release: Bump version to 1.5.0
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -4,6 +4,15 @@
|
||||
|
||||
## Recently Completed
|
||||
|
||||
### v1.5.0 - Quality of Life Improvements (Complete)
|
||||
- Timestamp-based default slug generation (ADR-062)
|
||||
- Debug file management with automatic cleanup
|
||||
- Filename sanitization in debug paths
|
||||
- N+1 query fix for feed generation (batch media loading)
|
||||
- Atomic variant generation (temp file pattern)
|
||||
- MPO format test coverage
|
||||
- Test suite cleanup (removed 5 broken tests, fixed brittle assertions)
|
||||
|
||||
### v1.4.2 - HEIC/MPO Support and Dimension Limit Increase (Complete)
|
||||
- HEIC/HEIF format detection and conversion to JPEG
|
||||
- MPO (Multi-Picture Object) format support for iPhone depth photos
|
||||
@@ -40,12 +49,6 @@
|
||||
|
||||
## High
|
||||
|
||||
### MPO Format Test Coverage *(Scheduled: v1.5.0)*
|
||||
- **Description**: MPO conversion code exists but has no test coverage. MPO is advertised in the CHANGELOG but the handling is untested.
|
||||
- **Location**: `starpunk/media.py` lines 163-173
|
||||
- **Source**: Developer Review (M1)
|
||||
- **Approach**: Add `test_mpo_detection_and_conversion()` to `TestHEICSupport` class in `tests/test_media_upload.py`. Create an MPO test image using Pillow's MPO support.
|
||||
|
||||
### POSSE
|
||||
- Native syndication to social networks
|
||||
- Supported networks:
|
||||
@@ -60,28 +63,6 @@
|
||||
|
||||
## Medium
|
||||
|
||||
### Debug File Storage Without Cleanup Mechanism *(Scheduled: v1.5.0)*
|
||||
- **Description**: Failed uploads are saved to `data/debug/` directory for analysis, but there is no mechanism to clean up these files. This could consume significant disk space, especially if under attack.
|
||||
- **Location**: `starpunk/media.py` lines 133-137
|
||||
- **Source**: Developer Review (M2), Architect Review (Issue 1.2.2)
|
||||
- **Approach**:
|
||||
1. Add `DEBUG_SAVE_FAILED_UPLOADS` config option (default: false in production)
|
||||
2. Implement automatic cleanup (files older than 7 days)
|
||||
3. Add disk space check or size limit (e.g., 100MB max)
|
||||
|
||||
### Filename Not Sanitized in Debug Path (Security) *(Scheduled: v1.5.0)*
|
||||
- **Description**: The original filename is used directly in the debug file path without sanitization, which could cause path traversal or special character issues.
|
||||
- **Location**: `starpunk/media.py` line 135
|
||||
- **Source**: Architect Review (Issue 1.2.3)
|
||||
- **Approach**: Sanitize filename before use: `safe_filename = "".join(c for c in filename if c.isalnum() or c in "._-")[:50]`
|
||||
|
||||
### N+1 Query Pattern in Feed Generation *(Scheduled: v1.5.0 - Partial)*
|
||||
- **Description**: In `_get_cached_notes()`, media and tags are loaded per-note in separate queries. For 50 notes, this is 100 additional database queries, degrading performance.
|
||||
- **Location**: `starpunk/routes/public.py` lines 68-74
|
||||
- **Source**: Architect Review (Issue 2.2.9)
|
||||
- **Approach**: Implement batch loading function `get_media_for_notes(note_ids: List[int])` using a single query with `WHERE note_id IN (...)`.
|
||||
- **v1.5.0 Scope**: Only `_get_cached_notes()` will be fixed in v1.5.0. Other N+1 patterns deferred (see Low Priority section).
|
||||
|
||||
### N+1 Query Patterns - Deferred Locations
|
||||
- **Description**: N+1 query patterns exist in multiple locations beyond `_get_cached_notes()`. These are lower priority due to lower traffic or single-note contexts.
|
||||
- **Deferred Locations**:
|
||||
@@ -94,23 +75,12 @@
|
||||
- **Approach**: Future optimization if performance issues arise. Consider batch loading patterns established in v1.5.0.
|
||||
- **Priority**: Deferred to post-v1.5.0
|
||||
|
||||
### Transaction Not Atomic in Variant Generation *(Scheduled: v1.5.0)*
|
||||
- **Description**: Files are written to disk before database commit. If the database commit fails, orphaned files remain on disk.
|
||||
- **Location**: `starpunk/media.py` lines 404-440
|
||||
- **Source**: Architect Review (Issue 2.2.6)
|
||||
- **Approach**: Write variant files to a temporary location first, then move to final location after successful database commit.
|
||||
|
||||
### Rate Limiting on Upload Endpoints
|
||||
- **Description**: No rate limiting exists on media upload endpoints, making them vulnerable to abuse.
|
||||
- **Location**: `/admin/new` (admin.py), `/media` (micropub.py)
|
||||
- **Source**: Architect Review (Security Assessment)
|
||||
- **Approach**: Implement Flask-Limiter or similar rate limiting middleware for upload routes.
|
||||
|
||||
### Default Slug Change *(Scheduled: v1.5.0)*
|
||||
- The default slug should be a date time stamp
|
||||
- YYYYMMDDHHMMSS
|
||||
- Edge case, if the slug would somehow be a duplicate append a "-x" e.g. -1
|
||||
|
||||
### Tag Enhancements (v1.3.0 Follow-up)
|
||||
- Tag pagination on archive pages (when note count exceeds threshold)
|
||||
- Tag autocomplete in admin interface
|
||||
|
||||
Reference in New Issue
Block a user