Ghost Release: 3.41.0

TL;DR

Ghost 3.41.0 introduces a new FirstPromoter integration for member referral programs, enhances newsletter design with accent color support, improves token security with a grace period for multiple uses, and disables automatic member unsubscription on email delivery failures. The release also includes significant internal code refactoring to prepare for future API improvements. Note: This version contains an issue with Stripe Checkout signups that was fixed in 3.41.2.

Highlight of the Release

• New FirstPromoter integration for creating member referral programs
• Newsletter design now uses site accent color for blockquote borders
• Added 10-second grace period for magic link tokens to improve reliability
• Disabled automatic unsubscription of members on permanent email failure events
• Significant internal code refactoring to prepare for v4 API

Migration Guide

Upgrading from 3.40.5 to 3.41.0

⚠️ Important Note: Version 3.41.0 contains an issue with signing up via Stripe Checkout. It is recommended to update directly to version 3.41.2 using Ghost-CLI instead.

If you're already running 3.41.0:

1. Use Ghost-CLI to update to 3.41.2: ghost update 3.41.2

For developers working with the codebase:

• Several controllers have been refactored into service modules with dependency injection patterns
• If you've extended or modified any of the following controllers, you'll need to update your code:
  • Members controller
  • Notifications controller
  • Invites controller
  • OEmbed controller
  • Users controller

FirstPromoter Integration Setup

To enable the FirstPromoter integration:

1. Sign up for a FirstPromoter account
2. Get your FirstPromoter tracking ID
3. Enable the integration in Ghost settings
4. Add your tracking ID to the configuration

Upgrade Recommendations

⚠️ Critical Notice: It is strongly recommended to skip version 3.41.0 and update directly to version 3.41.2 due to an issue with Stripe Checkout signups in this release.

If you're running version 3.40.5 or earlier:

• Update directly to 3.41.2 using Ghost-CLI: ghost update 3.41.2

If you've already updated to 3.41.0:

• Update to 3.41.2 as soon as possible: ghost update 3.41.2

The upgrade process should be straightforward with no database migrations required. As always, it's recommended to backup your Ghost installation before upgrading.

Bug Fixes

Fixed Member Unsubscription Issues

• Disabled automatic unsubscription of members on permanent email failure events
• Previously, some members could be unsubscribed unexpectedly due to temporary delivery issues with Mailgun
• List maintenance will be reintroduced in the future via alternative means

Fixed Admin UI Issues

• Fixed flash of unstyled content appearing when toggling night mode in the admin interface

Fixed Token Usage

• Added a 10-second grace period for magic link tokens, allowing them to be used multiple times within this window
• Prevents dynamic link checking software from invalidating magic links
• Improves overall reliability of the magic link authentication process

New Features

FirstPromoter Integration

Ghost now includes native support for FirstPromoter, allowing site owners to easily set up and manage member referral programs:

• New FirstPromoter settings group in Ghost admin
• Added firstpromoter setting to enable/disable the integration
• Added firstpromoter_id setting for tracking ID configuration
• Portal updated to support FirstPromoter integration when enabled

Enhanced Newsletter Design

• Newsletter templates now automatically use the site's accent color for blockquote borders
• Improved font styling for blockquotes in newsletters

Security Updates

Token Security Improvement

• Added a 10-second grace period for magic link tokens, allowing them to be used multiple times within this window
• This prevents security issues where link checking software might inadvertently invalidate authentication tokens
• Improves the security and reliability of the magic link authentication process

Dependencies Updated

Multiple dependencies were updated to their latest versions, which may include security patches:

• Updated various @tryghost packages
• Updated jwks-rsa to v1.12.2
• Updated @sentry/node to v5.30.0
• Updated sanitize-html to v2.3.1

Performance Improvements

Code Refactoring and Structure Improvements

• Moved members stats code out of members controller into a dedicated service
• Refactored members stats module into a class with dependency injection
• Extracted members controller's import method into MembersImporter class
• Moved notifications controller code into a service module
• Refactored notifications module into a class with dependency injection
• Moved invites controller code into a service module
• Refactored invites module into a class
• Moved service logic out of the oembed controller
• Moved service logic out of the users controller
• Refactored OEmbed and users services to use the dependency injection pattern

These refactoring efforts make the codebase more maintainable and prepare it for future enhancements, particularly the upcoming v4 API.

Impact Summary

Ghost 3.41.0 brings significant improvements for both site owners and members. The new FirstPromoter integration enables native member referral programs, potentially increasing member acquisition and engagement. Newsletter design enhancements with accent color support create a more cohesive brand experience.

For site owners, the fix to prevent accidental member unsubscriptions due to email delivery issues is particularly valuable, as it helps maintain subscriber lists more accurately. The 10-second grace period for magic link tokens improves the reliability of member authentication.

Developers will appreciate the extensive internal code refactoring, which improves maintainability and sets the foundation for the upcoming v4 API. The separation of v3 endpoints from canary endpoints provides better API versioning.

However, the issue with Stripe Checkout signups in this version is significant, making it advisable to update directly to version 3.41.2 instead. This issue could potentially impact new member signups if left unaddressed.

Full Release Notes