Hi Daniele and all,
You've beaten me to it!
As Daniele notes, I believe that we are running afoul of a situation caused by a security vulnerability that was recently uncovered in Ghostscript. See:
ImageMagick is the tool we use to process images. When you install ImageMagick, Ghostscript is also installed, and ImageMagick uses Ghostscript by default for generating PDF derivatives. It seems that in the latest ImageMagick update distributed via Ubuntu, they have addressed this by disabling the PDF, XPS, EPS, and PS default format policies. See:
I was able to recreate this locally in my Vagrant box, just by running the following general Ubuntu update commands:
- sudo apt-get update && sudo apt-get upgrade
After doing so, when I regenerated derivatives, I also ended up with no PDF derivatives, suggesting that the change has come in with the Ubuntu updates.
The short-term, hacky way to fix this would be to manually go into the /etc/ImageMagick-6/policy.xml file, and comment out the lines that are currently disabling the default settings. You can see them here:
For example, to enable processing for PDFs, you could simply rewrite the PDF line so it is commented out, like so:
- <!-- <policy domain="coder" rights="none" pattern="PDF" /> -->
Be aware that doing so does make ImageMagick vulnerable to malicious PDFs, as described in the original links above. However, since uploads are restricted to authenticated users in AtoM, then so long as your staff are not uploading malicous PDFs containing exploits, the likelihood of this leading to a security issue is low.
We're still digging through the various posts and updates. Ghostscript has released a patch, but so far ImageMagick has not changed anything in their new default policy, nor has Canonical released an Ubuntu update that reflects any changes. We're not sure what the timeline is on this, but it's out of our hands at present. We will continue monitoring this situation and will suggest a more permanent and secure fix when one is available.
Regards,