Ghost Release: 3.10.0

TL;DR

Ghost 3.10.0 introduces custom currency support for Member's plans, enhances security with improved oembed validation and session management, and fixes several editor and UI issues. This release focuses on security improvements, membership features, and editor usability, making Ghost more robust for content creators and site administrators.

Highlight of the Release

• Added custom currency support for Member's plans
• Improved security with better validation of fetched URLs in oembed endpoint
• Automatic logout of all sessions (except current) when a user changes password
• Fixed multiple editor usability issues
• Updated Casper theme with subscribe overlay fixes and image alignment improvements

Migration Guide

No specific migration steps are required for this update. The changes to custom currency support for Member's plans are backward compatible, and the security improvements work automatically.

If you're using the oembed functionality in custom code, be aware that the validation is now stricter and will reject malformed URLs or responses that don't conform to the oembed spec.

Theme developers who want to take advantage of the new currency display features can update their templates to use the new syntax:

{{@price.currency}} <!-- Displays currency code -->
{{@price.currency_symbol}} <!-- Displays currency symbol -->

Upgrade Recommendations

This update is recommended for all users due to the security improvements and bug fixes included.

The security enhancements for the oembed endpoint and session management make this an important update for all Ghost installations, especially those with multiple administrators or that use the oembed functionality extensively.

Content creators will benefit from the editor fixes, and sites using memberships will gain access to the new currency display features.

As always, make a backup of your Ghost installation before upgrading.

Bug Fixes

Editor Fixes

• Fixed an issue where using Ctrl+h and Ctrl+d on macOS would break the editor when used on card boundaries
• Fixed scroll jump in the editor when pasting a URL onto a selection to create a link
• Fixed unreachable toolbar when editing wrapped links

Schema and Metadata Fixes

• Fixed publisher logo meta schema that was incorrectly providing the logo URL directly
• Now correctly implements the schema.org and Google's documentation requirements by adding proper @type and moving the logo URL to the url attribute
• This change clears errors in Google's Structured Data tester

Other Fixes

• Fixed date formatting in members CSV export to be coherent with the API format
• Fixed handling of malformed URLs in oembed bookmark API that previously caused 500 errors
• Fixed image alignment for small images in the Casper theme
• Fixed subscribe overlay issues in the Casper theme

New Features

Custom Currency Support for Member's Plans

Ghost now supports custom currencies for membership plans, allowing site owners to display the appropriate currency and symbol in their themes. This feature was already supported under the hood but now has a clear interface for theme developers to access and display currency information.

You can now use the following syntax in your theme:

• {{@price.currency}} - Displays the currency code (e.g., USD, EUR)
• {{@price.currency_symbol}} - Displays the currency symbol (e.g., $, €)

Enhanced Sentry Integration

Added a captureException helper to the Sentry integration, allowing for custom exception capturing. This improvement helps with better error tracking and debugging, particularly for bulk email operations where errors are now captured in Sentry.

Security Updates

Enhanced Security for Oembed Endpoint

• Improved validation of fetched URLs and responses in the oembed endpoint
• Prevented oembed fetching from accessing IP addresses or localhost domains
• Prevented the oembed endpoint from passing through fetched responses as-is
• Added rejection of any fetched data that does not validate against the oembed spec
• Implemented stripping of unknown properties from oembed responses before returning

Improved Session Management

• When a user changes their password, all other active sessions are now automatically logged out
• The current session is preserved to avoid disrupting the user experience
• This prevents potential unauthorized access if credentials were compromised

Fixed Permission Handling

• Fixed permission handling to only fetch permissions for active users
• Suspended or inactive users are now properly stripped of all permissions until their status is changed
• This ensures that suspended users no longer have access to admin functions until they log out

Performance Improvements

Testing and CI Improvements

Ghost has switched its testing infrastructure from Travis CI to GitHub Actions, which should provide faster and more reliable test runs. This change is reflected in the updated README with the GitHub Actions badge.

Code Refactoring

• Refactored members CSV export for better readability
• Refactored the changePassword function to use async/await pattern

Impact Summary

Ghost 3.10.0 brings important security enhancements that strengthen the platform against potential vulnerabilities, particularly in the oembed functionality and user session management. The improved handling of suspended user permissions ensures proper access control.

For membership-focused sites, the addition of custom currency support provides more flexibility in displaying pricing information to potential subscribers. This feature, combined with the fixes to the subscribe overlay in the Casper theme, creates a better experience for both site owners and members.

Content creators will notice improved stability in the editor, with fixes for several annoying bugs that could interrupt the writing flow, particularly on macOS.

The switch to GitHub Actions for testing infrastructure represents Ghost's ongoing commitment to maintaining a robust development process, which ultimately benefits all users through more reliable releases.

Overall, this release balances security improvements, feature enhancements, and quality-of-life fixes that make Ghost more secure, flexible, and user-friendly.

Full Release Notes