Dev news

Commit a60a78529 for imagemagick.org

commit a60a78529a032f555599c24d38ba5169101bc82c
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Wed May 13 16:01:34 2026 -0400

    encourage security policy testing after any configuration change

diff --git a/config/policy-limited.xml b/config/policy-limited.xml
index 92f1a25da..eed9fc073 100644
--- a/config/policy-limited.xml
+++ b/config/policy-limited.xml
@@ -12,7 +12,10 @@
   before making use of ImageMagick is highly advised. You can find guidance on
   setting up this policy at https://imagemagick.org/script/security-policy.php,
   and it's important to verify your policy using the validation tool located
-  at https://imagemagick-secevaluator.doyensec.com/.
+  at https://imagemagick-secevaluator.doyensec.com/. We also strongly
+  recommend that all users validate their security assumptions by testing their   configurations after making any policy changes. This helps ensure that the
+  intended restrictions are functioning as expected in their specific
+  deployment environment.


   Limited ImageMagick security policy:
diff --git a/config/policy-open.xml b/config/policy-open.xml
index 12ae35b01..62c51ad38 100644
--- a/config/policy-open.xml
+++ b/config/policy-open.xml
@@ -16,7 +16,10 @@
   before making use of ImageMagick is highly advised. You can find guidance on
   setting up this policy at https://imagemagick.org/script/security-policy.php,
   and it's important to verify your policy using the validation tool located
-  at https://imagemagick-secevaluator.doyensec.com/.
+  at https://imagemagick-secevaluator.doyensec.com/. We also strongly
+  recommend that all users validate their security assumptions by testing their   configurations after making any policy changes. This helps ensure that the
+  intended restrictions are functioning as expected in their specific
+  deployment environment.


   Open ImageMagick security policy:
diff --git a/config/policy-secure.xml b/config/policy-secure.xml
index c1633e5f0..ddae2085f 100644
--- a/config/policy-secure.xml
+++ b/config/policy-secure.xml
@@ -16,7 +16,10 @@
   before making use of ImageMagick is highly advised. You can find guidance on
   setting up this policy at https://imagemagick.org/script/security-policy.php,
   and it's important to verify your policy using the validation tool located
-  at https://imagemagick-secevaluator.doyensec.com/.
+  at https://imagemagick-secevaluator.doyensec.com/. We also strongly
+  recommend that all users validate their security assumptions by testing their   configurations after making any policy changes. This helps ensure that the
+  intended restrictions are functioning as expected in their specific
+  deployment environment.


   Secure ImageMagick security policy:
diff --git a/config/policy-websafe.xml b/config/policy-websafe.xml
index fbec500eb..272fb88bb 100644
--- a/config/policy-websafe.xml
+++ b/config/policy-websafe.xml
@@ -16,7 +16,10 @@
   before making use of ImageMagick is highly advised. You can find guidance on
   setting up this policy at https://imagemagick.org/script/security-policy.php,
   and it's important to verify your policy using the validation tool located
-  at https://imagemagick-secevaluator.doyensec.com/.
+  at https://imagemagick-secevaluator.doyensec.com/. We also strongly
+  recommend that all users validate their security assumptions by testing their   configurations after making any policy changes. This helps ensure that the
+  intended restrictions are functioning as expected in their specific
+  deployment environment.


   Web-safe ImageMagick security policy: