Ghost Release: 3.41.2

TL;DR

Ghost 3.41.2 is a minor patch release that fixes a critical issue with Stripe Checkout functionality when using the data-members-plan attribute. This update ensures that subscription payments work correctly for sites using this feature, along with dependency updates for improved security and stability.

Highlight of the Release

• Fixed critical issue with Stripe Checkout when using the data-members-plan attribute
• Security improvements through dependency updates including sanitize-html v2.3.2
• Stability improvements with ghost-ignition and members-api updates

Migration Guide

No migration steps are required for this patch release. The update can be applied directly without any additional configuration changes or data migrations.

Upgrade Recommendations

This patch release is highly recommended for all Ghost users who utilize Stripe Checkout with the data-members-plan attribute for monetization. The fix addresses a critical issue that could prevent users from subscribing to your site.

Even if you're not actively using this feature, upgrading is still recommended for the security improvements included in the dependency updates.

Standard upgrade procedures apply:

• Back up your Ghost installation before upgrading
• Follow the standard Ghost update process for your installation method (CLI, Docker, etc.)
• No configuration changes are needed after upgrading

Bug Fixes

• Fixed a critical issue that prevented Stripe Checkout from opening properly when using the data-members-plan attribute
• This fix ensures that subscription payments work correctly when site owners use the data attribute method to link to specific subscription plans
• Updated @tryghost/members-api to v0.37.6 to address related functionality

New Features

No new features were introduced in this patch release. This update focuses on bug fixes and dependency updates to improve stability and security.

Security Updates

• Updated sanitize-html dependency to v2.3.2, which includes security patches for HTML sanitization
• Updated ghost-ignition to v4.4.3 for improved security handling
• These updates help protect against potential security vulnerabilities in the dependency chain

Performance Improvements

No specific performance improvements were highlighted in this release. The focus was on fixing functionality and updating dependencies for security purposes.

Impact Summary

Ghost 3.41.2 addresses a specific but important issue with Stripe Checkout functionality when using the data-members-plan attribute. This bug fix ensures that site owners can reliably monetize their content through subscription plans. The update also includes security improvements through dependency updates, particularly sanitize-html and ghost-ignition.

While this is a minor patch release with limited scope, it's important for maintaining the payment functionality that many Ghost sites rely on for their business model. The security updates also help protect sites from potential vulnerabilities, making this an important update for all Ghost installations regardless of whether they use the specific Stripe Checkout feature that was fixed.

Full Release Notes