HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Ghost

>

Releases

>

2.4.0

Ghost Release: 2.4.0

Tag Name: 2.4.0

Release Date: 10/30/2018

View Release
Ghost LogoGhost

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open SourceBloggingStatic Site

TL;DR

Ghost 2.4.0 introduces Node v10 support and fixes several critical bugs in the subscriber management system and content import process. This release enhances platform stability and compatibility while addressing issues that affected content creators and administrators working with subscribers and imported content.

Highlight of the Release

    • Added support for Node.js v10
    • Fixed multiple subscriber management issues including CSV export and pagination
    • Corrected Content-Length header calculation for improved HTTP response handling
    • Fixed image card width preservation when importing from Ghost 2.0 blogs
    • Improved session handling by removing user_id constraint

Migration Guide

No specific migration steps are required for this release. The update from Ghost 2.3.0 to 2.4.0 should be straightforward:

  1. Back up your Ghost installation and database before upgrading
  2. Follow the standard Ghost update procedure
  3. If you're running Ghost on Node.js v10 for the first time, ensure all your custom themes and plugins are compatible with Node v10

Note that this release removes the logic for replacing fixture posts that was previously planned, as the Ghost team reconsidered this approach.

Upgrade Recommendations

This release is recommended for all Ghost users, especially those who:

  • Want to run Ghost on Node.js v10
  • Use the subscriber management features
  • Import content between Ghost 2.0 blogs
  • Experience issues with session handling

The bug fixes for subscriber management and content imports address important functionality issues, while Node v10 support provides a path to using a more modern Node.js version with performance and security benefits.

We recommend following the standard Ghost upgrade process and testing in a staging environment before updating production installations.

Bug Fixes

Subscriber Management Fixes

  • Fixed missing filename when exporting subscribers as CSV, ensuring downloads have proper filenames
  • Fixed pagination for subscribers by adding the missing page option, allowing proper navigation through subscriber lists
  • Added sanitization to subscribed_url & subscribed_referrer fields when rendering error states, improving security

Content Import Fixes

  • Fixed an issue where the cardWidth setting was lost when importing content from Ghost 2.0 blogs into other Ghost 2.0 instances
  • Previously, the importer only preserved width settings when importing from 1.0 blogs, but now properly handles 2.0 imports as well

API and HTTP Fixes

  • Corrected 'Content-Length' header calculation by using Buffer.byteLength instead of String.prototype.length, ensuring accurate content length reporting
  • Fixed mail API usage of the notifications API by properly requiring and exposing the notification API as a function
  • Removed user_id constraint when upserting sessions to prevent issues when creating new sessions with existing ones
  • Added proper error handling for express-session middleware

New Features

Node.js v10 Support

Ghost now officially supports Node.js version 10, expanding the platform compatibility and allowing users to take advantage of the performance improvements and new features in this LTS version of Node. This update included:

  • Bumping several dependencies to newer versions compatible with Node v10
  • Updating mysql to version 2.16.0 to address deprecated timer notations
  • Replacing deprecated new Buffer() calls with Buffer.from() for improved security and stability
  • Updating various sub-dependencies to ensure compatibility

Improved Environment Variable Handling

  • Added parsing for nconf environment values, addressing issues with environment variable configuration
  • This improvement makes it easier to configure Ghost through environment variables in containerized environments

Security Updates

Security Improvements

  • Added sanitization to subscribed_url & subscribed_referrer fields when rendering error states in the subscriber system
  • Replaced deprecated new Buffer() constructor with Buffer.from() to address security and usability issues as recommended by Node.js
  • Fixed Content-Length header calculation to use Buffer.byteLength instead of string length, preventing potential HTTP header manipulation issues

Credit for identifying the subscriber sanitization issue goes to Antony Garand.

Performance Improvements

Code Refactoring for Better Performance and Reliability

  • Refactored spam prevention tests to use promises, making it easier to identify test timeouts and removing count state for clearer test flows
  • Refactored request unit tests to return promises and remove state, addressing random failures on Travis CI for Node v6 with SQLite
  • These refactorings help improve the development experience and potentially the runtime performance by using more modern JavaScript patterns

Session Handling Improvements

  • Improved session management by removing the user_id constraint when upserting sessions
  • This change prevents conflicts when creating new sessions while existing ones are present, leading to more reliable authentication

Impact Summary

Ghost 2.4.0 delivers important compatibility updates and bug fixes that improve the platform's stability and user experience. The addition of Node.js v10 support is a significant step forward for the platform's technology stack, allowing users to benefit from the performance improvements and longer support timeline of this LTS Node version.

The fixes for subscriber management address critical functionality issues that affected administrators working with subscriber lists, particularly around CSV exports and pagination. Content creators will appreciate the fix for preserving image card widths during imports between Ghost 2.0 blogs, ensuring their carefully designed content layouts remain intact.

For developers, the code refactoring and improved error handling make the codebase more maintainable and robust. The correction of the Content-Length header calculation and better environment variable handling address subtle but important issues that could affect system reliability.

Overall, this release represents a solid improvement in Ghost's functionality and compatibility without introducing breaking changes, making it a recommended upgrade for all users.

Full Release Notes

  • 🐛 Fixed missing filename when exporting subscribers csv
  • 🐛 Fixed pagination for subscribers
  • 🐛 Fixed cardWidth being lost on 2.0 imports (#10068)
  • 🐛 Corrected 'Content-Length' header by using Buffer.byteLength
  • ✨ Added Node v10 Support (#10058)

You can see the full change log for the details of every change included in this release.

Statistics:

File Changed21
Line Additions869
Line Deletions1,176
Line Changes2,045
Total Commits16

User Affected:

  • Can now export subscriber CSV files with proper filenames
  • Benefit from fixed pagination when browsing subscribers
  • Can run Ghost on Node v10, expanding hosting options
  • Experience improved session handling with removed user_id constraint

Contributors:

jessehouwingallouisErisDSkirrg001m1guelpfnaz