HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Ghost

>

Releases

>

2.16.4

Ghost Release: 2.16.4

Tag Name: 2.16.4

Release Date: 3/6/2019

View Release
Ghost LogoGhost

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open SourceBloggingStatic Site

TL;DR

Ghost 2.16.4: Critical Fixes for Private Mode and Authentication

This patch release addresses several critical bugs affecting Ghost sites, particularly fixing issues with private blogging mode being unintentionally enabled and authentication problems with the v0.1 API. The update also resolves MySQL custom certificate usage, subscriber creation errors, and email address retrieval issues when using API key authentication. This is an important stability update recommended for all users running Ghost 2.16.x.

Highlight of the Release

    • Fixed critical issue where private blogging mode was being unintentionally enabled
    • Restored functionality for v0.1 API username/password authentication
    • Fixed custom certificate usage for MySQL connections
    • Resolved subscriber creation errors in the admin area
    • Fixed email address retrieval with admin API key authentication

Migration Guide

No migration steps are required for this update. Simply upgrade from your current 2.16.x version to 2.16.4 following the standard Ghost update process.

If you're using MySQL with custom certificates, this update will fix issues you may have been experiencing without requiring any additional configuration changes.

Upgrade Recommendations

Strongly Recommended Upgrade

This update is strongly recommended for all Ghost users running version 2.16.x due to the critical fixes for private blogging mode and authentication issues.

The upgrade process follows the standard Ghost update procedure and should be straightforward with no breaking changes introduced. Users experiencing any of the fixed issues should see immediate resolution after upgrading.

Bug Fixes

Critical Fixes

  • Private Blogging Mode: Fixed critical issue where private blogging mode was being unintentionally enabled when saving any setting. This occurred because boolean values were being incorrectly stored and interpreted in the database (#10576).

  • Authentication: Fixed v0.1 API username/password authentication that was previously failing.

  • MySQL Certificate Usage: Fixed custom certificate usage for MySQL connections by conditionally running makePathsAbsolute only when the database client is SQLite3 (#10573).

Additional Fixes

  • Subscriber Creation: Fixed error that occurred when creating subscribers via the admin area.

  • API Responses: Fixed issue where email addresses were not being returned in user responses from v2 Admin API when using API key authentication.

  • Build Tools: Fixed grunt master to work correctly with submodules, ensuring it only errors if there are uncommitted changes to tracked files (#10566).

  • Development Environment: Added circular dependency filter for grunt dev build logs to keep output clean and allow repeating build messages to continue properly.

New Features

No new features were introduced in this patch release. This update focuses exclusively on bug fixes and stability improvements.

Security Updates

While not explicitly labeled as security fixes, this release addresses authentication-related issues that could potentially impact site security:

  • Fixed v0.1 API username/password authentication
  • Fixed email address not being returned with admin API key authentication
  • Fixed issues with private blogging mode that could potentially expose content intended to be private

Performance Improvements

No specific performance improvements were included in this release. The focus was on fixing critical bugs affecting functionality.

Impact Summary

Ghost 2.16.4 is a critical patch release that resolves several important bugs affecting core functionality. The most significant fix addresses an issue where private blogging mode could be unintentionally enabled when saving any setting, potentially restricting access to content that should be public.

The release also fixes authentication problems with the v0.1 API, MySQL custom certificate usage, subscriber creation, and email address retrieval with API key authentication. These fixes ensure proper functionality for both site administrators and API users.

For developers, the update improves the build tools with fixes for grunt master when working with submodules and adds filtering for circular dependency warnings in build logs.

This update contains no breaking changes and is focused entirely on stability and bug fixes. All Ghost 2.16.x users should upgrade to this version to avoid potential issues with private mode and authentication.

Full Release Notes

Contains critical fixes for sites appearing in private mode and v0.1 API user/pass auth failing.
If you are on an earlier 2.16.x release please upgrade!

  • 🐛 Fixed private blogging getting enabled on restart after saving any setting (#10576)
  • 🐛 Fixed v0.1 API username/password authentication
  • 🐛 Fixed custom certificate usage for MySQL (#10573)
  • 🐛 Fixed error when creating subscribers via the admin area
  • 🐛 Fixed email address not being returned in user responses from v2 Admin API using api key authentication

You can see the full change log for the details of every change included in this release.

Statistics:

File Changed17
Line Additions164
Line Deletions43
Line Changes207
Total Commits8

User Affected:

  • Fixed critical issue where private blogging mode could be unintentionally enabled when saving any setting
  • Resolved MySQL custom certificate usage problems
  • Can now properly create subscribers through the admin area

Contributors:

allouiskevinansfieldLucidDankirrg001