Ghost Release: 5.2.0

TL;DR

Ghost v5.2.0: Enhanced User Experience & Bug Fixes

This release brings several quality-of-life improvements to Ghost, including better handling of email-only posts, increased body parser limits for long-form content, and refined user role management. Several critical bugs have been fixed, particularly around Stripe checkout for members with existing subscriptions and user role assignments. The update also includes UI improvements in the editor and updated dependencies for better security and performance.

Highlight of the Release

• Added support for publishing email-only posts by setting status to 'sent'
• Increased body parser limit from 1mb to 50mb for handling larger content
• Fixed Stripe Checkout for members with existing subscriptions
• Added getLazyRelation model helper method for safer relation handling
• Fixed invalid user role assignment issues

Migration Guide

This release doesn't require any specific migration steps. The update should be straightforward:

1. Back up your Ghost installation before updating
2. Update Ghost using the Ghost-CLI: ghost update
3. If you're using a custom theme, ensure it's compatible with the latest version of Ghost

Notes for Developers

• If you've built custom code that handles user role assignments, be aware that the validation has been improved
• If you're working with relations in models, consider using the new getLazyRelation helper method for better performance and safety
• If you've been hitting the body parser limit with large content, this limit has now been increased to 50mb

Upgrade Recommendations

This release is recommended for all Ghost users as it contains important bug fixes and quality-of-life improvements.

Priority: Medium

• For content creators: The improvements to email-only posts and editor UI make this a worthwhile update
• For site administrators: The fixes for user role assignment and increased body parser limits address potential issues
• For sites using memberships: The Stripe Checkout fixes are important if you're using paid subscriptions

The update should be straightforward with no breaking changes reported. As always, it's recommended to back up your Ghost installation before updating.

Bug Fixes

User Role Management

• Fixed invalid user role assignment that previously resulted in incorrect database state
• Added ability to set user roles by allowed name: 'Administrator', 'Editor', 'Author', 'Contributor'
• Added validation for non-ObjectID values passed in roles to the users edit method

Stripe Checkout

• Fixed Stripe Checkout for members with existing subscriptions
• Added check for existing subscriptions for members associated with email addresses used for Stripe Checkout
• Updated error handling for create-stripe-checkout-session endpoint to follow existing Ghost API patterns

Editor Improvements

• Fixed default publish type being "Publish and email" when default recipients set to "Usually nobody"
• Improved save/update button copy in editor for better clarity

SQLite Connection

• Fixed detection of Windows environment when connecting to SQLite temp DB
• Added process.platform check for Windows environments
• Moved code into the DB connection file instead of the config lib

New Features

Email-Only Post Publishing

• Added support for publishing email-only posts by setting status to 'sent'
• When setting status to sent for non-email-only posts, the post status will be set to published without warning
• Fixed issue where published_by was not set correctly

Model Helper Method

• Added getLazyRelation model helper method as a safer shorthand for model.related('relationName').fetch()
• Prevents doing a fetch operation on a relation that is already loaded
• Uses already loaded relation if it exists, or loads the relation if needed
• Avoids issues when formatOnWrite has a custom implementation
• Includes option to force refresh with forceRefresh

Increased Body Parser Limit

• Increased body parser limit from 1mb to 50mb
• Helps users with long-form content who were previously hitting the internal limit
• Matches Ghost-CLI's max body for nginx

Security Updates

• Updated express-jwt dependency to v7.7.5, addressing potential security vulnerabilities
• Improved validation for user role assignments, preventing potential security issues with invalid role assignments

Performance Improvements

Code Refactoring

• Refactored Admin API test agent to use async/await
• Improves readability of code
• Added some missing awaits for async test methods that don't perform any async operation but are marked as async
• Potential fix for random test timeouts

Dependency Updates

• Updated dependency knex-migrator to v4.2.11
• Updated dependency express-jwt to v7.7.5
• Updated various other packages for better performance and security

Impact Summary

Ghost v5.2.0 brings several quality-of-life improvements and bug fixes that enhance the overall user experience. Content creators will benefit from better handling of email-only posts and improved editor UI. Administrators gain more reliable user role management and increased body parser limits for long-form content. The fix for Stripe Checkout with existing subscriptions is particularly important for sites using paid memberships.

For developers, the new getLazyRelation model helper method provides a safer way to handle relations, and the refactored Admin API test agent improves code readability. The update also includes several dependency updates for better security and performance.

Overall, this is a solid maintenance release that addresses several pain points reported by the Ghost community while adding some useful new features. The increased body parser limit (from 1mb to 50mb) is especially notable for sites with long-form content that were previously hitting limits.

Full Release Notes