Releases: aws-solutions/serverless-image-handler
Releases · aws-solutions/serverless-image-handler
v6.3.0
Added
- Additional anonymized metrics system to help understand how the solution is being used, identify areas of improvement, and drive future roadmap decisions.
Changed
- Cdk update to 2.151.0
- Default log retention to 180 days
- Cache-control header on fallback images to use (in order of priority), fallback image metadata, header provided in image request, and default cache control #563
Security
- Upgraded micromatch to v4.0.8 for vulnerability CVE-2024-4067
v6.2.7
Security
- Upgraded axios to v1.7.4 for vulnerability CVE-2024-39338
- Adds Security.md file to provide guidance around reporting security vulnerabilities.
Removed
- Properly deletes files removed in previous versions.
v6.2.6
Added
- StackId tag to CloudFrontLoggingBucket and its bucket name as a CfnOutput #529
- Test case to verify UTF-8 support in object key #320
- Test cases to verify crop functionality #459
- VERSION.txt and build script change to auto-update local package versions
- S3:bucket-name tag for defining which source bucket to use in thumbor style requests #521
- Ability to override whether an image should be animated #456
- Support for 8-bit depth AVIF image type inference #360
Changed
- Decreased permissions allotted to CustomResource Lambda and ImageHandler Lambda
- cdk update to 2.124.0
- aws-solutions-constructs update to 2.51.0
- SourceBucketsParameter to require explicit bucket names
- Demo-ui dependency update
- Demo-ui to be a package and manage script/stylesheet dependencies through NPM
- Modified JPEG SOI marker parsing to only check first 2 bytes [#429]
Security
- Upgraded follow-redirects to v1.15.6 for vulnerability CVE-2024-28849
- Upgraded braces to v3.0.3 for vulnerability CVE-2024-4068
Removed
- Unused CopyS3Assets custom resource
Fixed
- Some error messages indicating incorrect file types
- Solution version and id not being passed to Backend Lambda
- Thumbor-style URL matching being overly permissive
v6.2.5
Fixed
- Ensure accurate image metadata when generating Amazon Rekognition compatible images #374
- Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159
- Exclude demo-ui-config from being deleted upon BucketDeployment update sync when updating to a new version
Changed
- Overlay requests with an overlay image with one or both dimensions greater than the base image now returns a 400 bad request status with the message "Image to overlay must have same dimensions or smaller", previously returned a 500 internal error #405
- cdk update to 2.118.0
- typescript update to 5.3.3
- GIF files without multiple pages are now treated as non-animated, allowing all filters to be used on them #460
v6.2.4
[6.2.4] - 2023-12-06
Changed
- node 20.x Lambda runtimes
- cdk update to 2.111.0
- disable gzip compression in cloudfront cache option to improve cache hit ratio #373
- requests for webp images supported for upper/lower case Accept header #490
- changed axios version to 1.6.2 for github dependabot reported vulnerability CVE-2023-45857
- enabled thumbor filter chaining #343
v6.2.3
v6.2.2
Changed
- Update package.json Author
- Modify some license headers to maintain consistency
Security
- Upgraded sharp to v0.32.6 for vulnerability CVE-2023-4863
- Upgraded outdated NPM packages
v6.2.1
v6.2.0
[6.2.0] - 2023-08-01
Added
- Add
cdk-helpermodule to help with packaging cdk generated assets in solutions internal pipelines - Use DefaultStackSynthesizer with different configurations to generate template for
cdk deployand on internal solutions pipeline - Add esbuild bundler for lambda functions using
NodejsFunction, reference aws_lambda_nodejs - Refactor pipeline scripts
- Changes semver dependency version to 7.5.2 for github reported vulnerability CVE-2022-25883
- Changes word-wrap dependency version to aashutoshrathi/word-wrap for github reported vulnerability CVE-2023-26115
v6.1.2
[6.1.2] - 2023-04-14
Changed
- added s3 bucket ownership control permission and ownership parameter to S3 logging bucket to account for changes in S3 default behavior
- changed xml2js version to 0.5.0