Ghost Release: 2.20.0

TL;DR

Ghost 2.20.0 introduces a significant Admin API enhancement for member management, allowing complete deletion of members including their payment data. This release also removes the legacy external apps system, improves security with dependency updates, and fixes several bugs related to user permissions and UI issues. The update streamlines the codebase by removing unused functionality while enhancing member management capabilities.

Highlight of the Release

• New Admin API for complete member deletion including payment processor data
• Removal of legacy external apps system for improved codebase maintainability
• Security updates to express-hbs, handlebars, and gscan dependencies
• Fixed UI issues including posts list scrolling on iOS and theme activation errors
• Prevention of assigning owner role to locked/suspended users

Migration Guide

Migrating from External Apps

The legacy external apps system has been completely removed in this version. If you were using any external apps:

1. Custom functionality: Consider migrating to the recommended approaches:

   • For theme customizations, use theme helpers and templates
   • For custom endpoints or functionality, consider using a separate service that interacts with Ghost via the Content API

2. Settings: The active_apps and installed_apps settings are no longer used and will be skipped during imports

3. Content directory: The content/apps directory is no longer used and can be safely removed

Filters Module Removal

If you were using the filters module for extending Ghost functionality:

• All filter hooks have been removed
• Custom extensions should now use the supported APIs instead

Upgrade Recommendations

This is a recommended upgrade for all Ghost installations, especially for those concerned with security due to the handlebars vulnerability fixes.

Who should upgrade immediately:

• Sites using member subscriptions who need the enhanced member deletion functionality
• Installations concerned about the security fixes in handlebars
• Anyone experiencing the fixed UI issues on iOS or with theme management

Upgrade Steps:

1. Back up your Ghost installation and database
2. Follow the standard Ghost update process for your installation method
3. If you were using any external apps, be aware they will no longer function and should be replaced with alternative approaches

The removal of the legacy apps system is unlikely to affect most users as it was an unreleased and minimally implemented feature.

Bug Fixes

User Management Fixes

• Fixed security issue where locked or suspended users could be made owner via the API (#10647)
• Added validation to ensure only active users can be assigned the owner role

UI and UX Improvements

• Fixed posts list scrolling and missing momentum scroll on iOS devices
• Fixed missing error details when activating a theme with fatal errors
• Fixed missing errors and confusing button text in theme upload modal

Logging Improvements

• Removed extraneous log message for missing en.json locale file (#10662)
• Now only shows missing translation file warning when a non-English locale is configured

Import Process Improvements

• Updated import process to skip active/installed apps settings
• Added warning message only when apps exist in the import data
• Ensured new imports will not contain old default or invalid values

New Features

New Admin API for Member Deletion

Ghost now provides a comprehensive API for deleting members that:

• Removes member information from the database
• Cancels all active subscriptions immediately
• Removes member data from the payment processor

Enhanced Member Subscription Data

• Added subscription amount to member subscription data for better financial tracking

Improved Logging Configuration

• Exposed new logging configuration options including name and gelf options
• Updated Ignition to 3.1.0 to support these new options

Security Updates

Dependency Security Updates

• Updated express-hbs to 1.1.1, which includes a bump to handlebars 4.1.2
• Updated gscan to 2.5.0, which also includes the handlebars security update
• Both updates address a potential Remote Code Execution (RCE) vulnerability in handlebars (See handlebars release notes)

Performance Improvements

Apps System Refactoring

• Refactored App Proxy module to not use Constructor pattern, resulting in less memory usage
• Simplified app service initialization by removing unnecessary sandbox and permissions modules
• Converted Sandbox to be a singleton for better resource management

Impact Summary

Ghost 2.20.0 represents a significant step in streamlining the codebase by removing the legacy external apps system that was never fully released. This improves maintainability while reducing potential security surface area.

The new member deletion API enhances Ghost's capabilities for managing paid memberships, providing a complete solution for removing members and their payment data when needed. This is particularly valuable for sites with compliance requirements around user data management.

Security improvements come from updating handlebars to version 4.1.2, addressing a potential Remote Code Execution vulnerability. While this vulnerability had limited practical impact in most Ghost installations, the update ensures all sites are protected.

UI fixes improve the experience on iOS devices and provide clearer error messaging when working with themes. The prevention of assigning owner roles to locked/suspended users closes an important security loophole.

Overall, this release balances new features, security improvements, and technical debt reduction, making it a worthwhile upgrade for all Ghost installations.

Full Release Notes