Ghost Release: 5.46.1

TL;DR

Ghost v5.46.1 Security Update

This patch release addresses a critical security vulnerability in Ghost's Content API that could allow attackers to extract private author information through filter manipulation. The fix prevents unauthorized access to sensitive author fields like passwords and email addresses, protecting your site's data integrity and user privacy.

Highlight of the Release

• Fixed security vulnerability in Content API filtering for author fields
• Prevented unauthorized access to private author data including passwords and email addresses
• Protected against brute force attacks that could leak sensitive information

Migration Guide

No migration steps are required for this security patch. Simply update to Ghost v5.46.1 to apply the security fix.

Upgrade Recommendations

Immediate Upgrade Recommended

This release contains an important security fix that protects sensitive author data from potential unauthorized access.

Upgrade priority: High - all Ghost installations should be updated as soon as possible.

To upgrade:

• For Ghost(Pro) users: Your site will be automatically updated
• For self-hosted installations: Use the Ghost-CLI to update with ghost update
• For Docker installations: Pull the latest v5.46.1 image

No additional configuration changes are required after updating.

Bug Fixes

Security Bug Fix

Fixed a vulnerability in the Content API filtering system that could expose private author fields:

• Patched the filtering layer to properly restrict access to sensitive author fields like passwords and email addresses
• Prevented the use of filter operators (like "starts with") to brute force sensitive data extraction
• Addressed the issue where the filtering system's tight coupling to the database allowed bypassing of normal data restrictions

This fix addresses the security advisory GHSA-r97q-ghch-82j9.

New Features

No new features were introduced in this security patch release.

Security Updates

Content API Filtering Vulnerability Fix

This release patches a security vulnerability in Ghost's Content API that could allow attackers to access private author information:

• Vulnerability details: The filtering layer's tight coupling to the database made it possible to fetch authors and filter by private fields like passwords or email addresses
• Attack vector: Using operators like "starts with" to progressively brute force character-by-character extraction of sensitive data
• Risk: Potential unauthorized access to author email addresses and password hashes
• Fix: Implemented proper restrictions on filtering private author fields in the Content API

For more details, see the security advisory: GHSA-r97q-ghch-82j9

Performance Improvements

No specific performance improvements were included in this security patch release.

Impact Summary

This security patch addresses a vulnerability in Ghost's Content API that could potentially expose private author information through filter manipulation. The issue stemmed from the filtering layer's tight coupling to the database, which allowed bypassing normal data restrictions when using certain filter operators.

The vulnerability could allow attackers to progressively extract sensitive information like email addresses and password fields character-by-character through brute force attempts. This posed a risk to author privacy and potentially site security.

The fix properly restricts access to private author fields in the Content API filtering system, ensuring that sensitive data remains protected. This update is essential for maintaining the security and privacy standards of your Ghost installation.

Full Release Notes