Posted Wednesday, October 30 at 7:11 PM (4 months ago)
So, both Publ and Authl had a pretty naïve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.
Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.
Posted Friday, September 6 at 5:27 PM (5 months ago)
So hey, if you’ve been using webmention.js you should probably update it, as there turned out to be an XSS issue found by Checkmention. Better to be safe than sorry etc. etc.
Posted Wednesday, February 20 at 3:42 PM (a year ago)
For those folks who want to import their content from Movable Type over to Publ, I’ve finally gotten around to writing an importer. Currently it only attempts to convert entry content and category metadata, and only using SQLite-formatted database dumps.
See its README.md for the (incredibly rough) usage instructions.
Eventually I want to try to automatically convert templates from MT’s scripting language to Jinja-Publ templates, although there’s a bunch of stuff that’s going to be difficult to port across and a lot of stuff is just plain not feasible to even try, so don’t expect that to become a major thing any time soon.