mirror of
https://git.asonix.dog/asonix/pict-rs
synced 2024-12-22 03:11:24 +00:00
Add 0.5.5 release document
This commit is contained in:
parent
0bc14c810d
commit
9e0cf418e8
1 changed files with 91 additions and 0 deletions
91
releases/0.5.5.md
Normal file
91
releases/0.5.5.md
Normal file
|
@ -0,0 +1,91 @@
|
|||
# pict-rs 0.5.5
|
||||
|
||||
## Overview
|
||||
|
||||
pict-rs 0.5.5 adds a bugfix for uploading images with trailing bytes and few new features for
|
||||
advanced deployments.
|
||||
|
||||
### Features
|
||||
|
||||
- [Imagemagick Security Policy Configuration](#imagemagick-security-policy-configuration)
|
||||
- [Serving with TLS](#serving-with-tls)
|
||||
|
||||
|
||||
### Bugfixes
|
||||
|
||||
- [Broken Pipe Error](#broken-pipe-error)
|
||||
|
||||
|
||||
## Upgrade Notes
|
||||
|
||||
There's no significant changes from 0.5.4, so upgrading should be as simple as pulling a new version
|
||||
of pict-rs.
|
||||
|
||||
|
||||
## Descriptions
|
||||
|
||||
### Imagemagick Security Policy Configuration
|
||||
|
||||
pict-rs now supports configuring the imagemagick security policy via the pict-rs.toml file,
|
||||
environment variables, or via the commandline. The security policy defines the boundaries that
|
||||
imagemagick will operate with, and will allow it to abort processing media that would exceed those
|
||||
boundaries.
|
||||
|
||||
Currently, there are only a few items that can be configured.
|
||||
```toml
|
||||
# pict-rs.toml
|
||||
[media.magick]
|
||||
max_width = 10000
|
||||
max_hight = 10000
|
||||
max_area = 40000000
|
||||
```
|
||||
```bash
|
||||
# environment variables
|
||||
PICTRS__MEDIA__MAGICK__MAX_WIDTH=10000
|
||||
PICTRS__MEDIA__MAGICK__MAX_HEIGHT=10000
|
||||
PICTRS__MEDIA__MAGICK__MAX_AREA=40000000
|
||||
```
|
||||
```bash
|
||||
# commandline
|
||||
pict-rs run \
|
||||
--media-magick-max-width 10000 \
|
||||
--media-magick-max-height 10000 \
|
||||
--media-magick-max-aread 40000000
|
||||
```
|
||||
|
||||
It will also apply the configured `process_timeout` to the security policy.
|
||||
|
||||
|
||||
### Serving with TLS
|
||||
|
||||
pict-rs can now be configured to serve itself over TLS if provided with a server key and a server
|
||||
certificate. This is for more advanced deployments that have Certificate Authority infrastructure in
|
||||
place. When serving over TLS, downstream services need to be configured to access pict-rs over TLS.
|
||||
|
||||
```toml
|
||||
# pict-rs.toml
|
||||
[server]
|
||||
certificate = "/path/to/server.crt"
|
||||
private_key = "/path/to/server.key"
|
||||
```
|
||||
```bash
|
||||
# environment variables
|
||||
PICTRS__SERVER__CERTIFICATE=/path/to/server.crt
|
||||
PICTRS__SERVER__PRIVATE_KEY=/path/to/server.key
|
||||
```
|
||||
```bash
|
||||
# commandline
|
||||
pict-rs run \
|
||||
--certificate /path/to/server.crt \
|
||||
--private-key /path/to/server.key
|
||||
```
|
||||
|
||||
|
||||
### Broken Pipe Error
|
||||
|
||||
In previous 0.5 releases with the default configurations, it was possible for valid images to fail
|
||||
to upload if they contained excess trailing bytes. This was caused by exiftool completing metadata
|
||||
processing on the image bytes before pict-rs had written the entire buffer to exiftool's stdin. The
|
||||
fix was to simply treat the case of stdin closing early as a success, rather than a failure. In the
|
||||
event there was actually an error in exiftool, the command will fail and pict-rs will return a
|
||||
proper status error instead.
|
Loading…
Reference in a new issue