Ghost Release: 3.41.3

TL;DR

Ghost 3.41.3: Export Optimization & Stripe Key Security

This minor release focuses on improving the export functionality by removing sensitive Stripe keys and large analytics data tables from exports. This prevents memory issues during exports and avoids potential security risks when reimporting data. The update also includes dependency updates and fixes for checkout session URLs.

This release is important for Ghost site administrators who regularly use the export functionality, especially for sites with large amounts of data or those using Stripe for payments.

Highlight of the Release

• Improved export functionality by removing large analytics data tables
• Enhanced security by excluding Stripe API keys from exports
• Fixed default URLs for checkout sessions
• Updated several dependencies including members-api

Migration Guide

No specific migration steps are required for this update. The export functionality changes are automatic and don't require any user intervention.

If you've been using exports as a backup solution, note that this release further emphasizes that the export/import functionality is intended for content migration rather than full system backup/restore. Consider implementing proper backup procedures for your Ghost installation if you haven't already.

Upgrade Recommendations

This is a recommended upgrade for all Ghost users, especially those who:

• Regularly use the export functionality
• Have sites with large amounts of email analytics data
• Use Stripe for payments

The update is minor and should be safe to apply with minimal risk. Standard upgrade procedures apply:

1. Take a backup of your Ghost installation
2. Follow the standard Ghost update process
3. Test your site functionality after the update

Bug Fixes

Fixed Issues

• Fixed default URLs for checkout sessions
• Addressed memory issues during exports for sites with large databases
• Resolved potential issues with Stripe key re-import that could cause unexpected side effects

New Features

Export Optimization

The export functionality has been optimized to:

• Remove email_batches and email_recipients tables from export data to reduce export size
• Prevent memory issues during exports for sites with large amounts of analytics data
• Make exports more focused on content and authors rather than full system backup

Security Updates

Security Improvements

• Removed Stripe secret/publishable/webhook keys from exports to prevent potential security issues
• This change helps avoid accidental exposure of payment credentials when sharing or transferring export files

Performance Improvements

Performance Enhancements

• Significantly reduced export file size by excluding large analytics data tables (email_batches and email_recipients)
• Improved memory usage during export operations, preventing out-of-memory errors for large Ghost installations

Impact Summary

This release primarily impacts the export/import functionality of Ghost, making it more efficient and secure. By removing large analytics tables and sensitive payment information from exports, the update addresses both performance and security concerns.

For most users, this change will be transparent but beneficial, resulting in faster exports and reduced risk when sharing export files. Site administrators who have been using exports as a backup solution should note that this further emphasizes Ghost's position that export/import is intended for content migration rather than full system backup.

The fix for default checkout session URLs also improves the reliability of the payment flow for sites using Stripe integration.

Full Release Notes