HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Ghost

>

Releases

>

0.11.4

Ghost Release: 0.11.4

Tag Name: 0.11.4

Release Date: 1/12/2017

View Release
Ghost LogoGhost

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open SourceBloggingStatic Site

TL;DR

Ghost 0.11.4 introduces custom redirects via JSON files, makes AMP optional, and drops support for Node v0.12. This release also includes important security enhancements for subscriber validation and structured data, fixes for subscriber imports and admin redirects, plus numerous dependency updates. These changes improve flexibility for site configuration while maintaining security and performance.

Highlight of the Release

    • Custom redirects can now be defined in a JSON file within the content folder
    • AMP support is now optional and can be toggled in general settings
    • Node v0.12 support has been dropped - minimum required version is now Node v4.x
    • Fixed subscriber imports when restoring database backups
    • Enhanced security for subscriber email validation and structured data

Migration Guide

Node.js Version Requirement

Ghost 0.11.4 has dropped support for Node.js v0.12, which is no longer maintained. You must upgrade to Node.js v4.x or higher before updating to this version of Ghost. For more details about Ghost's Node version support, see: http://support.ghost.org/supported-node-versions/.

Custom Redirects (Optional)

If you wish to use the new custom redirects feature:

  1. Create a JSON file with your redirect definitions
  2. Place this file in your Ghost content folder
  3. Format your redirects according to the expected JSON structure (consult the Ghost documentation for the specific format)

AMP Configuration (Optional)

AMP remains enabled by default. If you wish to disable it:

  1. Navigate to your Ghost admin panel
  2. Go to General Settings
  3. Look for the AMP option and toggle it off

No additional steps are required if you want to keep AMP enabled.

Upgrade Recommendations

This upgrade is recommended for all users due to the security enhancements and bug fixes included. The new features for custom redirects and optional AMP support provide additional flexibility that many users will find valuable.

Before upgrading:

  • Ensure your environment is running Node.js v4.x or higher, as Node v0.12 support has been dropped
  • Take a complete backup of your Ghost installation and database
  • Review the full changelog to understand all changes

Upgrade process:

  1. Follow the standard Ghost upgrade process
  2. After upgrading, verify that your site and admin panel function correctly
  3. If you're using PostgreSQL, pay special attention to subscriber functionality as there were specific fixes in this area

For users with custom themes or modifications, test thoroughly after upgrading to ensure compatibility with the updated dependencies and security changes.

Bug Fixes

Fixed Admin Redirects

Fixed an issue with admin redirects when Ghost is installed in a subdirectory. This resolves navigation problems that could occur in certain hosting configurations.

Subscriber Import Fix

Fixed a bug that prevented subscribers from being imported when restoring a database backup. The logic for importing subscribers was previously missing, causing subscriber data to be lost during imports.

Authentication Error in PostgreSQL

Resolved an authentication error in PostgreSQL by upgrading the pg dependency to version 6.1.2.

Promise Callback Fix

Fixed an incorrect promise fulfilled callback in the ghost-server restart function, which could cause issues during server restarts.

New Features

Custom Redirects via JSON File

Ghost now supports defining redirects in a custom JSON file placed in your content folder. This feature allows administrators to set up URL redirects without modifying server configurations, making it easier to manage URL changes, legacy paths, or custom routing needs.

Optional AMP Support

Accelerated Mobile Pages (AMP) support is now optional in Ghost. While enabled by default, administrators can now disable AMP completely via the general settings. When disabled, the /amp route will no longer function. This change was implemented to address issues with Google Webmaster Tools showing errors for missing post images and blog icons.

New Setup Route

A new route has been added to finish Ghost setup when a one-time access token is available in Ghost-Admin, improving the setup flow.

Security Updates

Enhanced Subscriber Email Validation

Expanded the validation for subscriber emails to not only check for existence but also validate that it's a properly formatted email address. If an invalid email address is detected, Ghost will now throw an error. This enhancement helps prevent malformed data and potential security issues.

Escaped Structured Data

Fixed a security issue by properly escaping the sameAs field in structured data (JSON-LD). This prevents potential XSS attacks through improperly sanitized structured data output.

URL Encoding for Navigation

Modified the navigation helpers to properly URL-encode values rather than HTML-escape them. The {{url}} helper now correctly URL-encodes values and marks them as HTML-safe to avoid double-escaping by Handlebars.

Updated Validator

Updated to Validator 6.2.1, which includes improved detection of script tags embedded within URLs, enhancing protection against certain injection attacks.

Performance Improvements

This release doesn't include specific performance improvements beyond those that might come from dependency updates. The numerous package updates may provide incremental performance benefits, but no major performance enhancements were explicitly mentioned in the release notes.

Impact Summary

Ghost 0.11.4 brings important flexibility improvements through custom redirects and optional AMP support, while enhancing security with better validation for subscriber emails and structured data. The removal of Node v0.12 support represents a necessary modernization step, aligning Ghost with current Node.js maintenance policies.

The bug fixes for subscriber imports and admin redirects resolve specific pain points reported by users. The extensive dependency updates (over 20 packages) keep Ghost current with the ecosystem and incorporate security improvements from those dependencies.

Overall, this is a solid maintenance release that balances new features with important fixes and security enhancements. The changes are mostly non-disruptive except for users still on Node v0.12, who will need to upgrade their Node.js version before updating Ghost.

Full Release Notes

Please read the release blog post for more details.

0.11.4 drops support for Node v0.12. For more details about Ghost's Node version support, see: http://support.ghost.org/supported-node-versions/.

Highlights

  • [New] ✨ Define redirects as JSON file
  • [New] ✨ Make AMP optional
  • [Removed] ⬇️ Drop Node v0.12.x support - Node v0.12 is no longer maintained
  • [Fixed] Import subscribers on database import
  • [Fixed] Fix admin redirect, when using a subdirectory
  • [Security] Expand subscriber email validation
  • [Security] Escape sameAs for structured data
  • [Security] Detect symlinks when uploading themes via the admin panel
  • many dependency updates

You can see the full change log for the details of every change included in this release.

Statistics:

File Changed52
Line Additions851
Line Deletions175
Line Changes1,026
Total Commits50

User Affected:

  • Can now define redirects in a custom JSON file within the content folder
  • Can toggle AMP support on/off via general settings
  • Need to ensure Node.js version is v4.x or higher (v0.12 support dropped)
  • Will experience fixed admin redirects when using Ghost in a subdirectory

Contributors:

greenkeeperio-botErisDSkirrg001aileenJohnONolanacburdinevivekannankevinansfield