TL;DR
Ghost 0.7.9 brings important improvements to static pages, CORS handling, and draft post slugs. For Public API Beta users, there's a breaking change requiring protocols in trusted domains. The update also includes fixes for static file handling, preview functionality, and API responses, along with numerous dependency updates and internal refactoring to improve code quality and test coverage.
Highlight of the Release
- Static pages now have structured data for better social media sharing
- Relaxed CORS handling for fewer login issues with misconfigured URLs
- Draft post slugs now update automatically when titles change
- Fixed static file handling to immediately return 404 when appropriate
- Fixed preview link and icon position in the editor
- Breaking change for API users: Trusted domains now require protocol inclusion
Migration Guide
For Public API Beta Users
Trusted Domains Protocol Requirement
In this release, trusted domains now require their protocol to be included. If you previously had domains configured like:
example.com
You will need to update them to include the protocol:
https://example.com
This change was made to improve security and clarity in domain configurations.
URL Field in Posts API
If you were experiencing issues with the url field in Posts API responses, this has been fixed. No action is required on your part.
For All Users
No specific migration steps are required for regular Ghost users. The update should be smooth and automatic.
Upgrade Recommendations
Recommendation
This update is recommended for all Ghost users, especially those who:
- Use static pages and share them on social media
- Have experienced CORS-related login issues
- Use the Public API Beta
For Public API Beta users, this update contains a breaking change requiring protocols in trusted domains, so please review the migration guide before upgrading.
The update includes important bug fixes and improvements that enhance the overall stability and user experience of Ghost. The changes to draft post slugs and static page structured data are particularly valuable for content creators.
How to Upgrade
Follow the standard Ghost upgrade process:
- Back up your Ghost installation
- Download Ghost 0.7.9
- Follow the upgrade instructions
Bug Fixes
Fixed CORS Handling
Relaxed CORS handling means fewer people should have issues logging in to their blog if their URL isn't configured exactly right. The system now handles CORS pre-flight checks properly and separates request authentication/authorization from CORS.
Fixed Static File Handling
Static files now immediately result in a 404 when appropriate, rather than trying additional URL variations that would never work. This improves response times and provides clearer error messages.
Fixed Preview Link and Icon Position
The preview link and icon position in the editor have been fixed, making it easier to preview your post by clicking the word "preview" at the bottom of the editor.
Fixed Posts API URL Field
Fixed an issue where requesting url as a field from the Posts API didn't return the correct response (affecting Public API Beta users).
Fixed Published Date Input Field Validation
Fixed bugs regarding the published date input field validation:
- Error messages from previous validations are now properly removed
- Date validation only occurs if the input date is valid to begin with
- The view is always updated even if the date hasn't changed, ensuring consistent date formatting
New Features
Improved Static Page Structured Data
Static pages now have structured data, just like posts. This means they will pass validation for Twitter cards, Facebook Open Graph, and other social media sharing tools, providing better previews when shared.
Auto-updating Draft Post Slugs
When editing a draft post, the slug (URL) will now automatically update when you change the title. This ensures your URLs match your titles and prevents situations where early draft titles would remain in the URL.
Auto-save Post Titles on Blur
When editing a draft post, the title will now automatically save when you click away from the title field, providing a smoother editing experience.
Improved Configuration API
The Configuration API endpoint has been restructured to be more logical and flexible:
- Different types of config are now treated as different single objects with several keys
- Only 'read' requests are now supported (previously had both browse and read)
- Basic read requests with no key will return basic config any client would need
- Read requests with specific keys return specific config types
Security Updates
Improved Password Change Verification
The system now properly verifies the old password when changing passwords for the current user, enhancing security by ensuring only authorized users can change their passwords.
Updated Dependencies
Several dependencies have been updated to newer versions that include security fixes, helping to maintain the overall security posture of the application.
Performance Improvements
Optimized Content Deletion
Content deletion has been refactored to be more efficient:
- Eliminated double-fetching of posts from the database
- Only fetches IDs from the database instead of entire models
- Reduced unnecessary database round trips
Improved Static File Serving
Static file serving has been improved to immediately return 404 responses without triggering additional middleware, resulting in faster responses for non-existent files.
Dependency Updates
Multiple dependencies have been updated to newer versions with performance improvements, including:
- Ember and Ember Data
- Knex and Bookshelf
- Bluebird (Promise library)
Impact Summary
Ghost 0.7.9 brings several quality-of-life improvements for both blog owners and content creators. The addition of structured data to static pages enhances social media sharing capabilities, while the automatic updating of draft post slugs creates a more intuitive editing experience.
For developers and API users, there's a breaking change requiring protocols in trusted domains, but this improves security and clarity in domain configurations. The relaxed CORS handling should resolve login issues for users with slightly misconfigured URLs.
Under the hood, this release includes extensive refactoring and test coverage improvements, making the codebase more maintainable and robust. The optimizations to content deletion and static file serving should result in better performance.
Overall, this is a solid maintenance release that addresses several pain points while laying groundwork for future improvements through its internal refactoring efforts.
Full Release Notes
Note: this release contains a breaking change for some Public API Beta users, as always, please read the release blog post for more details.
Highlights
- [Improved] Static pages now have structured data, just like posts, so they will pass validation for twitter cards and other social media sharing tools.
- [Improved] Relaxed CORS handling, meaning less people should have issues logging in to their blog if their URL isn't configured exactly right.
- [Improved] Draft post slugs (urls) are updated when the title changes, so that you don't get weird half-titles in slugs anymore.
- [Fixed] Static files immediately result in a 404, because trying a filename with a trailing slash on the end is never going to result in a happier ending.
- [Fixed] Incorrect preview link & icon position in the editor making it easier to preview your post by clicking the word "preview" at the bottom of the editor.
- [Fixed] Requesting
url as a field from the Posts API didn't return the correct response (Public API Beta).
- [Changed] Trusted domains now require their protocol be included. See below for details (Public API Beta).
The full change log contains a list of all changes.
