Tag Name: v4.11.0
Release Date: 8/3/2021
GhostOpen-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.
This release introduces a new email verification system that helps prevent spam by limiting email sending capabilities until verification. It also adds a feature flag for OAuth login, improves performance with optimized middleware and member data queries, and enhances the email-cta card with button styling and segmentation support. Several code refactorings were completed to improve maintainability, particularly around the Members CSV Importer which has been extracted into a separate module.
No breaking changes were introduced in this release that require migration steps. The new features like OAuth login and members filtering are behind feature flags and won't affect existing functionality.
If you're using the Members CSV Importer programmatically (which is unlikely for most users), note that it has been extracted into a separate module following the dependency injection pattern. Review the implementation if you have custom code interacting with this component.
This is a recommended upgrade for all Ghost users. The release includes important performance improvements, security enhancements with the email verification system, and foundational work for upcoming features.
The upgrade process should be straightforward with no breaking changes. As always, it's recommended to backup your database before upgrading.
Updated the session API status code for logged-out members from 4xx Unauthorized to 204 No Content, which is consistent with the status code returned when fetching member data while logged out.
Fixed issues with the email-cta card:
The membersApi variable could be in an uninitialized state. It now accesses through membersService getter to ensure it's always correctly referenced.
A new email verification system has been implemented to prevent spam. This system limits email sending capabilities until the site owner verifies their email address. When imports exceed a certain threshold, emails are frozen until verification, and an escalation email is sent to verify the instance owner's email address.
Added a feature flag (oauthLogin) for OAuth authentication, laying groundwork for future social login options. This includes storage for OAuth user data to compare on future logins.
Added support for segmented email content in previews and test emails. The email-cta card can now be segmented so only free or paid members see specific content, allowing authors to preview how this will appear in either case.
Added a membersFiltering alpha labs flag that will be used by the Admin interface for developing and testing upcoming members filtering features.
Implemented a security measure that limits email sending capabilities until email verification is complete. This helps prevent the platform from being used for spam purposes by requiring verification before allowing unlimited email sending.
Added email disabling flag to settings records to persist the email freeze state between instance restarts, ensuring that security measures remain in place even after server restarts.
Moved theme middleware after static middleware to reduce redundant API calls. The theme middleware makes several calls to the content API to populate global theme data for templates. By adding this middleware after the static theme files, redundant calls are eliminated.
Made a single request for products in theme middleware. Previously, the logic to populate both @price data and @products data made separate API requests for the same product data. This refactor removes the duplicate request, cutting database queries in half.
Removed unused data queries for member identity. The request for fetching logged-in member data was making several extra DB queries to fetch data points not used on the frontend. This refactor cuts DB queries in half for fetching logged-in member data while maintaining necessary data for content gating.
Ghost v4.11.0 focuses on improving security, performance, and developer experience. The new email verification system adds an important layer of protection against spam by limiting email sending capabilities until verification, which is particularly valuable for public Ghost installations.
Performance improvements to theme middleware and member data queries will result in faster page loads and API responses, especially for sites with many members. These optimizations reduce database load and improve overall system efficiency.
For content creators, the enhanced email-cta card with button styling and segmentation support provides more flexibility in email design and targeting. The ability to preview segmented content will help ensure emails look correct for different member segments.
The code refactoring, particularly around the Members CSV Importer, improves maintainability and follows modern development patterns. This will make future development easier and more robust.
Overall, this release represents a solid step forward in Ghost's evolution, with thoughtful improvements across security, performance, and user experience domains.
🎨 GScan recently had a redesign so go and check it out! - https://gscan.ghost.org/ ✨
View the changelogs for full details:
