FYI about ImageMagick

[lilith]

Hi folks, this is an FYI that we're working on an ImageMagick alternative Imgur might be interested in: https://github.com/imazen/imageflow

Given that unglamorous plumbing work around images doesn't really have much of a business model, we're running a Kickstarter to crowdfund development of the first image processing library specifically designed for server-side use. There's already a command-line prototype available to verify our performance and quality claims.

Aside from the most important aspect - security prioritization - we're also benchmarking Imageflow as up to 17x faster than ImageMagick.

Given that Imgur seems to have an interest in open-source, I'd like to mention that there is a tremendous amount of low-hanging fruit around jpeg compression that we'll be tackling with Imageflow - but that contributions (financial or otherwise) directly to the libjpeg-turbo, pngquant, and mozjpeg projects would also have incredible return on investment given Imgur bandwidth costs.

For those using mandible with ImageMagick, please make sure that you've updated to 7.0.2 (June 12 2016), as earlier versions suffer from ImageTragick, the POPEN vulnerability, and several buffer overflows. Please note that 7.0.2 is NOT available through apt-get update on most distributions, and must be manually installed. Also note that transitive vulnerabilities in ImageMagick are not relayed via their security mailing list; it is on end-users to subscribe to the mailing lists for each codec they have compiled ImageMagick with in order to be notified of vulnerabilities.