HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Ghost

>

Releases

>

5.0.1

Ghost Release: 5.0.1

Tag Name: v5.0.1

Release Date: 5/24/2022

View Release
Ghost LogoGhost

Open-source publishing platform specifically designed for professional bloggers and publications. Focuses on clean, minimalist writing and publishing experience.

Open SourceBloggingStatic Site

TL;DR

Ghost 5.0.1 is a maintenance release that fixes several critical bugs affecting member authentication, email analytics, and content management. Key improvements include fixing JWT/JWKS signing key issues that were causing authentication problems, resolving email analytics crashes when processing unsubscribe events, and correcting template selection for pages vs posts. This release ensures more reliable operation of paid memberships and content delivery systems.

Highlight of the Release

    • Fixed JWT/JWKS signing key issues that were causing authentication problems with third-party libraries
    • Resolved email analytics crashes when processing unsubscribe/complaint events
    • Fixed page vs post context calculation and template selection
    • Improved excerpt generation by removing markdown symbols
    • Updated settings API to return all settings including calculated settings

Migration Guide

This is a patch release with no breaking changes or special migration steps required. Simply update to v5.0.1 to benefit from the bug fixes and improvements.

To update Ghost-CLI installations:

ghost update

For Docker installations, pull the latest 5.0.1 image:

docker pull ghost:5.0.1

Upgrade Recommendations

Priority: High

This update is highly recommended for all Ghost 5.0.0 users, especially those using:

  • Paid membership features
  • Email newsletters with unsubscribe tracking
  • Third-party integrations that rely on JWT authentication
  • Sites with a mix of pages and posts

The fixes in this release address several critical issues that could affect member authentication, email analytics processing, and content rendering. Upgrading should be straightforward with no breaking changes.

Bug Fixes

  • JWT/JWKS Authentication Issues:

    • Fixed signing key mismatching in members JWT/JWKS by adding missing keyid parameter
    • Added use: "sig" attribute to identify signing keys properly in client libraries
    • Resolved compatibility issues with Python's "pyjwt" and Node's "jwks-client" libraries

  • Email Analytics Processing:

    • Fixed email analytics crashing when processing unsubscribe/complaint events
    • Replaced references to deleted member.subscribed field with proper deletion of member<->newsletter associations
    • Added creation of member_subscribe_event records for newsletter unsubscribes to maintain accurate stats

  • Content Management:

    • Fixed page vs post context calculation that was adding a stray "post" entry
    • Fixed page vs post preview template picking where pages incorrectly resolved to "post" templates
    • Fixed minor issues with excerpts containing markdown-like symbols

  • Settings API:

    • Updated to return all settings in edit endpoint, including calculated settings
    • Fixed Stripe <head> script injection based on calculated settings

New Features

and Improvements

  • Enhanced Content API defaults: Added monthly_price, yearly_price, and benefits defaults for Content API to improve developer experience
  • Basic e2e test coverage: Added test coverage for the GET /members/.well-known/jwks.json endpoint
  • Improved excerpt generation: Removed markdown-like symbols (HRs and blockquote symbols) from excerpts for cleaner plaintext output

Security Updates

  • JWT Authentication Improvements: Fixed signing key identification and matching in JWT/JWKS implementation, which improves the security and reliability of the member authentication system. This ensures proper verification of member tokens when using the /members/.well-known/jwks.json endpoint.

Performance Improvements

No significant performance improvements were included in this release. The focus was primarily on bug fixes and stability improvements.

Impact Summary

Ghost 5.0.1 is a maintenance release that addresses several important bugs that were affecting core functionality. The most significant fixes relate to member authentication through JWT/JWKS, which now properly supports third-party client libraries by adding required key identification parameters. Email analytics processing has been fixed to properly handle unsubscribe and complaint events without crashing. Content creators will benefit from proper page vs post template selection and improved excerpt generation.

This release demonstrates Ghost's commitment to stability and reliability following the major 5.0.0 release. While it doesn't introduce major new features, it ensures that existing functionality works correctly, particularly for paid memberships and content delivery. The improvements to the settings API also ensure that the admin interface has access to up-to-date calculated settings values.

Full Release Notes

  • 🐛 Fixed unreliable paid members enabled checks - Simon Backx
  • 🐛 Fixed email analytics crashing when processing unsubscribe/complaint events - Kevin Ansfield
  • 🐛 Fixed signing key identification in JWKs - Naz
  • 🐛 Fixed inability to select a date in future months when scheduling - Kevin Ansfield
  • 🐛 Fixed page vs post preview template picking - Naz
  • 🐛 Fixed page vs post context calculation - Naz
  • 🐛 Fixed signing key mismatching in members JWT/JWKS - Naz
  • 🐛 Fixed timezone related issues when scheduling posts - Kevin Ansfield

View the changelogs for full details:

🪄 Love open source? We're hiring Node.js Engineers to work on Ghost full-time

Statistics:

File Changed24
Line Additions817
Line Deletions352
Line Changes1,169
Total Commits16

User Affected:

  • More reliable paid members functionality
  • Fixed email analytics processing for unsubscribe/complaint events
  • Improved settings API returning all settings in edit endpoint

Contributors:

nazdaniellockyerrenovate-botErisDSkevinansfieldSimonBackxallouismatthanley