Ghost Release: 1.10.0

TL;DR

Ghost 1.10.0 introduces significant security enhancements to the beta Public API by limiting exposed user information. The update removes certain fields from public user responses, eliminates the ability to fetch users by email address, and fixes several permission-related bugs. Additionally, it includes numerous bug fixes for the admin interface, improving the editor experience across different browsers and platforms. This release focuses on tightening security while maintaining functionality, with breaking changes to the Public API that developers should review.

Highlight of the Release

• Enhanced security in the Public API by limiting exposed user information
• Fixed incorrect autosave behavior for published posts in the editor
• Improved permission system with attribute-based permissions
• Fixed author role permissions to prevent unauthorized changes to post authors
• Better cross-browser compatibility with fixes for MS Edge and iOS

Migration Guide

Breaking Changes to Public API

If you're using Ghost's beta Public API, you'll need to update your implementation to accommodate these security-focused changes:

1. Removed User Fields: Certain fields have been removed from public user responses to enhance security. Review your code that processes user data to ensure it doesn't depend on these removed fields.

2. Email Address Endpoint Removed: The public API endpoint to fetch users by email address has been removed. Update any code that uses this endpoint to use alternative methods for user identification.

3. Role Information: The API no longer returns role information for public user resources. If your application was using this data, you'll need to find alternative approaches.

Remember that Ghost's Public API is still in beta and subject to breaking changes in any release, independent of semantic versioning. Always check the API Changelog for the latest updates.

Upgrade Recommendations

Priority: Medium-High

This upgrade is recommended for all Ghost users, especially those utilizing the Public API. The security enhancements and bug fixes provide important improvements to the platform's security posture and user experience.

For API Developers: If you're using the beta Public API, this is a critical update as it contains breaking changes that limit exposed user information. Review your API implementation against the API Changelog to ensure compatibility.

For Content Publishers: The numerous editor and admin interface fixes improve the content creation experience, particularly for users on iOS devices or using Microsoft Edge.

Upgrade Steps:

1. Back up your Ghost installation and database
2. Follow the standard Ghost upgrade process
3. Test your site functionality, particularly any custom themes or integrations
4. If using the Public API, test and update your implementation to accommodate the security changes

Bug Fixes

API and Permission Fixes

• Fixed API returning roles for the public user resource, which was exposing too many details unintentionally
• Fixed author role permission to prevent Authors from changing post authors
• Fixed missing cache invalidation header when uploading redirects
• Fixed wrong handling of formats parameter for querying single posts
• Fixed date handling to return dates from the database without milliseconds

Admin Interface Fixes

• Fixed incorrect autosave of published posts when leaving the editor
• Fixed admin search not handling certain special characters
• Fixed editor font rendering issues in Microsoft Edge
• Fixed broken "retry" link when Unsplash API requests failed
• Fixed visibility of spellcheck errors in Night Shift mode
• Fixed various iOS-specific issues affecting mobile users

New Features

Support for Attribute-Based Permissions

Ghost now includes support for attribute-based permissions, allowing for more granular control over what users can do based on specific attributes of content. This enhancement:

• Adds wiring to pass attributes throughout the permission system
• Allows access to important "unsafe" attributes that are changing (e.g., post status)
• Enables determination of whether a user has permission to perform attribute-based actions
• Supports more specific permission rules, such as who can publish a post by changing its status

Improved Testing Framework

• Added new utility for creating specific posts to facilitate testing
• Enhanced post API tests with role-specific testing blocks
• Added framework for author role tests in post specifications
• Better organization of test structure for future permission testing

Security Updates

Public API Security Enhancements

• Removed certain fields from public user responses to limit exposed information
• Removed public API endpoint to fetch users by email address, decreasing the information exposed through the API
• Fixed a bug that was accidentally allowing fetching of user roles via the public API
• Implemented restrictions on user field modifications, preventing changes to sensitive fields like created_at, created_by, updated_by, and updated_at
• Enhanced the permission system to better protect user data in public contexts

Performance Improvements

Database and API Improvements

• Improved date handling by returning dates from the database without milliseconds, which ensures consistency between test environments and production
• Refactored the API layer to properly handle API responses after pipelining, ensuring that modified options are correctly passed to model functions
• Removed bypassing option filtering in User model, fixing a logic issue that could lead to bypassing certain filtering options
• Streamlined user data handling by removing unnecessary fields from responses, reducing payload sizes

Impact Summary

Ghost 1.10.0 represents a significant step forward in securing the platform's Public API while improving the overall user experience. The release focuses on limiting exposed user information through the API, fixing permission-related issues, and enhancing the editor experience across different browsers and devices.

The security improvements are particularly noteworthy, as they address potential information exposure concerns by removing certain fields from public user responses and eliminating the ability to fetch users by email address. These changes align with best practices for API security but do introduce breaking changes for developers using the beta Public API.

For content creators and editors, the numerous bug fixes improve the day-to-day experience, particularly when working with the editor on different platforms. Issues with autosave, font rendering in Microsoft Edge, and various iOS-specific problems have been resolved, making for a more consistent editing experience.

The introduction of attribute-based permissions lays groundwork for more granular access control, which will benefit organizations with complex editorial workflows and permission requirements.

Overall, this release balances security enhancements with quality-of-life improvements, though API developers should be prepared to update their implementations to accommodate the breaking changes.

Full Release Notes