v4.0.2

• The exploded application is more reliably cleaned up at shutdown when running in standalone mode.
• KakaduNativeProcessor supports JPEG2000-compatible JPX source images.
• Fixed an error from KakaduDemoProcessor in Windows when using a system locale that uses characters other than periods as decimal separators.
• Fixed incorrect redaction positioning when scaling.
• Fixed an error from processors that use a Java 2D processing pipeline when attempting to scale a source image that is natively less than three pixels in either dimension, or has been cropped to that size.
• Fixed an empty response when image overlays are enabled but the overlay pathname or URL is invalid. Instead, images are served without the overlay, and warnings logged.
• Updated Jetty to version 9.4.12, which fixes a potential connection leak in long-running servers when using HttpSource. (Thanks to @giancarlobi)
• Miscellaneous other dependency updates.

v4.0.1

• Fixed a regression introduced in 3.4.3 that could cause URIs to appear with the wrong scheme in information responses and Link headers. (Thanks to @mmatela and @jweisman)
• Fixed a bug that caused the minimum tile size in IIIF Image API 2.x information responses to be 512 regardless of the setting of endpoint.iiif.min_tile_size.
• Fixed a connection leak in HttpSource.
• Improved the resiliency of the internal JPEG2000 parser used by KakaduDemoProcessor and OpenJpegProcessor.
• Fixed KakaduNativeProcessor's handling of sizeByDistortedWidthHeight requests.
• Removed an error message that would appear in the log when the delegate script file was not found but the delegate script was disabled.
• The X-Forwarded-Host reverse proxy header may contain a port number, which will be used if X-Forwarded-Port is not supplied.

v3.4.4

• Fixed a regression introduced in 3.4.3 that could cause URIs to appear with the wrong scheme in information responses and Link headers. (Thanks to @mmatela and @jweisman)
• The X-Forwarded-Host reverse proxy header may contain a port, which will be used if X-Forwarded-Port is not supplied.

v4.0

Endpoints

• A new X-Forwarded-ID reverse proxy header replaces X-IIIF-ID, which has been deprecated, and will be removed in a future version.
• Error response representations are in text/plain format in the absence of a client preference.
• When endpoint.iiif.content_disposition is set to inline, the Content-Disposition header value includes a filename-safe version of the image identifier.

Sources

• Resolvers have been renamed sources to better reflect their core function.
• AmazonS3Resolver has been renamed S3Source, and it now supports non-AWS endpoints.
• S3Source supports a configurable path prefix and suffix when using BasicLookupStrategy.
• AzureStorageSource supports shared access signature (SAS) URIs. (Thanks to @ddisciascio)
• Improved the efficiency of source cache content access when cache.server.resolve_first = false.
• All sources fall back to checking the magic bytes in image data if they cannot infer a format any other way.

Processors

• KakaduProcessor has been renamed KakaduDemoProcessor to reflect the fact that it interfaces with the Kakadu demo tool, kdu_expand, and not the native library.
• Added KakaduNativeProcessor, as well as compiled binaries for Linux, macOS, and Windows, which are free to use with it for non-commercial purposes.
• Added DownloadStrategy as another optional retrieval strategy for stream-based processors, and as an optional fallback strategy. This enables all processors to work with all sources with no extra configuration.
• JPEG2000-compatible JPX images are readable by all processors that support JPEG2000.
• JaiProcessor has been deprecated. See the user manual for more information.
• KakaduDemoProcessor and OpenJpegProcessor work in Windows.
• KakaduDemoProcessor and OpenJpegProcessor read image metadata using custom code, which is more efficient than using the respective kdu_jp2info and opj_dump tools, and enables them to read the number of decomposition levels, which improves reliability when decoding images with less-common level counts.
• Image I/O plugins can be selected on a per-format basis.
• Improved the efficiency of the Java 2D resample filters.
• When using the Java 2D pipeline to downscale to less than three pixels on a side, an empty image with the correct dimensions is returned, rather than a downscaled 3x3 image, which is the smallest size that the Java 2D resample filters support.
• Java2dProcessor supports animated GIFs.
• Java2dProcessor supports CMYK & YCCK JPEGs.
• Worked around some behavior of the opj_decompress tool that could cause OpenJpegProcessor to break. (Thanks to @adam-vessey)
• Improved PdfBoxProcessor's validation of requests for multi-page PDFs whose pages have inconsistent dimensions.
• The processor.limit_to_8_bits configuration option is no longer available. All output is limited to 8 bits.
• Disabled support for GIF source images in JaiProcessor, as it was buggy and other processors can handle GIF better.

Caching

• AmazonS3Cache has been renamed S3Cache, and it now supports non-AWS endpoints.
• The time-to-live of the source and derivative caches is independently configurable.
• The cache worker dumps the contents of HeapCache during its shifts, if both are enabled and if HeapCache persistence is also enabled.
• The cache worker's work interval specifies the amount of time between the end of one shift and the beginning of the next, rather between the start of one shift and the next.
• The deprecated DELETE /cache/:identifier HTTP API method has been removed.

Delegate Script

• The delegate script has been redesigned as a class that is instantiated per-request. See the "Delegate Script" section of the user manual for detailed information.

Other

• Java 10 (18.3) is supported.
• Updated JRuby to 9.1.17.0.

v3.4.3

• Updated the Jackson dependency to address the following security vulnerabilities: CVE-2018-7489, CVE-2018-5968, CVE-2017-15095.
• AmazonS3Resolver and AmazonS3Cache can obtain credentials from Amazon container environment variables or EC2 Instance Metadata Service.
• Arbitrary X-Forwarded headers are respected without X-Forwarded-Host needing to be set. (Thanks to @jweisman)
• Fixed a potential resource leak involving stream-based resolvers.
• Fixed HttpResolver's handling of semicolon-delimited Content-Type header values.
• Fixed palette corruption when cropping source images with indexed color with Java2dProcessor.
• Fixed a NullPointerException when using the info cache without a derivative cache.
• Other minor fixes.

v3.4.2

• Fixed a leak when using HttpResolver in a Servlet container that resulted in an inability to shut down properly. (Thanks to @punkfairy)
• Fixed aspect-fit scale-to-height not working properly in ImageMagickProcessor and GraphicsMagickProcessor.
• Fixed incorrect URIs in responses when using slash substitution or URI-encoded identifiers.
• Efficiency improvements in AmazonS3Resolver and AzureStorageResolver.
• OutOfMemoryErrors during image responses are logged at error level rather than info-level.
• Improved the reliability of ImageIO plugin selection.
• Updated the PDFBox dependency to version 2.0.8.

v3.4.1

• Improved efficiency when handling a request for a bitonal or gray image when the source image is already bitonal or gray. (Thanks to @adam-vessey)
• Fixed upscaling by percent in KakaduProcessor and OpenJpegProcessor.
• Efficiency improvements in PdfBoxProcessor.
• Improved the reliability of source cache downloading and content acquisition.
• Miscellaneous reliability improvements in AmazonS3Resolver and AmazonS3Cache.
• Fixed certain server misconfigurations causing HTTP 400 (Bad Request) responses rather than HTTP 500 (Internal Server Error).

v3.4

Endpoints

• HTTP/2 can be enabled in standalone mode. (H2 requires Java 9, but H2C works in Java 8.)
• The accept queue limit of the standalone HTTP & HTTPS servers is configurable.
• The minimum size in IIIF Image API 2.x info.json responses is configurable. (Thanks to @cbeer)
• The maximum size in IIIF Image API 2.x info.json responses is the full image size, rather than half size. (Thanks to @cbeer)
• The IIIF Image API 1.x endpoint returns a JPEG image, rather than GIF, when no client preference is expressed in the URI or Accept header.
• Certain derivative cache errors can be recovered from without causing an error response.
• The sizes key in Image API 2.x information responses respects the max_pixels configuration option.
• Image and information endpoints return 501 Not Implemented, rather than 500 Internal Server Error, when the selected processor does not support the requested source format.
• Image requests may include a ?response-content-disposition query argument to suggest a response Content-Disposition header value.
• Added several HTTP API methods for cache management.
• Changes to HTTP Basic authorization settings in all endpoints take effect without restarting.
• All endpoints support the HTTP OPTIONS method.
• Status items in the Control Panel update automatically via AJAX.
• The username used to access the Control Panel is configurable.

Resolvers

• Miscellaneous efficiency improvements across all resolvers.
• The HttpResolver::get_url() delegate method may return a hash containing authentication credentials.
• Added an option to HttpResolver to trust all certificates.
• The request timeout of HttpResolver is configurable.
• AmazonS3Resolver and AzureStorageResolver attempt to infer a source format from the object/blob key if not able to do so from the identifier or from object/blob metadata.
• The maxmimum number of AWS connections used by AmazonS3Resolver is configurable.
• AmazonS3Resolver falls back to obtaining credentials from various other sources (see the user manual) when they are not set in the configuration file. (Thanks to @jweisman)
• Resolver delegates are passed an additional context argument. (Thanks to @jonathangreen)

Processors

• Added an option that enables Java2dProcessor, JaiProcessor, KakaduProcessor, and PdfBoxProcessor to preserve the sample depth of >8-bits-per-sample source images.
• GraphicsMagickProcessor and ImageMagickProcessor respect the processor.dpi configuration key.
• GraphicsMagickProcessor supports the GIF output format.
• ImageMagickProcessor supports image overlays.
• FfmpegProcessor supports FLV videos.
• The processor.background_color configuration key affects alpha blending as well as non-90°-multiple rotations. (Thanks to @Algae666)
• ImageMagickProcessor's support for ImageMagick versions prior to 7 is deprecated.
• OpenJpegProcessor's support for OpenJPEG versions prior to 2.2.0 is deprecated.
• Improved the predictability of ImageIO plugin selection.
• Initialization warnings (related to missing dependencies, for example) are displayed in the Control Panel.

Caching

• Image info is written to caches asynchronously to enable faster responses.
• Added an optional in-memory image info cache.
• Added RedisCache.
• Added HeapCache.
• AmazonS3Cache uploads images to S3 asynchronously, enabling faster responses.
• The maxmimum number of AWS connections used by AmazonS3Cache is configurable.
• AmazonS3Cache falls back to obtaining credentials from various other sources (see the user manual) when they are not set in the config file. (Thanks to @jweisman)
• On macOS, FilesystemCache uses file last-modified times rather than last-accessed times as the latter are not reliable.

Other

• Configuration files support inheritance via an extends key.
• The temporary directory is configurable.
• Added an optional error log.
• A logger is accessible from the delegate script.

v3.3.5

• Fixed FilesystemCache failing to purge invalid source images. (Thanks to @jhosteny)
• Fixed the cache.server.resolve_first configuration key always being effectively true in the IIIF Image API 2.x endpoint.
• Fixed AmazonS3Cache sometimes purging fewer objects than it should.
• Fixed failure to auto-purge incompletely-written images from derivative caches other than FilesystemCache in response to a VM error (such as OutOfMemoryError).
• HttpResolver makes fewer HTTP requests.

v3.3.4

• Fixed an AbstractMethodError in HTML views, caused by a regression in 3.3.3.
• Fixed the X-IIIF-ID header not being respected when redirecting from /:identifier to /:identifier/info.json in both IIIF Image API endpoint versions. (Thanks to @jonathangreen)