Video Module Policy Update

[urban-warrior]

The ImageMagick team would like to clarify an important correction regarding how to restrict MPEG video processing within the security policy system. Some earlier guidance suggested using a delegate policy such as

<policy domain="delegate" rights="none" pattern="mpeg:decode" />

to block MPEG decoding. This approach is not correct for modern ImageMagick installations and does not reliably prevent video handling across all code paths.

The correct and effective method is to use a module policy, specifically:

<policy domain="module" rights="none" pattern="VIDEO" />

This ensures that ImageMagick’s video‑related modules are not loaded at all, fully disabling MPEG and other video formats at the module level rather than relying on delegate interception. Blocking the module is both more secure and more predictable, especially for administrators who need strict control over which formats are permitted in their environment.

We encourage all users, packagers, and system administrators to update their policies accordingly. Module‑level restrictions provide a stronger security boundary and align with ImageMagick’s current architecture. If your deployment requires disabling additional formats, you can extend this approach by applying similar module‑domain policies to other patterns.

As always, we appreciate the community’s vigilance and feedback. Your reports and discussions help us refine documentation and improve the safety and reliability of ImageMagick. If you have questions about policy configuration or want to explore related topics such as security policies, module loading, or format restrictions, we’re here to help.

Thanks to @bl4cksku11 and @omkhar for bringing this issue to our attention.