Tag Name: 2.25.7
Release Date: 7/16/2019
GhostOpen-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.
Ghost 2.25.7 brings important security updates, bug fixes, and infrastructure improvements. This release includes security patches for dependencies, fixes for administrator password management, improved error messaging, and updates to the default 404 page. The minimum Node.js version requirement has been bumped to v8.10.0, and several dependencies have been updated for better security and performance.
The minimum required Node.js version for Ghost has been bumped to v8.10.0. If you're running an older version of Node.js v8.x, you'll need to upgrade to at least v8.10.0 to continue using Ghost 2.25.7.
If you have custom code that relies on the specific format or properties of UUID v1, you'll need to update it to work with UUID v4. UUID v4 is randomly generated and doesn't contain timestamp or hardware information like UUID v1 does.
This release contains important security updates and bug fixes, so upgrading is recommended for all Ghost installations. The changes are mostly under the hood and shouldn't affect most users' day-to-day operations.
If you're running Node.js v8.x older than v8.10.0, you'll need to upgrade your Node.js version before updating Ghost.
For most users, the standard update process applies:
ghost update
If you're using a custom installation method, make sure to update your dependencies and restart your Ghost instance after updating.
Fixed an issue where administrators couldn't change other users' passwords because they didn't know the old passwords. Now administrators can change passwords for other users without needing to provide the old password (#10891).
Fixed error messaging when the {{get}} helper doesn't have API access, providing clearer guidance to users about what went wrong (#10892).
Removed the fast_finish: true configuration from Travis CI to prevent duplicate notifications. This addresses an upstream issue where using allowed_failures with fast_finish was causing multiple notifications per build.
The default 404 page has been redesigned to be more theme-agnostic and provide a better user experience. The broken ghost illustration has been removed, and the styling has been refined to work better across different themes.
Ghost now uses UUID v4 instead of v1 for generating unique identifiers. This change simplifies the UUID generation process and removes the potential privacy concerns associated with v1 UUIDs (which contain MAC address information). This affects request IDs in logging, temporary content folders, and export folders.
Updated lodash dependency to v4.17.13 and then to v4.17.14 to address security vulnerabilities.
Switched from UUID v1 to UUID v4 for generating unique identifiers. UUID v1 is based on timestamp and MAC address, which could potentially leak hardware information. UUID v4 is randomly generated, providing better privacy and security.
Replaced each loops with foreach loops for better code readability and potentially improved performance in certain scenarios.
Multiple dependencies have been updated to their latest versions, which may include performance improvements:
Ghost 2.25.7 is primarily a maintenance and security release that addresses several important issues without introducing major new features. The most notable changes are security updates to dependencies (particularly lodash), improved administrator capabilities for password management, and a more theme-agnostic default 404 page.
The bump in minimum Node.js version to v8.10.0 might require action from some users, but this aligns with the Node.js LTS schedule and ensures better security and performance.
The switch from UUID v1 to v4 improves privacy and security by removing the hardware-specific information from generated IDs, though this is mostly an internal change that won't affect most users.
Overall, this release strengthens Ghost's security posture and fixes several usability issues without requiring significant adaptation from users or developers.
You can see the full change log for the details of every change included in this release.
