Publ: Development Blog A personal publishing system for the modern web tag:publ.beesbuzz.biz,2020-01-07:blog 2023-07-13T12:14:38-07:00 Webmention.js 0.5.5 released - important security update! 2023-07-13T12:14:38-07:00 2023-07-13T12:14:38-07:00 urn:uuid:4e3d2e46-476b-5800-a94b-fb74eb3c0947 fluffy There is a known XSS exploit in webmention.js 0.5.4 and earlier. If you are running webmention.js on your site, please update to the latest version!

Many thanks to @tyage for reporting this vulnerability (and @psmoros for facilitating the report, as well as running huntr.dev which looks like a great security research and reporting platform).

]]> webmention.js 0.3 released 2020-04-28T22:32:51-07:00 2020-04-28T22:32:51-07:00 urn:uuid:ba69ff22-9203-56e0-82c6-f7d51644a2d7 fluffy webmention.js now supports changing the sort criterion and order of responses, and defaults to publication (rather than receipt) time.

This was mostly to improve the presentation of responses received via brid.gy, particularly from Twitter.

]]> webmention.js v0.1.0 now on npm 2019-12-04T20:56:44-08:00 2019-12-04T20:56:44-08:00 urn:uuid:765435a9-10a3-54ad-926d-f7f1ec7668c8 fluffy Due to popular demand, there is now an NPM package for webmention.js. So, if you use npm as part of your site JavaScript workflow, now you can theoretically use this.

Thanks to André Jaenisch for his incredibly generous help in getting this set up!

And, if you run into any trouble (or have any suggestions for improvement), please open an issue.

(Full disclosure: I have even more of no idea what I’m doing than usual.)

]]> webmention.js security update 2019-09-06T17:27:37-07:00 2019-09-06T17:27:37-07:00 urn:uuid:1e439f7c-2ea9-5a13-8ded-21934786a611 fluffy So hey, if you’ve been using webmention.js you should probably update it, as there turned out to be an XSS issue found by Checkmention. Better to be safe than sorry etc. etc.

]]>