Ghost Release: 4.15.0

TL;DR

Ghost 4.15.0: Security Fix & Bug Fixes

This release includes an important security fix for the sendmail email transport that addresses a remote command injection vulnerability. It also fixes critical bugs in the sitemap generation for large sites and resolves email rendering issues in Outlook. Additionally, the update includes several dependency updates and internal refactoring to improve performance and code quality.

Highlight of the Release

• Fixed remote command injection vulnerability in sendmail email transport
• Fixed sitemap generation for sites with more than 50,000 posts
• Fixed Outlook email rendering issues with text styling and character encoding
• Updated Bookshelf dependency to 1.2.0 with backward compatibility adjustments
• Added new labs flags for upcoming features: customThemeSettings and membersActivity

Migration Guide

for Bookshelf Updates

Ghost has updated the Bookshelf dependency from 0.15.1 to 1.2.0, which introduces several breaking changes that have been addressed in this release:

1. Model Fetch Behavior: Bookshelf now defaults to {require:true} during a fetch, which would reject with an error instead of returning null for missing records. Ghost has disabled this new behavior by adding the requireFetch option to model definitions to maintain backward compatibility.

2. Registry Plugin: The Bookshelf registry plugin is now in core and no longer needs to be explicitly loaded. Code has been updated to use .registry.models instead of ._models.

3. Event Listeners: The signature of saved, created, and updated listeners has changed to remove the second argument. All affected code has been updated accordingly.

4. FindWhere Function: The findWhere function was removed from Bookshelf. Ghost now uses find in combination with matchFunc to maintain the same functionality.

For developers working with Ghost's database layer, be aware of these changes if you're interacting directly with Bookshelf models.

Upgrade Recommendations

Urgency: High

This release contains an important security fix for the sendmail email transport. All Ghost installations should be updated as soon as possible, especially those using the sendmail email transport.

The update also fixes critical bugs in sitemap generation for large sites and email rendering in Outlook, making it a recommended update for all Ghost installations.

To upgrade:

1. Back up your Ghost installation
2. Follow the standard upgrade process
3. If you're using the sendmail email transport, verify that emails are sending correctly after the update

Bug Fixes

• Security: Fixed remote command injection vulnerability when using sendmail email transport by updating to the latest version of Nodemailer and creating a wrapper package @tryghost/nodemailer
• Sitemap: Fixed error in sitemap generation for sites with more than 50,000 posts by adding a max nodes concept and limiting nodes in each sub-sitemap to 50k by default
• Email Rendering: Fixed Outlook incorrect text styling and ' appearing in email content by properly handling unsupported character codes
• Routing: Fixed 404 error when email-only posts have been enabled by ensuring routing updates automatically when the flag is switched
• API: Fixed error handling in integrations API controller to properly handle 'NotFound' errors instead of throwing 500 errors
• Match Helper: Fixed logic bugs in the match helper by correcting the isEmpty utility function and fixing truthy/falsy case handling

New Features

New Labs Flags

• Custom Theme Settings: Added customThemeSettings labs flag for working on reworked design settings in Admin and allowing themes to define custom settings
• Members Activity: Added membersActivity alpha labs flag for controlling upcoming feature to record member activity for analytics
• Temporary Analytics Database: Added a temporary database table for analytic events to support development of member activity tracking

Developer Tools

• Added command for finding slow regression tests to help prioritize test optimization

Security Updates

• Remote Command Injection: Fixed a vulnerability in the sendmail email transport where flags passed to the sendmail binary could be used for command injection. This was addressed by updating to the latest version of Nodemailer and creating a wrapper package @tryghost/nodemailer. See the security advisory for more details.

Performance Improvements

• Database Migrations: Refactored migration to run faster by reducing the number of database queries needed through joined selects and batch updates
• Code Optimization: Removed method complexity in integrations API controller and webhooks API controller
• Test Improvements: Improved match helper tests with a new pattern that allows for quickly and easily describing template strings and their evaluation

Impact Summary

Ghost 4.15.0 delivers a critical security fix for the sendmail email transport, addressing a remote command injection vulnerability. This update is essential for all Ghost installations, particularly those using this email transport method.

The release also resolves significant bugs affecting large sites and email delivery. Sites with over 50,000 posts will now generate sitemaps correctly, preventing errors in Google Console. Newsletter publishers will benefit from improved email rendering in Outlook, with fixes for text styling and character encoding issues.

For developers, the update to Bookshelf 1.2.0 brings several internal changes that have been handled to maintain backward compatibility. The codebase has also undergone refactoring to improve performance and reduce complexity.

Two new labs flags have been added for upcoming features: custom theme settings and member activity tracking, indicating future enhancements to Ghost's theming capabilities and analytics features.

Overall, this is primarily a security and maintenance release that addresses critical issues while laying groundwork for future features.

Full Release Notes