Ghost Release: 0.4.0 RC1

TL;DR

Ghost 0.4.0-pre brings significant architectural improvements and new features including customizable permalinks, theme API enhancements, and improved subdirectory support. This release focuses on code refactoring, better error handling, and enhanced user experience with features like login limiting and update notifications. While this is a pre-release version intended for testing, it represents a major step forward in Ghost's development with over 15,000 code changes across 211 files.

Highlight of the Release

• Customizable permalinks for better URL structure
• Improved subdirectory support for flexible installation
• Theme API enhancements with new helpers
• Login limiting for improved security
• Update notifications for new Ghost versions
• Better image uploader UI
• Quick post edit access from frontend
• Force SSL configuration option

Migration Guide

Upgrading to Ghost 0.4.0-pre

Important Note: This is a pre-release version intended for testing purposes only. It should not be used in production environments.

Prerequisites

• Node.js version 0.10.x is required (0.11.x is not supported)
• If using PostgreSQL, ensure you have the latest version

Upgrade Steps

1. Back up your content by exporting from your current Ghost installation
2. Download the new Ghost 0.4.0-pre release
3. Follow the standard installation procedure: npm install --production
4. Copy your config.js file from your previous installation
5. If using a custom theme, ensure it's compatible with the new helpers
6. Import your content back into Ghost

Configuration Changes

• New forceAdminSSL boolean option to force HTTPS for admin area
• New updateCheck option (defaults to true) to enable/disable update notifications
• Subdirectory support via the url setting in config.js

Theme Development

If you're developing themes, be aware of these changes:

• The asset helper has been updated to work with subdirectories
• New URL helpers have been implemented for consistency
• Partial views are now reloaded when themes change

API Changes

• The Ghost singleton object has been largely removed in favor of more modular code
• Many helpers have been moved or refactored
• If you're building on top of Ghost's API, review the code changes carefully

Upgrade Recommendations

As this is a pre-release (0.4.0-pre), it is not recommended for production environments. This version is intended for:

1. Developers who want to test their themes and plugins against upcoming changes
2. Contributors who want to help identify and fix bugs before the stable release
3. Early adopters who want to explore new features and provide feedback

If you're running a production blog, you should continue using the latest stable release (0.3.3) until the final 0.4.0 version is released.

For those who do want to test this pre-release:

• Create a separate testing environment
• Back up your data before upgrading
• Report any bugs or issues you encounter to the Ghost GitHub repository
• Pay special attention to the new permalink features and subdirectory support if you plan to use these features

The significant architectural improvements in this release will provide a more solid foundation for future development, but wait for the stable release before upgrading production sites.

Bug Fixes

Tag Input Field

Fixed styling issues with the tag input field by giving higher priority to CSS selectors and removing padding to align nicely with already set tags.

Markdown Underscores

Modified the Ghostdown markdown extension to allow for 4+ inline underscores without formatting issues, addressing a long-standing pain point for content creators.

Image Uploader UI

Fixed several issues with the image uploader interface:

• Dropzone icon no longer appears when file storage is disabled
• Proper cursor and no selection on icon
• Save button is now disabled during image uploads to prevent errors

PostgreSQL Compatibility

Fixed a 404 error when viewing pages with PostgreSQL by adding a fixBools method to convert boolean values consistently across different database providers.

URL and Path Handling

• Fixed issues with URL generation in subdirectories
• Ensured proper handling of relative redirects
• Fixed gravatar retrieval to work correctly with SSL

RSS Feed Fixes

• Added post tags to RSS feeds
• Fixed RSS links when dated permalinks are enabled
• Ensured RSS doesn't 404 when there is no user

Cache and Asset Management

Improved cache control headers and added query string asset management to help with browser caching.

New Features

Customizable Permalinks

Ghost now supports customizable permalinks, allowing you to structure your URLs in different ways. This includes dated permalinks (e.g., /2014/06/12/my-post/) and the ability to have different URL structures for posts and pages. The system also ensures proper handling of permalinks in RSS feeds.

Theme API Enhancements

The Theme API has been improved with several new helpers:

• Added has_tag helper to core helpers
• Improved asset handling with a new asset helper for client-side use
• Better handling of partial views with improved template reloading

Subdirectory Support

Ghost now fully supports installation in subdirectories, making it more flexible for various hosting configurations. This includes proper handling of assets, URLs, and redirects when Ghost is not installed at the root of a domain.

Login Limiting

A new security feature that limits login attempts to prevent brute force attacks. After multiple failed attempts, the account becomes locked and requires a password reset.

Update Notifications

Ghost now checks for updates and notifies administrators when a new version is available. This feature can be disabled via configuration if desired.

Welcome Email

New users now receive a welcome email upon signup, providing them with their blog URL and the email they used to register.

Force SSL Configuration

Added the ability to force SSL for the admin area through a configuration option, enhancing security for Ghost installations.

Security Updates

Login Security Enhancements

Implemented a login limiting system that progressively locks accounts after multiple failed login attempts, helping to prevent brute force attacks. The system transitions through warning states before locking an account completely.

SSL Improvements

• Added Force SSL Configuration option to require HTTPS for admin area
• Fixed secure flag for cookies when SSL is forced
• Removed fixed scheme from Gravatar URLs to prevent mixed content warnings

File Upload Security

• Implemented unique filenames for temporary files in ghost-busboy to prevent potential conflicts
• Switched from multipart to busboy for more secure file handling

Express and Dependencies Update

Updated Express and other dependencies to include important security fixes, particularly the __proto__ fix in the qs module.

Performance Improvements

Database Optimizations

• Fixed table scan for PostgreSQL migrations, improving performance for database operations
• Updated to Knex 0.5 and Bookshelf 0.6.1 for better database handling

Caching Improvements

• Added cache control middleware with defaults for all routes and assets
• Implemented query string asset management with timestamp hashing for better browser caching

Reduced Memory Usage

• Login security array now gets pruned upon successful login, reducing memory usage over time
• Improved handling of file uploads by using streams instead of temporary files

Code Efficiency

• Removed unnecessary regex usage in admin routes
• Debounced post settings events to reduce unnecessary processing
• Standardized file path access throughout the codebase for better performance

Impact Summary

Ghost 0.4.0-pre represents a substantial evolution in the platform's architecture and capabilities. With over 15,000 code changes across 211 files, this pre-release version introduces significant improvements to Ghost's core functionality while laying groundwork for future development.

The most notable changes include customizable permalinks, complete subdirectory support, and enhanced theme API capabilities. These features directly address common user requests and provide greater flexibility for both developers and content creators. The addition of security features like login limiting and Force SSL configuration demonstrates Ghost's growing focus on security as the platform matures.

For developers, the codebase has undergone substantial refactoring, moving away from the singleton pattern toward a more modular architecture. This improves maintainability and creates a more solid foundation for future development. The standardization of URL and path handling throughout the codebase resolves numerous edge cases and inconsistencies.

Content creators will benefit from UI improvements to the tag input field, image uploader, and markdown editor. The ability to quickly access a post's edit page from the frontend streamlines the content editing workflow.

While this is a pre-release version not intended for production use, it signals the direction of Ghost's development and provides a preview of features that will be available in the stable 0.4.0 release. The architectural improvements and new features position Ghost as an increasingly robust and flexible publishing platform.

Full Release Notes