Ghost Release: 0.5.0 RC3

TL;DR

Ghost 0.5.0-rc3 brings significant improvements to error handling, user experience, and authentication flows. This release candidate fixes several critical issues from rc2, including better handling of authentication errors, improved modal behaviors, and fixes for user management. While still not intended for production use, rc3 represents an important step toward a more stable and user-friendly Ghost platform.

Highlight of the Release

• Improved authentication error handling with user-friendly messages instead of 500 error screens
• Warning system for unsaved title changes when editing posts
• Fixed user invitation and deletion functionality
• Enhanced modal behaviors with automatic closing when clicking outside
• Better keyboard navigation in content lists

Migration Guide

Development Mode Notice

This release candidate only works in production mode - JavaScript files for development mode are missing. Use the following commands for installation:

npm install --production
npm start --production

No grunt tasks are required for this release candidate.

Path Handling Changes

If you've been experiencing issues with Grunt commands on systems with spaces or parentheses in file paths (particularly on Windows), this release includes fixes that should resolve those problems.

User Management Changes

If you've built custom tools that interact with user management, note that the user adapter in Ember has been extended to load users with status: all. This may affect any custom code that relies on the previous behavior.

Upgrade Recommendations

For Testing Purposes Only

This is a release candidate (RC3) and should not be used in production environments. It is intended for testing purposes only and should not be considered stable.

Recommended for Testing

If you're currently testing Ghost 0.5.0-rc2, upgrading to rc3 is highly recommended to benefit from the numerous bug fixes and improvements, particularly around error handling, authentication, and user management.

Installation Instructions

For testing this release candidate:

1. Download the zip file which is a properly 'built' release
2. Install with npm install --production
3. Start with npm start --production

Please refer to the installation guide for complete instructions.

Bug Fixes

Authentication and Error Handling

• Authentication Error Flow: Fixed issue where invalid tokens would show a 500 error screen instead of redirecting to signin with an error message
• User Invite and Deletion: Fixed functionality for revoking user invites and user deletion by properly loading users with all statuses
• Ghost Icon Clickability: Fixed issue where the Ghost icon was not clickable after page refresh
• Website URL Validation: Removed requirement for protocol in website URLs to maintain backward compatibility
• User Validation on Login: Disabled unnecessary user validation during login to prevent errors

UI and Navigation

• Keyboard Navigation: Fixed issue where keyboard navigation would loop on content lists
• Modal Behavior: Fixed various issues with modal behaviors and interactions
• Initial Blog Description: Removed username from initial blog description for cleaner setup

Development Tools

• Grunt Commands: Fixed issues with Grunt commands when working with file paths containing spaces or parentheses
• jQuery Dependency: Restored jQuery dependency that was accidentally removed in a previous cleanup
• Middleware Order: Corrected middleware order to ensure proper error handling and admin detection

New Features

Enhanced User Interface Elements

• Popover Button States: Popover buttons now have an open class applied when their popover is open, allowing for better styling and state management
• Unsaved Changes Warning: When editing a post, users now receive a warning if they attempt to navigate away with unsaved title changes
• Modal Behavior Improvements: Modals now automatically close when clicking outside of them, providing a more intuitive user experience
• Tab Activation: Specific tabs are now properly activated when tapped or clicked, rather than just toggling states

Improved Email Functionality

• Targeted Test Emails: Test emails are now sent directly to the administrator who initiated the test, rather than using a predefined email address
• Form Reset on Success: The forgotten password email form now resets after successful submission

User Management Enhancements

• Invite Validation: System now shows an error message when attempting to invite a user who has already been invited
• Immediate Modal Feedback: The invite user modal closes immediately after submission, providing better feedback

Security Updates

Authentication Security

• Token Validation: Added regex validation to check if authentication tokens at least look like valid base64 before attempting to decode them
• Base64 Decoding: Wrapped atob() function in try/catch to prevent crashes from malformed tokens
• Error Handling: Improved error handling for authentication to prevent exposure of sensitive information

User Management Security

• User Invitation: Added validation to prevent duplicate user invitations
• Error Handling: Better error handling during user login process to prevent potential security issues

Performance Improvements

Error Handling Optimizations

• Improved Authentication Error Handling: Better JSON API formatting for authentication errors, reducing unnecessary processing
• SQLITE_READONLY Handling: Added specific context and help for SQLITE_READONLY errors, improving database error resolution
• User Validation: Prevented unnecessary validation during login when only updating status and last_login fields

UI Performance

• Post Title Focus: Removed automatic focusing on post title when editing existing posts, improving performance and user experience
• Modal Interactions: Optimized modal closing behavior to be more responsive

Impact Summary

Ghost 0.5.0-rc3 represents a significant improvement in stability and user experience over rc2, with a focus on fixing critical issues in error handling, authentication flows, and user management. The release includes 31 changed files with 240 additions and 119 deletions across 27 commits.

Key improvements include better handling of authentication errors (redirecting to signin with helpful messages rather than showing 500 error screens), fixed user invitation and deletion functionality, improved modal behaviors, and enhanced content editing experience with warnings for unsaved changes.

For developers, the release fixes issues with Grunt commands on systems with spaces or parentheses in file paths, improves error handling with better JSON API formatting, and provides better handling of database access errors.

While still a release candidate not intended for production use, rc3 addresses many pain points identified in rc2 and represents an important step toward a more stable and user-friendly Ghost platform.

Full Release Notes