CHANGELOG.md

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[6.3.2] - 2024-11-22

Fixed

• Upgrade cross-spawn to v7.0.6 for vulnerability CVE-2024-9506

[6.3.1] - 2024-10-02

Fixed

• Base-64 encoded overlayWith call requiring strings in top/left options rather than numbers
• CloudFront anonymized metrics missing for deployments outside of us-east-1

[6.3.0] - 2024-09-09

Added

• Additional anonymized metrics system to help understand how the solution is being used, identify areas of improvement, and drive future roadmap decisions.

Changed

• Cdk update to 2.151.0
• Default log retention to 180 days
• Cache-control header on fallback images to use (in order of priority), fallback image metadata, header provided in image request, and default cache control #563

Security

• Upgraded micromatch to v4.0.8 for vulnerability CVE-2024-4067

[6.2.7] - 2024-08-19

Security

• Upgraded axios to v1.7.4 for vulnerability CVE-2024-39338

[6.2.6] - 2024-06-27

Added

• StackId tag to CloudFrontLoggingBucket and its bucket name as a CfnOutput #529
• Test case to verify UTF-8 support in object key #320
• Test cases to verify crop functionality #459
• VERSION.txt and build script change to auto-update local package versions
• S3:bucket-name tag for defining which source bucket to use in thumbor style requests #521
• Ability to override whether an image should be animated #456
• Support for 8-bit depth AVIF image type inference #360

Changed

• Decreased permissions allotted to CustomResource Lambda and ImageHandler Lambda
• cdk update to 2.124.0
• aws-solutions-constructs update to 2.51.0
• SourceBucketsParameter to require explicit bucket names
• Demo-ui dependency update
• Demo-ui to be a package and manage script/stylesheet dependencies through NPM
• Modified JPEG SOI marker parsing to only check first 2 bytes [#429]

Security

• Upgraded follow-redirects to v1.15.6 for vulnerability CVE-2024-28849
• Upgraded braces to v3.0.3 for vulnerability CVE-2024-4068

Removed

• Unused CopyS3Assets custom resource

Fixed

• Some error messages indicating incorrect file types
• Solution version and id not being passed to Backend Lambda
• Thumbor-style URL matching being overly permissive

[6.2.5] - 2024-01-03

Fixed

• Ensure accurate image metadata when generating Amazon Rekognition compatible images #374
• Exclude demo-ui-config from being deleted upon BucketDeployment update sync when updating to a new version

Changed

• Overlay requests with an overlay image with one or both dimensions greater than the base image now returns a 400 bad request status with the message "Image to overlay must have same dimensions or smaller", previously returned a 500 internal error #405
• cdk update to 2.118.0
• typescript update to 5.3.3
• GIF files without multiple pages are now treated as non-animated, allowing all filters to be used on them #460

Security

• Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159

[6.2.4] - 2023-12-06

Changed

• node 20.x Lambda runtimes
• cdk update to 2.111.0
• disable gzip compression in cloudfront cache option to improve cache hit ratio #373
• requests for webp images supported for upper/lower case Accept header #490
• changed axios version to 1.6.2 for github dependabot reported vulnerability CVE-2023-45857
• enabled thumbor filter chaining #343

[6.2.3] - 2023-10-20

Fixed

• Fixing Security Vulnerabilities

Changed

• Updated the versions of multiple dependencies

[6.2.2] - 2023-09-29

Changed

• Update package.json Author
• Modify some license headers to maintain consistency

Security

• Upgraded sharp to v0.32.6 for vulnerability CVE-2023-4863
• Upgraded outdated NPM packages

[6.2.1] - 2023-08-03

Fixed

• Template fails to deploy unless demo UI is enabled #499
• Thumbor requests of images without a file extension would fail
• CloudFormation template description was not being generated

Changed

• Upgraded build requirement to Node 16

[6.2.0] - 2023-08-01

Added

• Add cdk-helper module to help with packaging cdk generated assets in solutions internal pipelines
• Use DefaultStackSynthesizer with different configurations to generate template for cdk deploy and on internal solutions pipeline
• Add esbuild bundler for lambda functions using NodejsFunction, reference aws_lambda_nodejs
• Refactor pipeline scripts
• Changes semver dependency version to 7.5.2 for github reported vulnerability CVE-2022-25883
• Changes word-wrap dependency version to aashutoshrathi/word-wrap for github reported vulnerability CVE-2023-26115

[6.1.2] - 2023-04-14

Changed

• added s3 bucket ownership control permission and ownership parameter to S3 logging bucket to account for changes in S3 default behavior
• changed xml2js version to 0.5.0 for github dependabot reported vulnerability CVE-2023-0842

[6.1.1] - 2023-02-09

Added

• package-lock.json for all modules #426
• github workflows for running unit test, eslint and prettier formatting, cdk nag, security scans #402
• demo-ui unicode support #416
• support for multiple cloudformation stack deployments in the same region #438

Changed

• axios version update to 1.2.3 #425
• json5 version update to 1.0.2 #428
• CodeQL advisory resolutions
• contributing guidelines

[6.1.0] - 2022-11-10

Added

• gif support
• tif support
• AWS Service Catalog AppRegistry

Changed

• package version updates
• CDK v2 migration
• node 16.x Lambda runtimes

[6.0.0] - 2021-12-21

Changed

• Note that Version 6.0.0 does not support upgrading from previous versions due to the update that uses the AWS CDK to generate the AWS CloudFormation template.

Added

• Crop feature in Thumbor URLs: #202
• TypeScript typings: #293
• Reduction effort support: #289
• Allow custom requests for keys without file extensions: #273

Fixed

• Unexpected behavior after adding support for images without extension: #307
• Quality filter does not work with format filter (thumbor): #266
• Auto WebP activated, Content-Type: image/webp returned, but still it's JPG encoded: #305
• inferImageType doesn't support binary/octet-stream but not application/octet-stream: #306
• SmartCrop boundary exceeded: #263
• Custom rewrite does not work without file extensions: #268
• Secrets manager cost issue: #291
• inferImageType is slow: #303
• If the file name contain ()，the API will return 404,NoSuchKey,The specified key does not exist: #299
• fit-in segment in URL path generates 404: #281
• overlayWith top/left return int after percent conversion: #276

[5.2.0] - 2021-01-29

Added

• Support for ap-east-1 and me-south-1 regions: #192, #228, #232
• Unit tests for custom-resource: 100% coverage
• Cloudfront cache policy and origin request policy: #229
• Circular cropping feature: #214, #216
• Unit tests for image-handler: 100% coverage
• Support for files without extension on thumbor requests: #169, #188
• Inappropriate content detection feature: #243
• Unit tests for image-request: 100% coverage

Fixed

• Graceful failure when no faces are detected using smartCrop and fail on resizing before smartCrop: #132, #133
• Broken SVG returned if no edits specified and Auto-WebP enabled: #247
• Removed "--recursive" from README.md: #255
• fixed issue with failure on resize if width or height is float: #254

Changed

• Constructs test template for constructs unit test: 100% coverage

[5.1.0] - 2020-11-19

Added

• Image URL signature: #111, #203, #221, #227
• AWS Lambda 413 error handling. When the response payload is bigger than 6MB, it throws TooLargeImageException: #35, #97, #193, #204
• Default fallback image: #137
• Unit tests for custom resource: 100% coverage
• Add SVG support. When any edits are used, the output would be automatically PNG unless the output format is specified: #31, #234
• Custom headers: #182
• Enabling ALB Support : #201

Fixed

• Thumbor paths broken if they include "-" and "100x100": #208
• Rewrite doesn't seem to be working: #121
• Correct EXIF: #197, #220, #235, #236, #240
• Sub folder support in Thumbor watermark filter: #231

Changed

• AWS CDK and AWS Solutions Constructs version (from 1.57.0 to 1.64.1)
• sharp base version (from 0.25.4 to 0.26.1)
• Refactors the custom resource Lambda source code
• Migrate unit tests to use jest
• Move all aws-sdk in ImageHandler Lambda function to index.js for the best practice
• Enhance the default error message not to show empty JSON: #206
• Image URL Signature: When image URL signature is enabled, all URLs including existing URLs should have signature query parameter.

Removed

• Remove manifest-generator

[5.0.0] - 2020-08-31

Added

• AWS CDK and AWS Solutions Constructs to create AWS CloudFormation template

Fixed

• Auto WebP does not work properly: #195, #200, #205
• A bug where base64 encoding containing slash: #194
• Thumbor issues:
  • 0 size support: #183
  • convolution filter does not work: #187
  • fill filter does not work: #190
• Note that duplicated features has been merged gracefully.

Removed

• AWS CloudFormation template: serverless-image-handler.template

Changed

• sharp base version (from 0.23.4 to 0.25.4)
• Remove Promise to return since async functions return promises: #189
• Unit test statement coverage improvement:
  • image-handler.js: 79.05% to 100%
  • image-request.js: 93.58% to 100%
  • thumbor-mapping.js: 99.29% to 100%
  • overall: 91.55% to 100%

[4.2.0] - 2020-02-06

Added

• Honor outputFormat Parameter from the pull request #117
• Support serving images under s3 subdirectories, Fix to make /fit-in/ work; Fix for VipsJpeg: Invalid SOS error plus several other critical fixes from the pull request #130
• Allow regex in SOURCE_BUCKETS for environment variable from the pull request #138
• Fix build script on other platforms from the pull request #139
• Add Cache-Control response header from the pull request #151
• Add AUTO_WEBP option to automatically serve WebP if the client supports it from the pull request #152
• Use HTTP 404 & forward Cache-Control, Content-Type, Expires, and Last-Modified headers from S3 from the pull request #158
• fix: DeprecationWarning: Buffer() is deprecated from the pull request #174
• Add hex color support for Thumbor filters:background_color and filters:fill #154
• Add format and watermark support for Thumbor #109, #131, #109
• Note that duplicated features has been merged gracefully.

Changed

• sharp base version (from 0.23.3 to 0.23.4)
• Image handler Amazon CloudFront distribution DefaultCacheBehavior.ForwardedValues.Header to ["Origin", "Accept"] for WebP
• Image resize process change for filters:no_upscale() handling by withoutEnlargement edit key #144

Fixed

• Add and fix Cache-control, Content-Type, Expires, and Last-Modified headers to response: #103, #107, #120
• Fix Amazon S3 bucket subfolder issue: #106, #112, #119, #123, #167, #175
• Fix HTTP status code for missing images from 500 to 404: #159
• Fix European character in filename issue: #149
• Fix image scaling issue for filename containing 'x' character: #163, #176
• Fix regular expression issue: #114, #121, #125
• Fix not working quality parameter: #129

[4.1.0] - 2019-12-31

Added

• CHANGELOG file
• Access logging to API Gateway

Changed

• Lambda functions runtime to nodejs12.x
• sharp version (from 0.21.3 to 0.23.3)
• Image handler function to use Composite API (https://sharp.pixelplumbing.com/en/stable/api-composite/)
• License to Apache-2.0

Removed

• Reference to deprecated sharp function (overlayWith)
• Capability to resize images proportionally if width or height is set to 0 (sharp v0.23.1 and later check that the width and height - if present - are positive integers)