Ghost Release: 2.2.4

TL;DR

Ghost 2.2.4 is a maintenance release that fixes critical bugs in the admin interface, including issues with image URL handling and pagination. It also adds support for repeated query parameters for arrays, enhances webhook functionality, improves spam prevention, and updates the update check mechanism to use API v2. This release primarily benefits administrators and developers by improving stability and security of the Ghost platform.

Highlight of the Release

• Fixed critical bug with relative image URLs becoming absolute URLs on save
• Fixed pagination issues causing duplicate posts and users to appear in admin area
• Added spam prevention for login attempts
• Enhanced webhook functionality with new fields and integration relationships
• Added support for repeated query parameters for arrays

Migration Guide

No specific migration steps are required for this update. This is a maintenance release that fixes bugs and adds enhancements without introducing breaking changes.

To update to Ghost 2.2.4:

1. Back up your Ghost installation and database
2. Follow the standard Ghost update procedure for your installation method:
   • For Ghost CLI installations: ghost update
   • For manual installations: Download the new version and follow the manual update process

After updating, verify that:

• The admin interface pagination works correctly
• Image URLs are handled properly when editing content
• If you're using webhooks, check that they continue to function as expected

Upgrade Recommendations

This update is highly recommended for all Ghost users, especially those experiencing issues with:

• Image URL handling
• Pagination in the admin area
• Webhook functionality

The release contains important bug fixes that address stability issues in the admin interface and enhances security with spam prevention for login attempts. There are no breaking changes, making this a safe update for all installations.

For optimal performance and security, we recommend updating to Ghost 2.2.4 at your earliest convenience.

Bug Fixes

Fixed Image URL Handling

Fixed a critical issue where relative image URLs were being converted to absolute URLs on save. This problem occurred because:

1. Ghost stores relative image URLs in the database
2. API V2 returns images with absolute URLs
3. Ghost-Admin was sending absolute URLs back on any save operation

This would override the relative image path in the database with an absolute path, preventing proper updates if the domain or protocol changed in the future. The fix ensures that on save/update operations, input serializers convert any absolute image URL paths back to relative if the base URL matches the configured URL.

Fixed Pagination in Admin Area

Resolved an issue where the page query parameter was not being forwarded to the query, causing duplicate posts and users to appear in the admin interface. When administrators requested the next page of users or posts, they would receive the first page again. This update allows the page option for users, posts, and tags browse operations.

New Features

Enhanced Webhook Functionality

Ghost now offers improved webhook capabilities with an extended schema that includes new columns such as name, integration_id, secret, last_triggered_at, api_version, last_triggered_status, and last_triggered_error. This update also establishes relationships between webhooks and integrations, providing better tracking and management of webhook activities.

Support for Repeated Query Parameters

Ghost now supports repeated query parameters for arrays, improving compatibility with various HTTP clients including Node.js core. Previously, when an array was provided as a query parameter (e.g., {someParam: ['a', 'b']}), Ghost would encounter errors. This update adds a check for repeated keys to prevent 500 errors and enhance interoperability.

Improved Spam Prevention

Added spam prevention mechanisms to the /session endpoint to block repeated login attempts, providing protection against brute force password attacks. The session controller has been updated to reset the brute force protection on successful login, ensuring legitimate users don't remain locked out.

Security Updates

Brute Force Protection

Added spam prevention to the POST /session endpoint to block repeated login attempts, providing protection against brute force password attacks. This security enhancement helps protect user accounts from unauthorized access attempts.

The session controller has also been updated to reset the brute force protection on successful login, ensuring that legitimate users aren't permanently locked out after a successful authentication.

Performance Improvements

Optimized Export Process

The sessions table is now excluded from the exporter process, which can improve export performance and reduce the size of exported data. This is particularly beneficial for sites with a large number of user sessions.

Update Check Optimization

The update checker has been migrated to use API v2, which provides a more efficient mechanism for checking for Ghost updates. The frame pipeline has been updated to respect context passed in with Frame instances, and the 'active' version is now exposed from the API index module.

Impact Summary

Ghost 2.2.4 is primarily a maintenance release that addresses several important bugs and adds useful enhancements. The most significant impact comes from fixing two critical issues in the admin interface:

1. The fix for relative image URLs becoming absolute URLs on save prevents potential problems when a site's domain or protocol changes, ensuring image paths remain correctly referenced.

2. The pagination fix resolves frustrating user experience issues where administrators would see duplicate content when navigating through pages of posts and users.

On the security front, the addition of spam prevention for login attempts provides better protection against brute force attacks, enhancing the overall security posture of Ghost installations.

For developers, the support for repeated query parameters for arrays and enhanced webhook functionality improves the platform's flexibility and integration capabilities.

Overall, this release improves stability, security, and developer experience without introducing breaking changes, making it a straightforward and beneficial update for all Ghost users.

Full Release Notes