Update (Jan 15, 2012): This version has an unpatched memory leak in the GIF and PNG quantization system (Quantizer.cs). The issue has been patched in V3, but V2 has been deprecated for 1 year now. Upgrading is a simple process, and there are currently no plans to make another maintenance release of V2.
This is probably the last update the V2 line will receive, as it was superseded by V3 on Apr. 24. Support for 2.8 will be ending June 15, 2011, 3 years after V2 was first released.
This is a high-priority update for all users, as it blocks a potential avenue for a DOS attack and fixes many important bugs. Users of v2.6 can simply replace the ImageResizer.DLL file or the ImageResizer folder of .cs files. See the changelog if you have an version prior to 2.6, as configuration changes may be required..
It is highly recommended that you upgrade to V3 instead of V2.8, so you can continue to receive support and patches for the next few years. V3 is designed for better performance, has an easier API, and is far more flexible.
Existing users can upgrade before June 15 for only $40 using the discount code 60OFFLOYALTY.
Changes since v2.6
For changes between this and older versions, read the changelog.
Fixed serious limitation of ImageResizerMaxWidth/Height settings.
These settings only control the size of the photo portion of the image. They do not limit the dimensions of the resulting bitmap. By using paddingWidth=100000, an attacker could perform a denial-of-service attack against the server to deprive it of RAM.
New behavior: When the final dimensions of an image would exceed 2x the configured max width and height, the request will be ignored with the following message: "The specified image will be more than 2x the permitted size. Request terminated."
Other bug fixes
- Fixed bug in disk caching system: Cached files modified by just one day or one hour don't get updated.
- Fixed bug: Mime-type: image/x-png was being sent instead of image/png. Causes Chrome to download images instead of displaying them.
- Fixed bug where specifying both width and maxheight would cause width to be ignored.
- Fixed bug: Two simultaneous ImageManager.getBestInstance() calls at app startup could return two different instances.
- Fixed bug causing Dictionary exception on the first request after the app was restarted. Only occurred if two simultaneous requests occurred. Only would happen once per app lifetime.
- Fixed potential bug: Extremely rare Access Denied message occurring on one of 2 simultaneous requests for a newly added source image. No reported occurrences.
- Removed System.Data and System.Xml dependencies.
- Resizer 4.0.5 - Jan-31-2016 - 3 bug fixes
- Resizer 4.0.4 - Oct 25 2015 - Major release with security and massive performance improvements
- Resizer 3.4.3 - May 8 2014 - New release adds metadata copy support, fixes 4 bugs.
- Resizer 3.4.2 - November 26 2013 - New Release adds support for AWSSDK 2
- Resizer 3.4.1 - October 30 2013 - New release features 1 bug fix and 1 enhancement.
- Resizer 3.4.0 - October 17 2013 - New release comes with 4 new plugins and 11 bug fixes.
- Resizer 3.3.3 - March 2 2013 - 2 bug fixes, one in S3Reader, one in WicDecoder
- Resizer 3.3.2 - Jan 24 2013 - 2 bug fixes
- Resizer 3.3.1 - Dec 19 2012 - 8 bug fixes, 1 new plugin
- Resizer 3.3.0 - Dec 3 2012 - 10 bug fixes, 2 new filters, 2 new alpha plugins
- Resizer 3.2.4 - Aug 6 2012 - 7 bug fixes, S3Reader changes, 2 new alpha plugins
- Resizer 3.2 beta 3 - June 30 2012 - 4 bug fixes
- Resizer 3.2 beta 2 - June 20 2012 - 3 bug fixes
- Resizer 3.2 alpha 1 - June 4 2012 - 1 bug fix
- Resizer 3.2 alpha 0 - June 3 2012 - 11 bug fixes (reliability improvements in WicBuilder, Watermark, WhitespaceTrimmer, SqlReader), heavy refactoring, 5 new draft plugins
- Resizer 3.1.5 - Feb 22 2012 - 19 bug fixes, 8 new features, 2 potentially breaking changes
- Resizer 3.1.4 - Jan 22 2012 - 5 bug fixes, 2 minor new features
- Resizer 3.1.3 - Jan 14 2012 - 2 new free plugins, 7 bug fixes
- Resizer 3.1 alpha 2 - Dec 7 2011 - 5 new free plugins, 6 new bundle plugins, 5 rewritten plugins, and innumerable bug fixes
- Resizer 3.0.13 - Oct 12 2011 - 6 bug fixes, raw support, and 1 breaking change (renaming the FriendlyUrls plugin)
- Resizer 3.0.12 - Aug 15 2011 - 12 bug fixes, 10 new features, 3 new plugins since 3.0.11
- Resizer 3.0.11 - July 29 2011 - 5 bug fixes and 2 new plugins since alpha 10
- Resizer 3 alpha 10 - Jun 16 2011 -
- Resizer 3 alpha 9 - Jun 8 2011 - 8 bug fixes and 8 new features
- Resizer 3 alpha 8 - Jun 2 2011 - 4 core bug fixes, 2 new sample projects, and the important fixes to the DiskCache, SqlReader, and AnimatedGifs plugins
- Resizer 2.8 - May 27 2011 - The last build of the version 2 line.
- Resizer 3 alpha 7 - May 26 2011 - 3 stability fixes, jCrop support, COM support, better diagnostics.
- Resizer 3 alpha 5 - May 15 2011 - 7 bug fixes, 5 API changes, and 3 new plugins
- Resizer 3 alpha 3 - May 2 2011 -
- Resizer 3 alpha 2 - Apr 24 2011 -