Content Toolkit

Ghost Release: 1.17.1

Tag Name: 1.17.1

Release Date: 11/9/2017

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open Source Blogging Static Site

TL;DR

Ghost 1.17.1: Improved Code Architecture, Authentication Fixes, and Database Validations

This patch release focuses on significant internal code restructuring to improve Ghost's architecture, fixes an important authentication bug, and adds soft limits to database fields. While most changes are under the hood, the authentication fix resolves issues with Bearer Token authentication, and new database validations help prevent oversized content entries. The release also includes admin UI improvements for mobile devices.

Highlight of the Release

Fixed critical authentication bug with Bearer Token and password grant type
Added soft limits to database fields to prevent oversized content entries
Major internal code restructuring for better architecture and maintainability
Improved mobile experience in the admin interface
Enhanced routing system with better separation of concerns

Migration Guide

Database Field Length Validations

This release adds soft limits to various database fields. If you've been using only the Ghost admin panel or Ghost Desktop, you shouldn't encounter any issues. However, if you've used the private API or third-party clients, you may have data that exceeds these new limits:

Posts

Title: 255 characters (was 2,000)
Meta title: 300 characters (was 2,000)
Meta description: 500 characters (was 2,000)

Users

Bio: 200 characters (was 65,535)
Location: 150 characters (was 65,535)
Meta title: 300 characters (was 2,000)
Meta description: 500 characters (was 2,000)

For Developers

If you've built custom code that interacts with Ghost's internal modules:

Check any references to RSS, Channels, or AMP modules as these have been restructured
Review any custom authentication implementations, especially those using Bearer tokens with password grant type
Update any code that relies on the previous routing structure

Upgrade Recommendations

This is a patch release (1.17.0 → 1.17.1) that includes important bug fixes and internal improvements.

Recommended for: All Ghost installations should upgrade to this version, especially if you:

Use Bearer Token authentication with password grant type
Have mobile users accessing your admin interface
Are developing against the Ghost API

Upgrade priority: Medium

Potential issues: The new database field validations may cause errors if you have existing content that exceeds the new soft limits. This would only affect you when trying to update that content after the upgrade.

How to upgrade: Follow the standard Ghost upgrade process for your installation method. If you're using Ghost(Pro), your site will be updated automatically.

Bug Fixes

Authentication Fix

Fixed critical bug in password authentication with Bearer Token
Previously, when sending a request to /authentication/token with grant_type:password and a Bearer token, Ghost was unable to handle this combination
The issue occurred because client authentication was skipped, but OAuth detected the grant_type: password and attempted to fetch the client again, which failed
Removed redundant client request to the database for password authentication

Mobile Experience Fixes

Fixed elastic scroll issues in admin on iOS devices
Improved admin styles on mobile devices

Other Fixes

Fixed comment about node version changes

New Features

Code Architecture Improvements

RSS Module Restructuring: Split into controller and service components for better separation of concerns
Routing System Enhancements:
- Wrapped Express router and exposed from route service
- Moved admin redirects out of site router
- Reworked route service to prevent circular dependencies
- Added DEBUG option to print a list of routes
Module Organization:
- Moved Channels module to services
- Simplified AMP internal app
- Renamed single/post to entry for clarity
- Added comments highlighting routes, controllers, and renderers
- Moved isLocalFile function to storage utils

Post Scheduling Enhancement

Added rescheduleOnBoot option for post scheduling, allowing custom scheduling adapters with persistent data to not reschedule posts when Ghost is restarted

Database Field Validations

Added soft limits for various database fields:
- Posts: title (255 chars), meta_title (300 chars), meta_description (500 chars)
- Users: bio (200 chars), location (150 chars), meta fields (300-500 chars)
- Tags: description (500 chars), meta fields (300-500 chars)

Security Updates

No specific security fixes were mentioned in this release. The authentication bug fix does improve the robustness of the authentication system, but it wasn't explicitly described as a security vulnerability.

Performance Improvements

Code Structure Improvements

The major code restructuring in this release should lead to better performance through:

Better separation of concerns between controllers and services
More efficient routing with the new router implementation
Reduced circular dependencies which can impact load times and memory usage
Cleaner code organization that will allow for more targeted optimizations in the future

While these changes don't directly target performance metrics, the architectural improvements lay groundwork for future performance enhancements and more maintainable code.

Impact Summary

Ghost 1.17.1 is primarily a maintenance release with significant internal code restructuring and important bug fixes. The most visible impact is the fix for Bearer Token authentication with password grant type, which resolves issues for API users and developers.

The addition of soft limits to database fields is an important change that improves data integrity but may affect users who have created oversized content through the API or third-party tools. These limits are sensible constraints that align better with typical usage patterns and help prevent performance issues.

For developers, the extensive code restructuring represents a major step in Ghost's architectural evolution, with better separation of concerns and a more maintainable codebase. The changes to the routing system, module organization, and controller/service separation lay groundwork for future improvements.

Mobile users will appreciate the UI improvements and fixed scroll issues on iOS devices, making the admin experience more pleasant on smaller screens.

Overall, this release demonstrates Ghost's commitment to code quality, developer experience, and platform stability while addressing specific user-facing issues.

Full Release Notes

🎨 Increased allowed lengths of tag names/slugs and user names (TryGhost/Admin#905)
🎨 Improve admin styles on mobile (TryGhost/Admin#903)
🐛 Fixed error for password authentication with Bearer Token (#9227)
🐛 Fix elastic scroll issues in admin on iOS

⚠️ This release adds some missing length validations to database fields. If you have only been using the default Ghost admin panel or Ghost Desktop, don't worry, everything is fine 😄 However, if you have used the private API or 3rd party clients there is a small chance that you have data stored on resources that is larger than the allowed size - in that case you may run into a limit error next time that resource is saved. If you get any unexpected errors please swing by our Slack channel!

You can see the full change log for the details of every change included in this release.

Statistics:

File Changed69

Line Additions1,660

Line Deletions1,211

Line Changes2,871

Total Commits17

User Affected:

Significant internal code restructuring affects how modules are organized
Authentication mechanism changes for Bearer Token with password grant type
New soft limits on database fields may affect custom implementations
Improved routing architecture with better separation of concerns