Publ v0.8.6 is out; in this release I just added a better default token store for authentication, which will now work correctly in a multiprocess configuration (as opposed to the old default which would work with multiple threads but not multiple processes).
I’ve also finally documented how to provide your own token store for more exotic configurations, although that, much like Sam Reich, has been here the whole time.
Publ v0.8.5 is out now, and it changes how UUIDs are handled on entries. First of all, now there’s a unique constraint on them (to prevent mishaps like copying an entry as a template and forgetting to remove the UUID), and secondly it’s now gone back to using a UUID4 instead of a UUID5, since UUID5 made it way too easy to generate collisions.
In order to upgrade you’ll have to remove any duplicate UUIDs. To find entries with duplicate UUIDs you can run something like:
which will show how many entries have each UUID. For every UUID that has a count greater than 1, you’ll have to do something like:
grep -rl bc3ced56-93c3-4252-aa85-48fb85b253de .
which will then list all of the entries with UUID bc3ced56-93c3-4252-aa85-48fb85b253de, and then you can decide which one(s) to remove the UUID from, and then reindex the site (with poetry flask publ reindex) to generate the new UUIDs.
This will help to clear up weird issues where items don’t appear as new in feeds, and also paves the way for some future functionality I’ve been wanting to implement which relies on the second U in UUID being true.
Note that since this change modifies the database, it will require a full site reindex. I recommend fixing any known UUID issues before upgrading Publ.
Here’s a new version of Publ. The only thing new about it is that I’ve completely rewritten the Accept: header mechanism to be much closer to what one would expect based on the HTTP standard, and also now you can override MIME types on a per-template or per-extension basis.
… And of course with a major rewrite that I decided to push out after midnight after a very long day of coding, of course it had some edge-case bugs, right on the edge cases I was trying to fix to begin with. Whoops. Now we’re on 0.8.3.
I’ve just released v0.8.0 of Publ, which is a minor version change because this has the potential of changing the URL scheme in some cases.
This is also the first release announcement since v0.7.40, so here’s what’s changed since then:
Fixed a bug with render arguments not being passed in correctly for card images
Improved the mechanism for adding fallback images to a card
Support Unicode characters (and internal periods, as seen on this very entry!) in URLs and tags
Note that any affected URLs for existing entries may not change until the site has been fully reindexed. If this matters to you, run flask publ reindex -f.
Removed the background image rendering threadpool, as it was an artifact of an early design that ended up not being beneficial for real-world operation
(Hopefully) fixed an issue with the indexer ignoring attachments that have not yet been indexed
Fixed an issue with the permission error handling on the admin dashboard
The only user-facing change is the Status: ATTACHMENT thing.
I’ve updated Authl to make it support the new-ish profile scope in Mastodon 4.3, which provides better login-flow UX.
If profile is unsupported it tries to fall back to the old read:accounts scope, which should keep it working on older Mastodon versions as well.
In theory it should also work with Pleroma/Akkoma (and anything else that speaks the Mastodon client API), although that functionality hasn’t been verified in quite some time. If someone else wants to take on the work of verifying that and fixing whatever’s broken, that would be greatly appreciated!
There’s a new release of Publ. There’s no new features, but there’s a huge performance improvement.
I’d been having some performance issues where on my larger sites, the main Atom feed was taking a long time to render. It didn’t really bother me too much because thanks to aggressive caching it would only cause an occasional slow page load (on the order of a few seconds) every now and then, but I thought there was probably something wrong with the I/O characteristics of how pages render.
Given an existing entry, category, or template object you can retrieve an image relative to their context, using entry.image, category.image and template.image, respectively
Images can now take a value of link=True in order to force a link to the full-size rendition without setting a lightbox gallery ID
Links will no longer include the template name if it’s the same as the category default (so you no longer need to do annoying things like view.link(template=template if template.name != 'index')
Similarly, path-alias to the index template will now work correctly if the category’s default template is notindex
There is a known XSS exploit in webmention.js 0.5.4 and earlier. If you are running webmention.js on your site, please update to the latest version!
Many thanks to @tyage for reporting this vulnerability (and @psmoros for facilitating the report, as well as running huntr.dev which looks like a great security research and reporting platform).
What’s this, another Publ release? Why, yes! While revamping my personal website I came across some additional things that needed some Publ fixes to really work well.
The changes since 0.7.24 are:
Consider whitespace-only entry parts (entry.body and entry.more) to be False
Enable cache-control on templates which aren’t user-dependent (such as stylesheets), hopefully cutting down on FOUC issues
Enable an appropriate same-site cookie policy for 2023
A fix to the search indexer allowing it to drop invalid entries
There was also a minor fix released as 0.7.23 which was to unpin the version of watchdog, which allows Publ to run in debug/hot-reload mode once again.
Actually it looks like I’ve been remiss in announcing the last several releases, because each of them just had minor changes! So here’s a bit of a catchup:
v0.7.19: Pass through rendition arguments (including quality and format) to the fullsize rendition
v0.7.20: Just a bunch of upstream dependency updates
Fixed an issue with some transparent images not being detected as transparent due to using uncommon formats (particularly grayscale-with-alpha PNGs in the LA pixel format)
At present there appears to be an occasional issue with how watchdog works (or doesn’t), and I haven’t figured out the rhyme or reason. A pending Publ release will hopefully fix this. My apologies for the inconvenience.
Pushl has been updated to be compatible with an API change made in Python 3.11, specifically fixing some functionality which was deprecated in Python 3.8 and which I somehow failed to notice the deprecation warning of.
0.7.17 had a critical bug in view.deleted where it wasn’t properly filtering query parameters, so that version has been yanked and 0.7.18 has been released in order to fix said bug.
Today marks the release of Publ v0.7.17. Aside from the usual upstream-dependency changes and progressive delinting, this release fixes a subtle but annoying issue with how View.link works. There’s a longer description of the issue on GitHub but the upshot of this is that now the parameters passed into a View object get properly validated, meaning that if you’re doing something like:
<ahref="{{view.previous(template='bob')}}>">
this will fail, as the correct syntax is (and always has been)
Minor release for Publ, wherein I fixed a single bug; namely, loading a category without the trailing / was causing an erroneous redirect, due to an apparent change in the depths of Flask.
This is one of those things where I really need to refactor Publ to make it properly unit-testable, gosh darnit.