Ghost Release: 4.17.1

TL;DR

Ghost v4.17.1 - Critical Bug Fix for Redirects Configuration

This patch release fixes a critical bug that caused Ghost sites to return 500 errors across all routes when an invalid redirects configuration file was uploaded. The update adds validation for redirects configurations and ensures the site remains functional even when redirect rules contain invalid RegEx expressions. This is an important stability fix that prevents site-wide outages caused by malformed redirect configurations.

Highlight of the Release

• Fixed critical bug causing site-wide 500 errors when invalid redirects configurations were uploaded
• Added validation for redirects configurations to catch invalid RegEx expressions before they cause issues
• Improved error handling for redirects to maintain site functionality even when configuration issues occur

Migration Guide

No migration steps are required for this update. The patch can be applied safely without any additional configuration changes.

Upgrade Recommendations

This update is highly recommended for all Ghost installations, especially for sites that use custom redirects. The patch fixes a critical bug that could cause your entire site to return 500 errors if an invalid redirects configuration is uploaded.

Upgrading to v4.17.1 will prevent site-wide outages caused by malformed redirect rules and add validation to catch problematic configurations before they can impact your site.

Bug Fixes

Fixed Site-Wide 500 Error with Invalid Redirects

Resolved a critical issue where Ghost sites would return 500 errors across all routes when an invalid redirects configuration file was uploaded. The problem was traced to a recent change in how redirect routers were mounted, which caused the entire site to fail when encountering invalid redirect rules.

The fix ensures that:

• The Router declaration happens before any other logic that might throw exceptions
• The site remains functional even when redirect configurations contain errors
• Express middleware properly handles invalid redirects configurations

This fix prevents site-wide outages that could occur when administrators uploaded redirects files containing invalid RegEx expressions.

New Features

Enhanced Redirects Configuration Validation

Added new validation logic to catch and prevent invalid RegEx expressions in redirects files when they are uploaded to the system. This proactive validation helps identify problematic redirect rules before they can cause site-wide issues.

Security Updates

No security fixes were included in this patch release.

Performance Improvements

No specific performance improvements were included in this patch release. The focus was on fixing the critical bug related to redirects configuration handling.

Impact Summary

This patch release addresses a critical stability issue that could cause entire Ghost sites to become inaccessible (returning 500 errors) when administrators uploaded redirects configurations containing invalid RegEx expressions.

The fix improves system resilience by ensuring that the router declaration happens early in the process flow, preventing cascading failures when redirect rules contain errors. Additionally, new validation logic has been added to catch invalid RegEx expressions at upload time, preventing problematic configurations from entering the system in the first place.

This update is particularly important for sites that make frequent changes to their redirects configurations or that rely heavily on custom redirects for URL management. The improved error handling ensures that even if configuration errors occur, they won't result in site-wide outages.

Full Release Notes