Ghost Release: 5.106.2

TL;DR

Ghost v5.106.2 introduces a new security feature that blocks spammy email domains from member signups. This update allows site administrators to configure a blocklist of problematic domains, preventing users with email addresses from these domains from signing up as free members. This targeted approach helps reduce spam and protect the integrity of your member base without affecting legitimate users.

Highlight of the Release

• New email domain blocklist feature to prevent spam signups
• Configurable settings to block specific problematic domains
• Targeted approach that only affects free member signups

Migration Guide

No migration steps are required for this release. The email domain blocklist feature is ready to use after updating to v5.106.2.

To configure the blocklist:

"spam.blocked_email_domains": ["blocked-domain.com", "another-spam-domain.com"]

Add this to your Ghost configuration to start blocking problematic domains.

Upgrade Recommendations

This release is recommended for all Ghost users, especially those experiencing issues with spam member signups. The update provides an important security enhancement that helps maintain the quality of your member database.

The change is non-breaking and focused on a specific security improvement, making it a low-risk upgrade that can be applied immediately.

Bug Fixes

No specific bug fixes were included in this release. The primary focus was on introducing the new email domain blocklist feature to address spam issues.

New Features

Email Domain Blocklist for Member Signups

Ghost now includes a configurable email domain blocklist specifically designed to prevent spam in free member signups. This feature allows site administrators to:

• Block specific email domains known for spam activity
• Prevent users with email addresses from these domains from registering as free members
• Configure the blocklist through the spam.blocked_email_domains setting

For example, if you add blocked-domain.com to your blocklist, any attempt to sign up as a free member using an email like [email protected] will be rejected.

This feature was implemented in response to identified spam patterns and helps maintain the quality of your member database.

Security Updates

Enhanced Spam Protection

This release addresses a security concern related to spam signups by implementing an email domain blocklist mechanism. While not fixing a specific vulnerability, this proactive measure helps protect Ghost sites from:

• Mass spam signups from known problematic domains
• Potential abuse of the free member signup system
• Artificial inflation of member counts

The feature was implemented in response to identified spam patterns (referenced in incident #132) and provides site owners with more control over who can register as a member.

Performance Improvements

No specific performance improvements were included in this release. The focus was on security enhancements through the new email domain blocklist feature.

Impact Summary

Ghost v5.106.2 introduces a targeted security enhancement that addresses spam issues in member signups. By implementing a configurable email domain blocklist, site administrators now have more control over who can register as a free member.

This update directly responds to identified spam patterns and provides a straightforward solution that blocks problematic domains at the registration stage. The feature is specifically designed to prevent spam without affecting legitimate users, helping maintain accurate audience metrics and reducing administrative overhead.

The implementation is non-disruptive to existing workflows and requires no migration steps, making it an easy but valuable upgrade for all Ghost users.

Full Release Notes