2
0
Fork 0
mirror of https://git.asonix.dog/asonix/pict-rs synced 2024-11-20 11:21:14 +00:00
pict-rs/releases/0.5.5.md

2.6 KiB

pict-rs 0.5.5

Overview

pict-rs 0.5.5 adds a bugfix for uploading images with trailing bytes and few new features for advanced deployments.

Features

Bugfixes

Upgrade Notes

There's no significant changes from 0.5.4, so upgrading should be as simple as pulling a new version of pict-rs.

Descriptions

Imagemagick Security Policy Configuration

pict-rs now supports configuring the imagemagick security policy via the pict-rs.toml file, environment variables, or via the commandline. The security policy defines the boundaries that imagemagick will operate with, and will allow it to abort processing media that would exceed those boundaries.

Currently, there are only a few items that can be configured.

# pict-rs.toml
[media.magick]
max_width = 10000
max_hight = 10000
max_area = 40000000
# environment variables
PICTRS__MEDIA__MAGICK__MAX_WIDTH=10000
PICTRS__MEDIA__MAGICK__MAX_HEIGHT=10000
PICTRS__MEDIA__MAGICK__MAX_AREA=40000000
# commandline
pict-rs run \
    --media-magick-max-width 10000 \
    --media-magick-max-height 10000 \
    --media-magick-max-aread 40000000

It will also apply the configured process_timeout to the security policy.

Serving with TLS

pict-rs can now be configured to serve itself over TLS if provided with a server key and a server certificate. This is for more advanced deployments that have Certificate Authority infrastructure in place. When serving over TLS, downstream services need to be configured to access pict-rs over TLS.

# pict-rs.toml
[server]
certificate = "/path/to/server.crt"
private_key = "/path/to/server.key"
# environment variables
PICTRS__SERVER__CERTIFICATE=/path/to/server.crt
PICTRS__SERVER__PRIVATE_KEY=/path/to/server.key
# commandline
pict-rs run \
    --certificate /path/to/server.crt \
    --private-key /path/to/server.key

Broken Pipe Error

In previous 0.5 releases with the default configurations, it was possible for valid images to fail to upload if they contained excess trailing bytes. This was caused by exiftool completing metadata processing on the image bytes before pict-rs had written the entire buffer to exiftool's stdin. The fix was to simply treat the case of stdin closing early as a success, rather than a failure. In the event there was actually an error in exiftool, the command will fail and pict-rs will return a proper status error instead.