Ghost Release: 2.38.2

TL;DR

Ghost 2.38.2 is a security-focused release that addresses a vulnerability in the oEmbed endpoint by preventing access to sites on private IP blocks. This update protects Ghost installations from potential server-side request forgery (SSRF) attacks by implementing proper DNS resolution checks before making external requests.

Highlight of the Release

• Security patch for oEmbed endpoint to prevent server-side request forgery (SSRF)
• New externalRequest library that performs DNS resolution checks
• Protection against requests to private IP address blocks

Migration Guide

No migration steps are required for this update. Simply upgrade to Ghost 2.38.2 to receive the security improvements.

Upgrade Recommendations

Immediate Upgrade Recommended

This release contains an important security fix that addresses a potential server-side request forgery (SSRF) vulnerability. All Ghost 2.x users should upgrade to version 2.38.2 as soon as possible to protect their installations.

The update process follows the standard Ghost upgrade procedure and requires no additional configuration changes.

Bug Fixes

Security Fixes

• Fixed a vulnerability in the oEmbed endpoint that could potentially allow access to sites on private IP blocks
• Updated v0.1, v2, and canary oEmbed controllers to use the new externalRequest library for improved security

New Features

New External Request Library

A new externalRequest library has been implemented that:

• Uses the same underlying got module as the existing request library
• Performs its own DNS resolution for each URL encountered
• Aborts with an error if a URL resolves to a private IP address block
• Includes a bypass for Ghost's configured URL to ensure requests to its own hostname and port are not blocked

This feature enhances security by preventing server-side request forgery (SSRF) attacks through the oEmbed endpoint.

Security Updates

Security Vulnerability Patched

This release addresses a security vulnerability in the oEmbed endpoint that could potentially allow server-side request forgery (SSRF). The vulnerability could have allowed attackers to make requests to internal services or private networks through the Ghost application.

The fix implements proper DNS resolution checks before making external requests, preventing access to sites on private IP blocks. This significantly improves the security posture of Ghost installations by ensuring that the application cannot be used as a proxy to access internal resources.

Performance Improvements

No specific performance improvements were included in this release. The changes were focused on security enhancements.

Impact Summary

Ghost 2.38.2 is a security-focused maintenance release that addresses a vulnerability in the oEmbed endpoint. By implementing a new externalRequest library with proper DNS resolution checks, Ghost now prevents potential server-side request forgery (SSRF) attacks that could target private IP blocks.

This update is particularly important for Ghost installations that are publicly accessible, as it prevents the application from being used as a proxy to access internal network resources. The changes are transparent to end users and content creators, requiring no workflow adjustments.

The release also includes some GitHub workflow improvements for the development process, though these have no impact on production installations.

Full Release Notes