HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Ghost

>

Releases

>

0.11.6

Ghost Release: 0.11.6

Tag Name: 0.11.6

Release Date: 3/1/2017

View Release
Ghost LogoGhost

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open SourceBloggingStatic Site

TL;DR

Ghost 0.11.6: Performance Improvements & Bug Fixes

This release focuses on bug fixes, code cleanup, and performance improvements. It includes fixes for theme loading, CORS middleware, subscriber email sanitization, and image processing timeouts. However, there is a critical bug with custom theme templates that makes this version problematic - users are advised to wait for version 0.11.7 instead.

Highlight of the Release

    • ⚠️ Contains a critical bug with custom theme templates - upgrading not recommended
    • Improved theme loading process during server initialization
    • Added timeout to image processing to prevent server hangs
    • Fixed CORS middleware ordering for proper client authentication
    • Improved cleanup of old access tokens
    • Simplified package and theme handling code

Migration Guide

Due to the critical bug with custom theme templates in this version, it is strongly recommended to skip this version and wait for Ghost 0.11.7.

If you have already upgraded to 0.11.6 and are experiencing issues with custom theme templates, consider downgrading to 0.11.5 until 0.11.7 is released.

Upgrade Recommendations

DO NOT UPGRADE TO THIS VERSION

Ghost 0.11.6 contains a critical bug affecting custom theme templates. It is strongly recommended to wait for version 0.11.7, which will fix this issue.

If you're currently running 0.11.5 or earlier, stay on your current version until 0.11.7 is released.

If you've already upgraded to 0.11.6 and are experiencing issues, consider downgrading to 0.11.5.

Bug Fixes

  • Theme Loading: Fixed an issue where the server would start before the active theme was fully loaded by moving theme initialization into api.init().
  • Config Updates: Fixed a bug where deleting a theme didn't properly update the configuration object.
  • Version Check: Fixed version check errors for minor versions greater than or equal to 10.
  • CORS Middleware: Fixed CORS middleware ordering to ensure it happens after client authentication.
  • Access Token Cleanup: Fixed an issue where old access tokens were not being properly cleaned up.
  • Error Template Detection: Updated error template detection to use FS.stat instead of reading all theme files.
  • ⚠️ Custom Theme Templates: Contains a critical bug affecting custom theme templates (fixed in 0.11.7).

New Features

  • Image Processing Timeout: Added a 6-second timeout to getImageSize function calls with a default timeout of 10 seconds to prevent Node.js from using its default 2-minute timeout, which could cause server hangs.
  • Email Sanitization: Added sanitization for subscriber emails to improve security and data integrity.

Security Updates

  • Email Sanitization: Added sanitization for subscriber emails to prevent potential security issues.
  • CORS Middleware: Fixed CORS middleware ordering to ensure proper client authentication, preventing potential security vulnerabilities.

Performance Improvements

  • Theme File Reading: Significantly improved theme loading performance by no longer reading every single file of every theme upfront. Files are now read only when needed.
  • Package Handling: Simplified and optimized package-related utilities, reducing complexity and improving performance.
  • Image Processing: Added timeouts to image processing functions to prevent server hangs during image operations.

Impact Summary

Ghost 0.11.6 includes several important bug fixes and performance improvements, particularly around theme handling, image processing, and authentication. However, it introduces a critical bug affecting custom theme templates that makes this release problematic for production use.

The most significant changes include improved theme loading during server initialization, timeouts for image processing to prevent server hangs, fixed CORS middleware ordering, and better cleanup of old access tokens. The code base also received substantial cleanup and simplification, particularly around package and theme handling.

Despite these improvements, the custom theme template bug is severe enough that users should skip this version entirely and wait for 0.11.7. Theme developers and site administrators will be most affected by this issue.

Full Release Notes

Warning 0.11.6 contains a bug with custom theme templates. We strongly advise against upgrading to 0.11.6, please wait for 0.11.7 (coming asap).

Please read the release blog post for more details.

You can see the full change log for the details of every change included in this release.

Statistics:

File Changed33
Line Additions1,111
Line Deletions543
Line Changes1,654
Total Commits14

User Affected:

  • Custom theme templates may not work correctly due to a critical bug
  • Changes to how theme files are read and loaded
  • Error template detection now uses FS.stat instead of reading all theme files

Contributors:

ErisDSpeterellisjonesaileenkirrg001