Publ: Development Blog

News and updates about Publ

Publ 0.7.29 released

Posted Thursday, July 11 at 2:26 PM (3 days ago)

Just a couple of bugfixes in this one:

  • Fixed installing Publ without Authl
  • view.deleted works on paginated views again
  • Updated upstream dependencies and fixed some typing-related stuff caused by that

Publ v0.7.26 released

Posted Monday, August 21 at 2:45 AM (11 months ago)

Here’s some new bugfixes and features!

  • OpenGraph tags now validate per the W3C validator
  • Images can now take a value of link=True in order to force a link to the full-size rendition without setting a lightbox gallery ID
  • Links will no longer include the template name if it’s the same as the category default (so you no longer need to do annoying things like if != 'index')
  • Similarly, path-alias to the index template will now work correctly if the category’s default template is not index

v0.7.25 released

Posted Tuesday, May 23 at 3:49 AM (a year ago)

What’s this, another Publ release? Why, yes! While revamping my personal website I came across some additional things that needed some Publ fixes to really work well.

The changes since 0.7.24 are:

  • Consider whitespace-only entry parts (entry.body and entry.more) to be False
  • Enable cache-control on templates which aren’t user-dependent (such as stylesheets), hopefully cutting down on FOUC issues
  • Enable an appropriate same-site cookie policy for 2023

Publ v0.7.24 released

Posted Monday, May 22 at 2:21 PM (a year ago)

Latest version of Publ includes:

There was also a minor fix released as 0.7.23 which was to unpin the version of watchdog, which allows Publ to run in debug/hot-reload mode once again.

Publ v0.7.22 released

Posted Monday, May 1 at 7:18 PM (a year ago)

Here’s a new release of Publ.

Actually it looks like I’ve been remiss in announcing the last several releases, because each of them just had minor changes! So here’s a bit of a catchup:

  • v0.7.19: Pass through rendition arguments (including quality and format) to the fullsize rendition
  • v0.7.20: Just a bunch of upstream dependency updates
  • v0.7.21: Some shenanigans while trying to figure out how to deal with Pony’s incompatibility with Python 3.11, as yet unresolved
  • v0.7.22:
    • Fixed an issue with some transparent images not being detected as transparent due to using uncommon formats (particularly grayscale-with-alpha PNGs in the LA pixel format)
    • Changed the way that the authentication key gets configured; this was necessary due to an upstream change in Flask

At present there appears to be an occasional issue with how watchdog works (or doesn’t), and I haven’t figured out the rhyme or reason. A pending Publ release will hopefully fix this. My apologies for the inconvenience.

Pushl v0.3.5

Posted Wednesday, January 4 at 8:17 PM (a year ago)

Pushl has been updated to be compatible with an API change made in Python 3.11, specifically fixing some functionality which was deprecated in Python 3.8 and which I somehow failed to notice the deprecation warning of.

Thanks to @seirdy for bringing this to my attention.

Publ v0.7.18

Posted Tuesday, December 27 at 10:29 AM (a year ago)

0.7.17 had a critical bug in view.deleted where it wasn’t properly filtering query parameters, so that version has been yanked and 0.7.18 has been released in order to fix said bug.

Publ v0.7.17

Posted Monday, December 26 at 9:28 PM (a year ago)

Today marks the release of Publ v0.7.17. Aside from the usual upstream-dependency changes and progressive delinting, this release fixes a subtle but annoying issue with how works. There’s a longer description of the issue on GitHub but the upshot of this is that now the parameters passed into a View object get properly validated, meaning that if you’re doing something like:

<a href="{{view.previous(template='bob')}}>">

this will fail, as the correct syntax is (and always has been)

<a href="{{'bob')}}>">

Publ v0.7.16 released

Posted Friday, December 2 at 5:22 PM (a year ago)

Minor release for Publ, wherein I fixed a single bug; namely, loading a category without the trailing / was causing an erroneous redirect, due to an apparent change in the depths of Flask.

This is one of those things where I really need to refactor Publ to make it properly unit-testable, gosh darnit.

Publ v0.7.15, Authl v0.6.1

Posted Thursday, November 24 at 1:18 AM (a year ago)

I haven’t been working on this stuff in a while, but there were reasons to make some updates and releases for both Publ and Authl.

Publ changes:

  • Updated dependencies and fixed code standards to the latest pylint and mypy
  • Fixed a bug where if an image file disappears before the async rendition is generated, it was generating a 503 error instead of a 404

Authl changes:

  • Updated packages and fixed code standards to the latest pylint and mypy
  • Removed a couple of Fediverse method hacks which are no longer necessary due to updates in

Some of the dependency changes necessitated updating the minimum Python version; in particular, Publ and Authl now require Python 3.7.2 or greater. But if you’re still running Python 3.6 for some reason you’re used to things being broken or outdated.

Also, due to an impending change in Flask, the Publ API is going to have to change somewhat; the short version is that app.secret_key will no longer be the means of configuring authentication. Most likely the config will change to get a secret_key key within the auth section instead. This actually makes the configuration a lot easier to deal with anyway, and I was never happy about this inconsistency. (In fact, I’m pretty sure that’s how it used to be configured until I changed it to be more Flask-like in the first place!)

It’s also possible that publ.Publ will revert to being a function that constructs a Flask application object, rather than being a subclass of Flask, but I haven’t yet investigated what the implications of this change would be. I believe there are a few places in the Publ codebase which rely directly on the subclass relationship (which would be difficult to change, such as the way that the Authl instance is associated with the application), and prior to that there’s a reason I switched it from a factory to a subclass in the first place, although I can’t quite remember what it was (it was probably either something to do with the ORM’s startup behavior or something to do with Authl’s lifetime). Either way, it’ll take significant investigation, and this will be necessary before Flask 2.3 is released. (In retrospect I meant to pin Publ’s Flask requirement to <2.3.0 before I did this release, but I forgot. Oops.)

Publ v0.7.14 released

Posted Wednesday, July 6 at 3:06 AM (2 years ago)

Publ v0.7.14 is now released. Changes:

  • Images now only get rendered when they’re first retrieved
  • Certain classes of date-handling issues are handled less-badly on 32-bit systems

Publ v0.7.10 v0.7.11 released

Posted Wednesday, May 25 at 11:32 PM (2 years ago)

Version 0.7.10 0.7.11 of Publ has been released. Not much different from 0.7.9:

  • Force an update of Pygments to remove a temporary backwards-compatibility hack
  • Add proper support for WebP image compression (as seen in the image rendition options)
  • Make the installations of whoosh and authl optional, to cut down on installation bloat for sites that don’t need them

The dependency changes have the potential for breaking functionality in existing sites. In order to restore full-text search and federated authentication, you’ll need to add whoosh and authl to your deployment options, respectively. If you’re using Poetry or another dependency manager which understands extras, you can specify the search and auth extras in your pyproject.toml; for example:

python = "^3.8"
gunicorn = "^20.0.4"
publ = {version = "^0.7.9", extras = ["search","auth"]}
pushl = "^0.3.3"
python-memcached = "^1.59"

Hopefully this is a helpful change for some people, and not too annoying for others.

Update: Until I tried to roll out a site without Authl enabled, I had failed to realize one spot where Authl was still being unconditionally imported. If you actually want to run without Authl, update to v0.7.11.

Publ v0.7.9 (a very minor update)

Posted Thursday, April 28 at 6:00 PM (2 years ago)

Publ v0.7.9 is out. The only change from 0.7.8 is a bugfix to fenced code blocks, which were broken by an excruciatingly subtle change to the pygments API. Oops.

Publ v0.7.8 released

Posted Wednesday, March 23 at 1:24 PM (2 years ago)

Another update to Publ. Changes in this release:

  • The TicketAuth request flow now supports rel="canonical" URLs on the profile page
  • The Entry get and get_all APIs now respect the security model, as an extra helpful safety check

Publ v0.7.7 released

Posted Sunday, March 20 at 9:35 PM (2 years ago)

It’s been a hot minute since I’ve worked on any Publ stuff, but v0.7.7 is now released. The following changes have been made since then:

  • TicketAuth: added support for the provisional request flow and for refresh tokens
  • Also added an optional scope parameter to the TicketAuth request (which Publ itself doesn’t use and it doesn’t make much sense in a TicketAuth context but maybe someone will have a use for it)
  • Added the ability to specify absolute links on the login and logout template functions
  • Allow disabling the index watchdog
  • Properly strip tables from auto-generated entry summaries

Publ v0.7.6

Posted Tuesday, January 18 at 10:29 PM (2 years ago)

Both a minor update, and a major one; due to upstream vulnerabilities in Pillow, which are only resolved in a version which drops support Python 3.6, Publ now also drops support for Python 3.6.

There are no other changes.

Publ v0.7.5

Posted Sunday, November 14 at 1:01 PM (2 years ago)

Releasing v0.7.5 of Publ just to get some bugfixes out. Namely:

  • Update Flask to v2.0 and refactor around typing issues
  • Add missing test for path_alias_regex
  • Handle normalization collisions better
  • Don’t erroneously pre-strip markup from autosummary
  • Improve handling of pre-paragraph block tags in paragraph extractor

Publ v0.7.4, Authl v0.6.0

Posted Thursday, October 14 at 10:02 PM (2 years ago)

Released new versions of Publ and Authl today.

First, the Authl changes:

  • Fixed some test coverage
  • Changed Twitter user URLs to be stable (but less readable)
  • Added profile_url field to user profiles to make up for the Twitter URL thing

And the Publ changes:

  • Fixed image cache stale directory removal
  • Fix ETag output
  • Full-text search now properly excludes future articles
  • Added a filename normalization tool
  • Fixed an Internal Server Error that occurred from a malformed or expired bearer token (AutoAuth et al)
  • Updated to Authl 0.6.0 and made use of the new profile_url field

Publ v0.7.3

Posted Wednesday, October 6 at 1:40 AM (2 years ago)

Publ v0.7.3 is now out, with the following changes:

  • Properly handles markdown and HTML stripping in summary text
  • Improves first-paragraph extraction for OpenGraph cards
  • Reduces unnecessary image renditions for OpenGraph cards
  • Finally deprecates the AUTHL_FORCE_SSL configuration setting
  • Adds group display to the user information on the admin panel
  • Fix the PyPI listing
  • Make the image rendition cache purge mechanism actually, you know, work

Note that entry.summary now takes an optional parameter, markup, which defaults to True, for the sake of consistency with the rest of the Publ templating API. If you are using entry.summary to provide descriptive text for things (e.g. <a title="{{entry.summary}}"> or <meta name="description" content="{{entry.summary}}">) this will have to change to {{entry.summary(markup=False)}}.