog_provider instead of checking #fog_credentials (@joshuamsager #2660)
• Fix being unable to delete a file by assigning nil (@mshibuya f8ea354, #2654, #2613)
• Fix to raise exception when ImageMagick is not installed (@mshibuya d90c399, #2060)
• Fix to remove unnecessary floodfill in CarrierWave::RMagick#resize_and_pad (@mshibuya f34a9bd)
• Fix #{column}_cache= fails to be stored when set as a nested attribute (@mshibuya e84d11e, #2206)
• Fix to use AWS S3 regional endpoints when using virtual-hosted style (@mshibuya 8dace34, #2523)
• Fix to respect condition on processing a derived version (@mshibuya 1fecddc, #2516)
• Fix #recreate_versions! affecting the original file (@mshibuya a67bfb6, 5f00715, #2480, #2655)
• Fix remove_#{column}! doesn't remove the file immediately (@mshibuya b719fb3, #2540)
• Fix column value populated without a file when using filename override (@mshibuya f1eff6e, #2284)
• Fix boolean configurations couldn't be set to false on a per-uploader basis (@megane42 #2642)
• Fix #clean_cache! breaking with directories that doesn't conform to CarrierWave's cache_id format (@BrianHawley #2641)

2.2.4

Fixed

• Fix Ruby 2.7 keyword argument warning in uploader process (@SuperTux88 #2665, #2636, #2635)

1.3.3

Fixed

• Fix Ruby 2.7 deprecation warning on Mounter#remove? (@kaoru #2644)
• Limit ssrf_filter to < 1.1.0 due to the breaking changes at 1.1.0 (@marcogregorius #2640)

2.2.3

Fixed

• Add workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@mshibuya c74579d, #2628)
• Add workaround for the API change in ssrf_filter 1.1 (@BrianHawley #2629, #2625)

3.0.0.beta

Added

• Add basename and fix extension value for fog file (@leductienttkt #2587)
• Allow uploaders to accept unless conditions (@Vpatel1093 #2588)
• Add retry option to download from remote url (@tashirosota #2577)

Deprecated

• #denylist was deprecated to prefer explicitly opting-in (@mshibuya 7a40ef7, #2536)

Changed

• Completely migrate to allowlist/denylist terminology (@mshibuya 7a40ef7, #2536)
• Remove implementation-dependent information from an error message (@akihikodaki #2499)
• Replace mini_mime with marcel (@pjmartorell #2552)
• [BREAKING CHANGE] Change to store files on after_save hook instead of after_commit, with performing cleanup when transaction is rolled back (@fsateler #2546)

Removed

• Drop support for Ruby < 2.5 and Rails 5.x (@mshibuya 229594f)
• Remove support for Merb (@seuros #2566)

Fixed

• Add Workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@mshibuya 65bf0d9, #2628)
• Fix Ruby 2.7 keyword argument warning in uploader process (@nachiket87 #2636, #2635)
• Raise DownloadError when no content is returned (@BrianHawley #2633, #2632)
• Add workaround for the API change in ssrf_filter 1.1 (@BrianHawley #2629, #2625)
• Fix Content-Type not being copied when using fog-google (@smnscp #2614)
• Fix failing to save after limiting the columns with ActiveRecord's #select (@wonda-tea-coffee #2613, #2608)
• Fix content type detection for JSON files (@smnscp #2618)
• Remove invalid byte sequences from the sanitized filename (@alexdunae #2606)
• Fix issue with copying a fog file larger than 5GB (@slonopotamus #2583)
• Stop closing StringIO-based file after CarrierWave::SanitizedFile#read (@aleksandrs-ledovskis #2571)

2.2.2

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@pjmartorell #2562, #2559)

2.2.1

Changed

• Replace mimemagic with marcel due to licensing concern (@pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@mshibuya 42c620a1, #2532)

2.2.0

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@inkstak #2474, #2424)
• Skip content type and extension filters where possible (@alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@kmiyake #2510)
• Fix mime type detection for MS Office files (@anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)