Ghost Release: 5.4.0

TL;DR

Ghost 5.4.0 introduces new member counter template helpers, improved sign-in experience, and fixes several bugs related to webhooks, cookies, and the Member API. This release enhances the developer experience with new template helpers while improving the member experience with better navigation after authentication. It also includes important fixes for webhook payloads and authentication cookies.

Highlight of the Release

• New template helpers {{total_members}} and {{total_paid_members}} for displaying member counts in themes
• Improved member experience with redirection back to original content after sign-in
• Fixed webhook payloads to include missing author information
• Enhanced support email verification flow with better error handling
• More accurate paid subscribers graph that excludes plan changes

Migration Guide

No breaking changes were introduced in this release that would require migration steps. The improvements and bug fixes are backward compatible with previous versions.

For theme developers wanting to implement the new member counter helpers:

<p>Join our community of {{total_members}} members!</p>
<p>We have {{total_paid_members}} paying supporters.</p>

API users should note that while the comped flag in the Members API has been restored for backward compatibility, it is considered deprecated. Future planning for its removal will be communicated through version headers.

Upgrade Recommendations

This release is recommended for all Ghost users, especially those who:

• Run Ghost without SSL in development or production environments
• Use webhooks to integrate with external systems
• Want to improve the member sign-in experience
• Need to display member counts in their themes
• Use the Members API with the comped flag

The upgrade should be straightforward with no breaking changes. As always, it's recommended to backup your database before upgrading.

Bug Fixes

Fixed Missing Authors in Webhook Payload

Webhook subscribers were receiving post request payloads without authors and primary_author properties. This issue has been fixed by adding the missing "originalOptions" property needed to correctly serialize the model to JSON.

Fixed Cookies When Running Ghost Without SSL

The recent updates to auth cookies switched to SameSite=None, which requires an SSL connection. This caused authentication issues for local development environments and production sites not using SSL. The cookie handling has been fixed to work properly in non-SSL environments.

Fixed Tag URL Field When Explicitly Querying Fields

The URL field of tags is dynamically generated rather than stored in the database. When explicitly querying specific fields that didn't include the ID, the URL couldn't be generated correctly. This has been fixed by adding the ID as a default column to fetch, ensuring the URL can always be properly generated.

Fixed 'comped' Flag Behavior in Member API

The 'comped' flag in the Members API stopped working when v3 API was dropped with the release of Ghost v5. This flag has been restored for backward compatibility to prevent breaking integrations like Zapier.

Fixed Code Card Language Saving

Fixed an issue where the code card was not correctly saving the selected language when changing it.

New Features

Member Counter Template Helpers

Two new Handlebars template helpers have been added to make it easier for theme developers to display member statistics:

• {{total_members}} - Displays the total number of members (free and paid)
• {{total_paid_members}} - Displays only the number of paid members

These helpers are ideal for member sites that want to showcase their community size to incentivize users to upgrade.

Improved Member Sign-in Experience

Members are now redirected back to the page they were viewing before signing in. This creates a more seamless experience when members want to interact with content (such as comments) that requires authentication. Previously, members would be redirected to the homepage after sign-in, forcing them to navigate back to the content they were interested in.

Security measures ensure that redirects only occur to URLs on the same domain as the site, preventing potential authentication leaks.

Security Updates

No significant security fixes were included in this release.

Performance Improvements

CORS Preflight Request Optimization

Added access-control-max-age to Content API preflight requests, which helps reduce the number of OPTIONS requests made by browsers. This improvement affects:

• Content API
• Members API
• Frontend site preflights

A new configuration option has been added to change the default maxAge of preflight requests, allowing for further optimization based on specific needs.

Impact Summary

Ghost 5.4.0 focuses on enhancing the developer and member experience with new template helpers and improved authentication flows. The release addresses several important bugs, particularly around webhooks and authentication cookies, which should improve reliability for integrations and non-SSL environments.

The new member counter helpers provide theme developers with simple tools to display community metrics, potentially helping to drive member conversions. The improved sign-in experience creates a more seamless flow for members interacting with gated content or features like comments.

For site owners and administrators, the dashboard improvements provide more accurate subscriber metrics by excluding plan changes from the paid subscribers graph, giving a clearer picture of actual growth.

API users benefit from more consistent patterns with the offer serializer replacement and improved CORS support, while the fix for the comped flag maintains backward compatibility for existing integrations.

Full Release Notes