HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Ghost

>

Releases

>

1.8.5

Ghost Release: 1.8.5

Tag Name: 1.8.5

Release Date: 9/12/2017

View Release
Ghost LogoGhost

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open SourceBloggingStatic Site

TL;DR

Ghost 1.8.5 is a maintenance release that addresses several critical bugs affecting image handling, private blogging security, custom redirects, and UI improvements. This update focuses on fixing issues that could impact site performance, security, and user experience, making it an important upgrade for all Ghost installations.

Highlight of the Release

    • Fixed security vulnerability in private blogging that could leak post information
    • Resolved image caching issues that were causing timeouts with invalid URLs
    • Improved custom redirects handling with query/search parameters
    • Fixed team page UI issues with profile images and last seen status
    • Upgraded Casper theme to version 2.1.2

Migration Guide

No specific migration steps are required for this update. This is a standard maintenance release that can be installed through your normal update process.

If you're using custom redirects with query parameters, you may notice improved behavior after this update, but no configuration changes are needed.

Upgrade Recommendations

Priority: High

All Ghost users should upgrade to version 1.8.5 as soon as possible, especially those using private blogs or experiencing image-related timeouts. This release contains important security fixes that protect private blog content from potential information leaks.

The update process follows the standard Ghost upgrade procedure and should not require any special steps or configuration changes.

Bug Fixes

  • Fixed invalid image URLs handling (#8986)

    • Resolved issues where invalid image URLs weren't being properly cached, causing timeouts
    • Improved image size detection with better error handling
    • Added support for /assets/ image paths
    • Enhanced debugging capabilities with additional logs

  • Fixed private blogging security issue (#8999)

    • Patched a security vulnerability where private blogs could potentially leak post information
    • Fixed a condition in the private blogging app that incorrectly redirected RSS and sitemap to 404 pages
    • Ensured consistent redirection to /private for all unauthorized access attempts

  • Fixed custom redirects with query parameters (#8998)

    • Improved logic for handling custom redirects that include query or search parameters
    • Added comprehensive tests to verify redirect functionality

  • Fixed team page UI issues (TryGhost/Admin#857)

    • Resolved display problems with profile images on the team page
    • Fixed the "last seen" status indicator for team members

  • Properly return Bluebird promises (#8988)

    • Fixed promise handling to ensure proper Bluebird promise returns

New Features

No significant new features were introduced in this release. Ghost 1.8.5 is primarily a maintenance release focused on bug fixes, security improvements, and performance enhancements.

Security Updates

  • Private blogging content protection (#8999)
    • Fixed a security vulnerability where private blogs could potentially leak post information through RSS feeds and sitemaps
    • Implemented consistent redirection to the /private page for all unauthorized access attempts
    • Removed conditional logic that was causing inconsistent security behavior

Performance Improvements

  • Enhanced image caching mechanism

    • Improved the handling of image URLs to prevent timeouts and reduce server load
    • Optimized the image size detection process with better error handling
    • Refactored the image request utility to be more efficient

  • Improved promise handling

    • Better management of Bluebird promises for more reliable asynchronous operations
    • Removed unnecessary Promise.resolve() calls to streamline code execution

Impact Summary

Ghost 1.8.5 delivers critical fixes for several important aspects of the platform. The security improvement for private blogs prevents potential content leaks, making this an essential update for sites using this feature. Performance enhancements to image handling will reduce timeouts and improve overall site stability, particularly for sites with many images or external image references.

The UI improvements, including better checkbox visibility and fixed team page display issues, enhance the administrative experience. For developers, the improved custom redirect handling with query parameters provides more flexibility in site configuration.

The Casper theme upgrade to 2.1.2 ensures compatibility with the latest Ghost features and maintains the default theme's performance and appearance.

Full Release Notes

  • 🐛 Fixed team page not showing profile image and last seen (TryGhost/Admin#857)
  • 🐛 Fixed invalid image URLs not being cached and causing timeouts (#8986)
  • 🐛 Fixed private blogging leaking post information (#8999)
  • 🐛 Fixed custom redirects with query/search params (#8998)
  • 🎨 Improved visibility of unchecked checkboxes (TryGhost/Admin#851)

You can see the full change log for the details of every change included in this release.

Statistics:

File Changed12
Line Additions231
Line Deletions119
Line Changes350
Total Commits7

User Affected:

  • Fixed team page display issues showing profile images and last seen status
  • Improved security for private blogs by preventing potential content leaks
  • Better handling of custom redirects with query parameters

Contributors:

ErisDSkirrg001aileen