From 8ed5484efe85aa48bc764f36f0d3dab535969bec Mon Sep 17 00:00:00 2001 From: asonix Date: Sat, 30 Sep 2023 11:50:30 -0500 Subject: [PATCH] Pull over release documents from 0.4.x --- releases/0.4.3.md | 33 +++++++++++++++++++++++++++++ releases/0.4.4.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 releases/0.4.3.md create mode 100644 releases/0.4.4.md diff --git a/releases/0.4.3.md b/releases/0.4.3.md new file mode 100644 index 0000000..3c7f7fe --- /dev/null +++ b/releases/0.4.3.md @@ -0,0 +1,33 @@ +# pict-rs 0.4.3 + +## Overview + +pict-rs 0.4.3 contains a single new feature and a few dependency upgrades. The primary motivation +for publishing this release is to produce new docker images containing the libwebp CVE fix released +within the last few days. + +### Features + +- [External Validation](#external-validation) + + +## Upgrade Notes + +There's no significant changes from 0.4.2, so upgrading should be as simple as pulling a new version +of pict-rs. + + +## Descriptions + +### External Validation + +There is a new config option in the `[media]` section called `external_validation`. This setting +exists to allow custom validation of uploaded images in pict-rs, allowing 3rd party applications to +be developed for further filtering permitted uploads. When this value is set, pict-rs will upload +each uploaded file after initial ingest processing to the provided URL. The `Content-Type` header is +set to the file's media type, and the request's body is simply the uploaded file. The expected +response is a simple 2XX for files that pass validation, and any other status code for files that do +not (although I personally recommend a 4XX response). + +This new value is optional. There is no default value and no first-party application is provided for +providing this extra validation. diff --git a/releases/0.4.4.md b/releases/0.4.4.md new file mode 100644 index 0000000..dac3f33 --- /dev/null +++ b/releases/0.4.4.md @@ -0,0 +1,54 @@ +# pict-rs 0.4.4 + +## Overview + +pict-rs 0.4.4 contains a configuration option and a few dependency upgrades. The primary motivation +for publishing this release is to produce new docker images containing the libvpx CVE fix released +within the last few days. + +### Features + +- [External Validation Timeout](#external-validation-timeout) + + +### Bugfixes + +- [OpenTelemetry Span Disconnection](#opentelemetry-span-disconnection) + + +## Upgrade Notes + +There's no significant changes from 0.4.3, so upgrading should be as simple as pulling a new version +of pict-rs. + + +## Descriptions + +### External Validation Timeout + +A configuration option has been added to change the HTTP Timeout for the external validation +service. This allows letting services that might take a while to respond to be used by extending the +timeout. The default value is 30 seconds. + +Examples: + +```toml +# pict-rs.toml +[media] +external_validation = "http://validation.service/endpoint" +external_validation_timeout = 60 +``` + +``` +# environment variables +PICTRS__MEDIA__EXTERNAL_VALIDATION=http://validation.service/endpoint +PICTRS__MEDIA__EXTERNAL_VALIDATION_TIMEOUT=60 +``` + + +### OpenTelemetry Span Disconnection + +The tracing-opentelemetry dependency has been updated from 0.20 to 0.21, which includes a bugfix for +tracing spans becoming disconnected from each other and making tracing aggregation services (such as +Jaeger) less useful. If your setup includes an OpenTelemetry collector, this update will be +interesting to you.