Changelog¶

The authoritative changelog lives in CHANGES.md at the repository root. It is included below so the rendered docs always match the release history.

0.6.4 (2026-04-20)¶

Fix: _needs_auth_url() no longer issues a PostgreSQL query per image. The old implementation looked up allowed_roles in object_state via a request-scoped pool connection, which saturated the per-pod psycopg pool under cold-cache production load (30 thumbnails per listing page × concurrent anonymous requests = 30 s PoolTimeout stacks). Replaced with an in-memory rolesForPermissionOn("View", context) lookup — the plone-pgcatalog allowed_roles column is a cache of exactly this computation, so the SQL was re-asking a question Zope already knew the answer to. Zero DB round-trips, zero pool pressure, no catalog-lag skew vs. live workflow state. Closes #8.
Fix: @thumbor-auth REST service now prefers the ZODB storage connection (already held for the request) over the psycopg pool, so per-image auth verification doesn’t contend on pool.getconn(). The SQL query is unchanged — this is strictly a connection-acquisition change, matching the pattern plone-pgcatalog uses in _get_pg_read_connection. Falls back to the pool when no ZODB storage is in scope (tests, scripts). Related to #8.

Fix: access-check queries now use the dedicated allowed_roles TEXT[] column instead of idx->'allowedRolesAndUsers'. plone-pgcatalog extracts allowedRolesAndUsers into its own column, so the old JSONB lookup returned NULL for every migrated object — making _needs_auth_url() always return True (broken anonymous images) and @thumbor-auth always return 401 for 3-segment URLs. Affects both _needs_auth_url in scaling.py and ThumborAuthService in restapi.py. Closes #5.
Docs: the Sphinx reference changelog is now a MyST include of the root CHANGES.md, removing the stale hand-maintained copy.

Fix: IImageScaleStorage adapter registration now uses * as second discriminator instead of IPlonePgthumborLayer. The adapter lookup in plone.namedfile passes a modified callable (not a request), so the layer-based registration never matched — all scales still used the default AnnotationStorage. Closes #4.

Fix: ThumborScaleStorage no longer writes ScalesDict to ZODB. The storage property now returns a volatile (non-persistent) dict, eliminating constant write transactions from pre_scale(). Closes #3.

Remove server_url, security_key, and unsafe from controlpanel and registry. These settings are configured exclusively via environment variables (PGTHUMBOR_SERVER_URL, PGTHUMBOR_SECURITY_KEY, PGTHUMBOR_UNSAFE).
Controlpanel now shows env-var configuration hint in the description.
Upgrade step (v2 -> v3) deletes orphaned registry records from existing sites.
Purge button uses alert styling.
Closes #2.

Add browser layer IPlonePgthumborLayer and bind all views, services, and adapter overrides to it. This enables clean uninstall via GenericSetup: removing the layer deactivates all registrations.
Add uninstall profile (removes browser layer and control panel configlet).

Wire smart_cropping and paranoid_mode from env vars / Plone registry into Thumbor URL generation.
Add _scale_url override for upcoming plone.namedfile scale_info support, with backward compatibility for current releases.
Simplify dev setup: run Plone locally, Docker only for postgres/thumbor/nginx.

Add @@thumbor-purge-scales view and zconsole run -m script to remove legacy ZODB image scales and reindex image_scales metadata after installation.