crystal-libraries-needed
crystal-libraries-needed copied to clipboard
crystal-community
Image manipulation library like MiniMagick
Though they are the de-facto standard for image manipulation, ImageMagick is a huge security risk. GraphicsMagick is way better, but still has lots of issues. I'd rather try to find a secure and stable image manipulation library to use in Crystal. I'm not sure about reasonable alternatives but we might as well look for it...
There is a proposal for VIPS #27 which is way faster but still relies on libmagick for less common image types. This was incorrect: libvips can use libmagick as a fallback but will use other libs if available
@veelenga yep, I'm aware of it, yet for my taste it's rather unusable alternative, thus this issue.
Because it is very poorly-written code, written back when the world wasn't full of actively-hostile attackers. Consider this recent news story:
yahoo_retires_imagemagick_library
And by recent, I mean: 21 May 2017
I concur that yahoo has been a security risk over the last five years (I had an insignificant email account with them that was compromised twice).
A list of ImageMagick CVEs: https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
Though I wouldn't read too much into it. Implementing it ourselves isn't a magic bullet to make it bug free. It may have less whacky memory accesses, but OTOH, ImageMagick is pretty battle tested and will be for some time.
Libvips is a far superior to Image magick https://github.com/jcupitt/libvips
libvips has to have
glib2.0-dev. Other dependencies are optional, see below.
Not a fan of adding random dependencies, that alone makes it inferior.
Imagemagick also has dependencies, it's just a lot easier to use apt-get/yum/etc to install them as a total package. Libvips not only processes images faster, it has a smaller memory footprint than both ImageMagick and GraphicsMagick. Maybe its just my imagination too, but the resized images look crispier shrug
