Ghost Release: 4.6.0

TL;DR

Ghost 4.6.0: Enhanced Membership Management & Critical Bug Fixes

Ghost 4.6.0 delivers significant improvements to membership management with simplified settings and fixes several critical issues affecting member experiences. This release addresses problems with email feature images in Outlook, webhook initialization, and member API responses. Site owners will benefit from more streamlined membership configuration, while developers will appreciate the architectural improvements and code refactoring that enhance maintainability.

Highlight of the Release

• Simplified membership settings management interface
• Fixed feature images in emails appearing too wide in Outlook
• Removed confusing 401 errors for logged-out members on Portal
• Fixed critical bugs with member subscriptions and Stripe customer linking
• Extensive code refactoring to improve maintainability

Migration Guide

Migration Notes

Comped Status Removal

The concept of "comped" (complimentary) member status has been replaced with "paid" status:

• For the v3 Members Admin API, the comped flag will always return false to maintain backward compatibility
• The comped flag has been completely removed from the canary Members Admin API
• Existing "comped" members have been migrated to "paid" status

Stripe Integration

If you're using Stripe for memberships:

• Ensure your production site is running with SSL as this is now a requirement for Stripe Connect in production mode
• Be aware that attempting to create stripe_prices without an active Stripe connection will now explicitly error rather than fail silently
• The system now properly handles week & day intervals in MRR event population

No manual migration steps are required as these changes are handled automatically during the upgrade process.

Upgrade Recommendations

This release is recommended for all Ghost users, especially those using the membership and subscription features.

The bug fixes for feature images in emails, member subscription handling, and webhook initialization address important functionality issues that could impact user experience and site operations.

Site owners using Stripe for memberships will particularly benefit from the improved error handling and more streamlined membership settings management.

The upgrade process should be straightforward with no manual steps required. As always, it's recommended to:

1. Back up your database before upgrading
2. Test the upgrade on a staging environment if possible
3. Review the full changelog for any specific considerations related to your setup

Bug Fixes

Member Experience Fixes

• Fixed feature images in emails appearing very wide in Outlook: Outlook would display images at their native resolution without a width attribute, causing horizontal scrolling and text alignment issues. Now feature images include proper width attributes.

• Removed 401 error for logged-out members on Portal: Changed the /members/api/member/ endpoint to return 204 No Content instead of 401 Unauthorized for logged-out members, eliminating confusing error messages in browser consoles.

• Fixed error on saving member with subscriptions: Resolved an issue where saving a member with subscriptions would throw console errors, requiring page refreshes.

• Fixed creating members linked to Stripe customers: Updated the signature of the linkStripeCustomer method to fix member creation when linked to Stripe customers.

System Fixes

• Fixed webhook initialization when over limit: Resolved a race condition where webhook listeners would still initialize when the "customIntegrations" limit was in place, by ensuring limit service initializes before webhooks.

• Fixed frontmatter-related validation error: Added the frontmatter field to the "trim" list in all APIs to prevent unintentional leaking into the API layer.

• Fixed retry email not timing out on poll: Improved email retry functionality to properly handle timeouts.

• Fixed the version sent to Sentry: Ensured correct version reporting to Sentry when Ghost is started directly using node index.js.

New Features

Simplified Membership Management

The membership settings interface has been streamlined to make it easier to configure and manage membership options. This includes:

• New settings for monthly/yearly price IDs to better handle multiple price options
• Updated Portal settings to filter and display only selected prices
• Improved handling of price data when Stripe is not configured
• Better error messaging when attempting to use Stripe features without a connection

Architectural Improvements

• Extracted scheduling token generation and integration fetching into separate modules
• Moved boot precondition checks for members into a dedicated initialization method
• Added exporter fields integrity check to ensure proper handling of schema/settings changes

Security Updates

Security Improvements

• Disabled CSRF on the OAuth callback route to ensure proper functionality while maintaining security elsewhere
• Fixed members auth middleware to properly handle JWT library errors by wrapping them in Ghost's error system
• Added precondition for Stripe Connect Admin API to require SSL in production mode, as Stripe Webhooks require SSL

Performance Improvements

Performance Optimizations

• Added debug to gscan checks for timing analysis during the boot process
• Refactored scheduling tests setup using async/await, reducing ghost instance initialization to once per test suite instead of twice
• Simplified scheduling-auth-token module's interface by only passing necessary data, decoupling it from model layer dependencies
• Extracted table allowlists into a separate module to improve code organization and maintainability
• Removed ancient skipped storage and paged routing tests that were slowing down the test suite

Impact Summary

Ghost 4.6.0 delivers significant improvements to the membership management experience while fixing several critical bugs that affected both site owners and members.

The simplified membership settings interface makes it easier to configure and manage membership options, while the fixes for feature images in emails, webhook initialization, and member API responses address important functionality issues that were causing confusion and errors.

For developers, the extensive code refactoring and architectural improvements enhance maintainability and reduce dependencies, making the codebase more robust and easier to work with.

The removal of the "comped" status concept in favor of "paid" status represents a simplification of the membership model, though backward compatibility is maintained for the v3 API.

Overall, this release focuses on enhancing the reliability and usability of Ghost's membership features while laying groundwork for future improvements through code quality enhancements.

Full Release Notes