Ghost Release: 2.25.3

TL;DR

Ghost 2.25.3: Installation Fix & Domain Handling Improvements

This minor release addresses an installation issue many users were experiencing with the rsa-keypair dependency by reverting to the previous implementation. It also improves how Ghost handles sites with different domains for frontend and admin areas, particularly for the members feature. Additionally, the release includes architectural improvements by extracting the routes.yaml handling from the settings service to the frontend where it conceptually belongs.

Highlight of the Release

• Fixed installation issues with the rsa-keypair dependency by reverting to previous implementation
• Improved handling of sites with different domains for frontend and admin areas
• Architectural improvement: moved routes.yaml handling from settings service to frontend

Migration Guide

No migration steps are required for this release. The changes are backward compatible and will be applied automatically when upgrading to Ghost 2.25.3.

Upgrade Recommendations

This release is highly recommended for all Ghost users, especially those who:

• Experienced installation issues with Ghost 2.25.2
• Run Ghost with different domains for site frontend and admin/API
• Use the members feature with custom domain configurations

The upgrade process is standard and requires no special steps:

ghost update

For those using Ghost(Pro), the update will be automatically applied.

Bug Fixes

Critical Fixes

• Installation Issues: Reverted the change that replaced the keypair generation with the rsa-keypair module, which was causing installation failures for many users. This ensures smoother installation experience while alternative options for speeding up boot time are explored.

• Multi-domain Authentication: Fixed an issue with the issuer value used throughout the members codebase. The previous implementation didn't account for scenarios where the site domain differs from the admin/API domain, potentially causing authentication problems.

• Frontend Tests: Fixed a regression in frontend tests by updating a require statement to point to the correct module after the settings service changes.

New Features

Architectural Improvements

• Routes.yaml Handling: Extracted the routes.yaml manipulation from the settings service to the frontend where it conceptually belongs. This improves code organization as routes.yaml is only used by the frontend router.

• Settings Service Refactoring: The settings service now focuses on interacting with the database settings table and providing information to the frontend through API controllers.

Security Updates

No specific security fixes were included in this release. However, the fix for the issuer value when site and API are on different domains ensures proper authentication functioning, which indirectly contributes to the overall security of the members system.

Performance Improvements

No specific performance improvements were included in this release. The reversion of the rsa-keypair module actually removes a potential performance improvement (faster boot time) that was causing installation issues. The team is exploring alternative options to achieve the boot time improvements without the installation problems.

Impact Summary

Ghost 2.25.3 is a maintenance release that addresses installation problems and improves multi-domain handling. The most significant impact is the fix for installation failures many users experienced with the rsa-keypair dependency in the previous version. This ensures a smoother setup experience for new installations and updates.

The improvement to issuer handling for sites with different domains for frontend and admin areas is particularly important for Ghost installations with custom domain configurations using the members feature. This ensures proper authentication across different domains.

From an architectural perspective, the extraction of routes.yaml handling from the settings service to the frontend represents a step toward better code organization and separation of concerns, though this change is primarily of interest to Ghost developers rather than end users.

Full Release Notes