Ghost Release: 5.107.1

TL;DR

Ghost v5.107.1 introduces a new security feature that blocks spammy email domains from member signups. This targeted update helps site owners protect their membership base from spam accounts by allowing configuration of blocked email domains. The change is specifically focused on free member signups and provides a straightforward way to prevent unwanted registrations from known problematic domains.

Highlight of the Release

• Added ability to block specific email domains from free member signups
• Implemented configurable blocklist via spam.blocked_email_domains setting
• Enhanced protection against spam accounts in Ghost membership systems

Migration Guide

No migration steps are required for this release. The new email domain blocking feature is optional and can be configured as needed through the spam.blocked_email_domains setting.

To implement the blocklist, simply add the configuration to your Ghost settings with the domains you wish to block:

"spam.blocked_email_domains": ["blocked-domain.com"]

Upgrade Recommendations

This release is recommended for all Ghost users who want to enhance protection against spam member signups. The update is particularly valuable for sites experiencing issues with spam accounts from specific email domains.

As this is a minor release (v5.107.1) with a focused security enhancement, it should be safe to upgrade without concerns about breaking changes. The new feature is opt-in through configuration and doesn't modify existing functionality.

Bug Fixes

No specific bug fixes were included in this release. The update was focused on adding the new email domain blocking feature for spam prevention.

New Features

Email Domain Blocklist for Member Signups

Ghost now includes a configurable email domain blocklist to prevent free member signups from known spammy domains. This feature helps site owners maintain a cleaner member database by blocking problematic domains at the registration stage.

The blocklist is implemented through a new configuration option:

"spam.blocked_email_domains": ["blocked-domain.com", "another-blocked-domain.com"]

When a user attempts to sign up with an email address from a blocked domain, the registration will be rejected. This feature specifically targets free member signups, providing a simple but effective way to reduce spam accounts.

Security Updates

Enhanced Spam Protection

This release addresses security concerns related to spam signups by implementing a domain-level email blocklist for free member registrations. While not fixing a specific vulnerability, this proactive measure helps prevent abuse of the member signup system by known problematic email domains.

The feature was implemented in response to a specific incident (referenced as incident #132) and helps Ghost sites better protect against automated or malicious signup attempts from domains frequently associated with spam.

Performance Improvements

No specific performance improvements were included in this release. The update was focused on security enhancements through the new email domain blocking feature.

Impact Summary

Ghost v5.107.1 introduces a targeted security enhancement that allows site administrators to block free member signups from specific email domains known for spam. This feature helps maintain the quality of member databases by preventing problematic signups at the domain level.

The implementation is straightforward and configurable, allowing site owners to specify which domains should be blocked through the spam.blocked_email_domains setting. This approach provides flexibility while addressing a common pain point for membership sites.

This release represents Ghost's ongoing commitment to providing tools that help publishers maintain healthy communities and protect against common abuse vectors. The change is minimal in scope but potentially significant in impact for sites dealing with spam signup issues.

Full Release Notes