Ghost Release: 5.17.2

TL;DR

Ghost v5.17.2 is a security and bug fix release that addresses critical issues with magic links and member authentication. It fixes a security vulnerability that allowed sending multiple emails through the magic link endpoint, prevents unwanted member creation during login attempts, and resolves issues with the anchor chart for sites without paid tiers. This release improves security, prevents account duplication, and enhances the overall member authentication experience.

Highlight of the Release

• Fixed security vulnerability in magic link endpoint that could allow sending multiple emails
• Prevented unwanted member creation when users attempt to log in with non-existent email addresses
• Fixed anchor chart loading issue for sites without paid tiers
• Updated Portal version to v2.14.x

Migration Guide

Magic Link Implementation Changes

If you're a developer working with Ghost's authentication system, note that this release requires the frontend to send an explicit emailType when sending a magic link. The system will default to:

• subscribe for standard sites
• signin for invite-only sites

This maintains compatibility with existing behavior but may require updates to custom implementations that interact with the magic link functionality.

The magic link now stores the type (signin, signup, updateEmail, or subscribe), which is used to prevent signups with a sign-in token.

Upgrade Recommendations

This release contains important security fixes and bug fixes that improve the stability and security of your Ghost installation. We strongly recommend all Ghost users upgrade to v5.17.2 as soon as possible, especially if you use member authentication features or have sites without paid tiers.

Bug Fixes

Fixed Magic Link Endpoint Security Issue

Fixed a security vulnerability in the magic link endpoint that allowed sending multiple emails by submitting comma-separated email addresses. This could potentially be used to bypass rate limiting for sending emails. The fix prevents this behavior, reducing the risk of spam emails being sent through Ghost.

Prevented Unwanted Member Creation During Login

Fixed an issue where attempting to log in with a non-existent email address would automatically create a new member account. This led to:

• Duplicate accounts when members misremembered their email addresses
• New accounts being created when using old impersonation tokens or login links sent before member deletion

The system now properly validates login attempts and returns an error for non-existent accounts instead of creating new ones.

Fixed Anchor Chart Loading for Sites Without Paid Tiers

Resolved an issue where the anchor chart would continuously show a loading spinner for sites that have no paid tiers and the source attribution flag enabled. This occurred because the chart was attempting to load MRR (Monthly Recurring Revenue) data by default, which doesn't exist when paid tiers are disabled. The chart now uses "total members" data when paid tiers are disabled.

New Features

No significant new features were introduced in this release. This is primarily a security and bug fix release.

Security Updates

Magic Link Endpoint Security Fix

Fixed a security vulnerability in the magic link endpoint that allowed sending multiple emails by submitting comma-separated email addresses to the endpoint. This could bypass rate limiting controls and potentially be used for spam. The fix prevents this behavior, ensuring proper validation of email addresses.

Credit: Sandip Maity ([email protected])

Enhanced Login Security

Implemented improved rate limiting specifically for login attempts to prevent user enumeration. The new rate limiting has a higher default limit of 8 and is designed to be configurable independently from administrator rate limiting. This helps protect against brute force attacks while maintaining a good user experience.

Performance Improvements

No specific performance improvements were highlighted in this release.

Impact Summary

Ghost v5.17.2 is a security-focused release that addresses important vulnerabilities and bugs in the member authentication system. The fixes prevent potential email spam attacks through the magic link endpoint and stop unwanted member account creation during login attempts with non-existent email addresses.

For site administrators, this release provides better protection against potential abuse of the email system and reduces the risk of unwanted member accounts being created. The fix for the anchor chart loading issue also improves the analytics experience for sites without paid tiers.

For developers integrating with Ghost, note that the magic link implementation now requires an explicit emailType parameter, though defaults are in place to maintain backward compatibility. The release also includes improved rate limiting specifically for login attempts to prevent user enumeration while maintaining a good user experience.

Overall, this is an important security and stability release that all Ghost users should apply promptly.

Full Release Notes