v0.7.40

I just released v0.7.40, which allows easily overriding the image used on an entry card.

v0.7.39 released

There’s been several minor releases of Publ, and it’s up to v0.7.39 now. Here’s what’s changed since v0.7.35:

• Fixed a bug with CSS templates erroneously entity-escaping quotes
• entry.archive() now elides the template-name if it’s the category default (matching view.link())
• Internal type-safety changes for the latest version of BeautifulSoup
• Add Status: ATTACHMENT
• Removed the background image rendering threadpool, as it was an artifact of an early design that ended up not being beneficial for real-world operation
• (Hopefully) fixed an issue with the indexer ignoring attachments that have not yet been indexed
• Fixed an issue with the permission error handling on the admin dashboard

The only user-facing change is the Status: ATTACHMENT thing.

Authl v0.7.3

I’ve updated Authl to make it support the new-ish profile scope in Mastodon 4.3, which provides better login-flow UX.

If profile is unsupported it tries to fall back to the old read:accounts scope, which should keep it working on older Mastodon versions as well.

In theory it should also work with Pleroma/Akkoma (and anything else that speaks the Mastodon client API), although that functionality hasn’t been verified in quite some time. If someone else wants to take on the work of verifying that and fixing whatever’s broken, that would be greatly appreciated!

Publ + Pushl releases and a bunch of plans

There’s been a few releases of both Publ (now on 0.7.35) and Pushl (now on 0.4.0). A pretty decent amount has changed!

Publ changes since 0.7.31:

• Fix some error handling issues causing an ISE
• Add support for HTTP Accept:, properly allowing multiple templates with the same name and providing reasonable fallback behavior
• Improve the Content-Type handling in general
• Fix some markup-safe handling bugs

Note that in order to upgrade to 0.7.35 you’ll also need to restrict your Python environment to use a Python version < 3.13; more on that in a bit.

Pushl changes since v0.3.5:

• Tidy up some code rot
• Actually send an Accept: header
• Removed lxml + Pingback support, which has never actually been useful

So, let’s talk about these projects and some other related stuff.

Publ v0.7.31 released

There’s a new release of Publ. There’s no new features, but there’s a huge performance improvement.

I’d been having some performance issues where on my larger sites, the main Atom feed was taking a long time to render. It didn’t really bother me too much because thanks to aggressive caching it would only cause an occasional slow page load (on the order of a few seconds) every now and then, but I thought there was probably something wrong with the I/O characteristics of how pages render.

Boy howdy was I wrong about that.

Publ v0.7.30

It’s been a while since I’ve worked on Publ but I got an itch for some new features, so here we are.

Specifically, there are two super-useful changes:

• You can now retrieve a specific entry from a template (by entry ID, not by path)
• Given an existing entry, category, or template object you can retrieve an image relative to their context, using entry.image, category.image and template.image, respectively

Publ 0.7.29 released

Just a couple of bugfixes in this one:

• Fixed installing Publ without Authl
• view.deleted works on paginated views again
• Updated upstream dependencies and fixed some typing-related stuff caused by that

Publ v0.7.26 released

Here’s some new bugfixes and features!

• OpenGraph tags now validate per the W3C validator
• Images can now take a value of link=True in order to force a link to the full-size rendition without setting a lightbox gallery ID
• Links will no longer include the template name if it’s the same as the category default (so you no longer need to do annoying things like view.link(template=template if template.name != 'index')
• Similarly, path-alias to the index template will now work correctly if the category’s default template is not index

Webmention.js 0.5.5 released - important security update!

There is a known XSS exploit in webmention.js 0.5.4 and earlier. If you are running webmention.js on your site, please update to the latest version!

Many thanks to @tyage for reporting this vulnerability (and @psmoros for facilitating the report, as well as running huntr.dev which looks like a great security research and reporting platform).

v0.7.25 released

What’s this, another Publ release? Why, yes! While revamping my personal website I came across some additional things that needed some Publ fixes to really work well.

The changes since 0.7.24 are:

• Consider whitespace-only entry parts (entry.body and entry.more) to be False
• Enable cache-control on templates which aren’t user-dependent (such as stylesheets), hopefully cutting down on FOUC issues
• Enable an appropriate same-site cookie policy for 2023

Publ v0.7.24 released

Latest version of Publ includes:

• New first_paragraph HTML filter
• A fix to the search indexer allowing it to drop invalid entries

There was also a minor fix released as 0.7.23 which was to unpin the version of watchdog, which allows Publ to run in debug/hot-reload mode once again.

Publ v0.7.22 released

Here’s a new release of Publ.

Actually it looks like I’ve been remiss in announcing the last several releases, because each of them just had minor changes! So here’s a bit of a catchup:

• v0.7.19: Pass through rendition arguments (including quality and format) to the fullsize rendition
• v0.7.20: Just a bunch of upstream dependency updates
• v0.7.21: Some shenanigans while trying to figure out how to deal with Pony’s incompatibility with Python 3.11, as yet unresolved
• v0.7.22:
  • Fixed an issue with some transparent images not being detected as transparent due to using uncommon formats (particularly grayscale-with-alpha PNGs in the LA pixel format)
  • Changed the way that the authentication key gets configured; this was necessary due to an upstream change in Flask

At present there appears to be an occasional issue with how watchdog works (or doesn’t), and I haven’t figured out the rhyme or reason. A pending Publ release will hopefully fix this. My apologies for the inconvenience.

Pushl v0.3.5

Pushl has been updated to be compatible with an API change made in Python 3.11, specifically fixing some functionality which was deprecated in Python 3.8 and which I somehow failed to notice the deprecation warning of.

Thanks to @seirdy for bringing this to my attention.

Publ v0.7.18

0.7.17 had a critical bug in view.deleted where it wasn’t properly filtering query parameters, so that version has been yanked and 0.7.18 has been released in order to fix said bug.

Publ v0.7.17

Today marks the release of Publ v0.7.17. Aside from the usual upstream-dependency changes and progressive delinting, this release fixes a subtle but annoying issue with how View.link works. There’s a longer description of the issue on GitHub but the upshot of this is that now the parameters passed into a View object get properly validated, meaning that if you’re doing something like:

<a href="{{view.previous(template='bob')}}>">

this will fail, as the correct syntax is (and always has been)

<a href="{{view.previous.link(template='bob')}}>">

Publ v0.7.16 released

Minor release for Publ, wherein I fixed a single bug; namely, loading a category without the trailing / was causing an erroneous redirect, due to an apparent change in the depths of Flask.

This is one of those things where I really need to refactor Publ to make it properly unit-testable, gosh darnit.

Publ v0.7.15, Authl v0.6.1

I haven’t been working on this stuff in a while, but there were reasons to make some updates and releases for both Publ and Authl.

Publ changes:

• Updated dependencies and fixed code standards to the latest pylint and mypy
• Fixed a bug where if an image file disappears before the async rendition is generated, it was generating a 503 error instead of a 404

Authl changes:

• Updated packages and fixed code standards to the latest pylint and mypy
• Removed a couple of Fediverse method hacks which are no longer necessary due to updates in mastodon.py

Some of the dependency changes necessitated updating the minimum Python version; in particular, Publ and Authl now require Python 3.7.2 or greater. But if you’re still running Python 3.6 for some reason you’re used to things being broken or outdated.

Also, due to an impending change in Flask, the Publ API is going to have to change somewhat; the short version is that app.secret_key will no longer be the means of configuring authentication. Most likely the config will change to get a secret_key key within the auth section instead. This actually makes the configuration a lot easier to deal with anyway, and I was never happy about this inconsistency. (In fact, I’m pretty sure that’s how it used to be configured until I changed it to be more Flask-like in the first place!)

It’s also possible that publ.Publ will revert to being a function that constructs a Flask application object, rather than being a subclass of Flask, but I haven’t yet investigated what the implications of this change would be. I believe there are a few places in the Publ codebase which rely directly on the subclass relationship (which would be difficult to change, such as the way that the Authl instance is associated with the application), and prior to that there’s a reason I switched it from a factory to a subclass in the first place, although I can’t quite remember what it was (it was probably either something to do with the ORM’s startup behavior or something to do with Authl’s lifetime). Either way, it’ll take significant investigation, and this will be necessary before Flask 2.3 is released. (In retrospect I meant to pin Publ’s Flask requirement to <2.3.0 before I did this release, but I forgot. Oops.)

Publ v0.7.14 released

Publ v0.7.14 is now released. Changes:

• Images now only get rendered when they’re first retrieved
• Certain classes of date-handling issues are handled less-badly on 32-bit systems

Publ v0.7.10 v0.7.11 released

Version 0.7.10 0.7.11 of Publ has been released. Not much different from 0.7.9:

• Force an update of Pygments to remove a temporary backwards-compatibility hack
• Add proper support for WebP image compression (as seen in the image rendition options)
• Make the installations of whoosh and authl optional, to cut down on installation bloat for sites that don’t need them

The dependency changes have the potential for breaking functionality in existing sites. In order to restore full-text search and federated authentication, you’ll need to add whoosh and authl to your deployment options, respectively. If you’re using Poetry or another dependency manager which understands extras, you can specify the search and auth extras in your pyproject.toml; for example:

[tool.poetry.dependencies]
python = "^3.8"
gunicorn = "^20.0.4"
publ = {version = "^0.7.9", extras = ["search","auth"]}
pushl = "^0.3.3"
python-memcached = "^1.59"

Hopefully this is a helpful change for some people, and not too annoying for others.

Update: Until I tried to roll out a site without Authl enabled, I had failed to realize one spot where Authl was still being unconditionally imported. If you actually want to run without Authl, update to v0.7.11.

Publ v0.7.9 (a very minor update)

Publ v0.7.9 is out. The only change from 0.7.8 is a bugfix to fenced code blocks, which were broken by an excruciatingly subtle change to the pygments API. Oops.