Resizer 2.8 - May 27 2011

Download source, binaries, plugins, and sample code (15MB)

Update (Jan 15, 2012): This version has an unpatched memory leak in the GIF and PNG quantization system (Quantizer.cs). The issue has been patched in V3, but V2 has been deprecated for 1 year now. Upgrading is a simple process, and there are currently no plans to make another maintenance release of V2.

This is probably the last update the V2 line will receive, as it was superseded by V3 on Apr. 24. Support for 2.8 will be ending June 15, 2011, 3 years after V2 was first released.

This is a high-priority update for all users, as it blocks a potential avenue for a DOS attack and fixes many important bugs. Users of v2.6 can simply replace the ImageResizer.DLL file or the ImageResizer folder of .cs files. See the changelog if you have an version prior to 2.6, as configuration changes may be required..

It is highly recommended that you upgrade to V3 instead of V2.8, so you can continue to receive support and patches for the next few years. V3 is designed for better performance, has an easier API, and is far more flexible.

Existing users can upgrade before June 15 for only $40 using the discount code 60OFFLOYALTY.

Upgrade to V3

Download V2.8 (3.5MB)

Download V2.8 DLL only (100K)

Changes since v2.6

For changes between this and older versions, read the changelog.

Critical bugs

  • Fixed serious limitation of ImageResizerMaxWidth/Height settings.
    These settings only control the size of the photo portion of the image. They do not limit the dimensions of the resulting bitmap. By using paddingWidth=100000, an attacker could perform a denial-of-service attack against the server to deprive it of RAM.

    New behavior: When the final dimensions of an image would exceed 2x the configured max width and height, the request will be ignored with the following message: "The specified image will be more than 2x the permitted size. Request terminated."

Other bug fixes

  • Fixed bug in disk caching system: Cached files modified by just one day or one hour don't get updated.
  • Fixed bug: Mime-type: image/x-png was being sent instead of image/png. Causes Chrome to download images instead of displaying them.
  • Fixed bug where specifying both width and maxheight would cause width to be ignored.
  • Fixed bug: Two simultaneous ImageManager.getBestInstance() calls at app startup could return two different instances.
  • Fixed bug causing Dictionary exception on the first request after the app was restarted. Only occurred if two simultaneous requests occurred. Only would happen once per app lifetime.
  • Fixed potential bug: Extremely rare Access Denied message occurring on one of 2 simultaneous requests for a newly added source image. No reported occurrences.
  • Removed System.Data and System.Xml dependencies.

All releases