Ghost Release: 4.6.4

TL;DR

Ghost v4.6.4 fixes a critical bug that was causing all sites without HTTPS to fail during startup, regardless of whether they were connected to Stripe. This patch ensures that only sites with Stripe connections are required to use HTTPS, allowing other sites to boot normally without this restriction.

Highlight of the Release

• Fixed critical boot sequence error for non-HTTPS sites
• Corrected conditional logic for Stripe connection requirements
• Improved startup reliability for sites without payment processing

Migration Guide

No migration steps are required for this release. The fix is automatically applied when upgrading to v4.6.4.

Upgrade Recommendations

This release is highly recommended for all Ghost installations, especially for:

• Sites running without HTTPS that experienced boot failures after upgrading to recent versions
• Development environments where HTTPS is not configured
• Any installation encountering unexpected startup errors related to HTTPS requirements

The upgrade process is standard with no special steps required.

Bug Fixes

Fixed missing Stripe connected check on boot

Previously, Ghost would prevent any site without HTTPS from starting up, regardless of whether they were connected to Stripe or not. This was causing unnecessary boot failures for many installations.

The fix corrects the conditional logic in the members service initialization to properly check if a site is connected to Stripe before enforcing the HTTPS requirement. Now, only sites that are actually using Stripe for payments will be required to use HTTPS, which aligns with the intended security requirements.

This resolves the issue reported in Team#598 and implemented in PR#12992.

New Features

No new features were added in this release. This is a bug fix release focused on correcting the startup behavior for sites without HTTPS.

Security Updates

No security fixes were included in this release. The existing security requirement that sites with Stripe connections must use HTTPS remains in place, but is now correctly applied only to sites that actually use Stripe.

Performance Improvements

No specific performance improvements were included in this release. The changes were focused on fixing a critical bug in the startup sequence.

Impact Summary

This release fixes a critical bug that was preventing Ghost from starting on non-HTTPS sites regardless of Stripe connection status. The impact is significant for development environments and production sites not using Stripe payments, as they were incorrectly being forced to use HTTPS. With this fix, Ghost now correctly enforces HTTPS only when necessary for security (when Stripe is connected), allowing other sites to start normally without this requirement. This improves the developer experience and reduces friction for sites that don't process payments.

Full Release Notes