Ghost Release: 3.15.2

TL;DR

Ghost 3.15.2 brings critical fixes for members token handling and API error management

This patch release addresses issues with how invalid member tokens are handled, restoring the expected behavior from Ghost 3.14. It also improves API error handling by increasing route specificity to ensure errors are properly displayed. These fixes are essential for sites using the members functionality to ensure a smooth user experience when dealing with authentication tokens.

Highlight of the Release

• Fixed handling of invalid member tokens to restore expected behavior from Ghost 3.14
• Improved API error handling with increased route specificity
• Enhanced redirect behavior for member authentication scenarios

Migration Guide

No migration steps are required for this patch release. The update restores expected behavior from previous versions and fixes issues without introducing breaking changes.

Simply update to Ghost 3.15.2 to benefit from these fixes.

Upgrade Recommendations

This is a recommended upgrade for all Ghost installations, especially those using the members functionality. The fixes for token handling and API error management address important usability issues that could affect member experience.

The patch is small in scope with minimal changes (42 changes across 4 files), making it a low-risk update that resolves specific issues without introducing new features or breaking changes.

Bug Fixes

Member Token Handling

• Fixed an issue where invalid member tokens weren't being handled correctly
• Restored the expected behavior from Ghost 3.14 for various member URL scenarios:
  • /members/ with no route now correctly renders a 404 error
  • /members/ with a route properly renders the members template
  • /members/?token=invalidtoken&foo=bar now correctly redirects to /?foo=bar
  • /members/?token=validtoken&foo=bar now correctly redirects to /?foo=bar

API Error Handling

• Increased route specificity for API error handling to ensure errors not part of the members frontend API are handled by the theme rather than with JSON responses
• This provides a more consistent user experience when encountering errors

New Features

No new features were introduced in this patch release. This update focuses on bug fixes and improvements to existing functionality.

Security Updates

No explicit security fixes were mentioned in this release. However, the improvements to token handling and error management contribute to a more secure and predictable authentication flow for members.

Performance Improvements

No specific performance improvements were included in this patch release. The focus was on fixing bugs related to member token handling and API error management.

Impact Summary

Ghost 3.15.2 is a targeted patch release that addresses specific issues with member token handling and API error management. The impact is primarily positive for sites using the members functionality, as it restores expected behavior and improves error handling.

The changes ensure that when members interact with the site using valid or invalid tokens, they'll experience the correct redirects and error pages. Additionally, API errors will now be properly handled by the theme rather than returning JSON responses in certain scenarios, providing a better user experience.

This release demonstrates Ghost's commitment to maintaining a stable and reliable platform, quickly addressing issues that affect core functionality like member authentication.

Full Release Notes