Ghost Release: 5.56.0

TL;DR

Ghost 5.56.0: Collections API, Tips & Donations, and Theme Compatibility Improvements

Ghost 5.56.0 introduces the Collections API, allowing developers to access collections data through both Admin and Content APIs. The release also adds a new Tips & Donations section in Membership settings, improves theme compatibility checks, and enhances the AdminX interface with numerous UI refinements. Several performance optimizations and security improvements have been implemented, including rate limiting for test emails to prevent abuse.

Highlight of the Release

• Collections API: New endpoints for accessing collections via both Admin and Content APIs
• Tips & Donations: New section in Membership settings for managing Stripe donations
• Member Import Enhancement: Added ability to assign tiers during member import
• Security Improvement: Rate limiting for test emails to prevent abuse
• AdminX UI Refinements: Numerous design improvements across settings pages

Migration Guide

Collections API Changes

If you were using the posts property from the Collections API, you'll need to update your code. The correct mechanism for fetching posts from a collection is now via the Posts API. All functionality of getting posts directly from the Collections API has been removed.

Theme Compatibility

Theme developers should review their themes for compatibility with the updated checks. In particular:

• Check for proper handling of @page properties
• Review global styles that might conflict with the signup card input
• Check for any unknown global usage that might trigger new warnings

TypeScript and ESLint Updates

If you're developing custom code or extensions:

• The project has moved from CRA to Vite
• ESLint configurations have been updated
• TypeScript configurations now use a base config
• The no-explicit-any rule is now enabled for most packages

Upgrade Recommendations

Recommended Upgrade Path

This is a minor version update (5.55.2 → 5.56.0) that introduces new features and improvements without breaking changes to the core functionality. We recommend all users upgrade to this version to benefit from the security improvements, bug fixes, and new features.

For Site Owners:

• Standard upgrade process applies - backup your database before upgrading
• No special steps required

For Developers:

• If you were using the posts property from Collections API, update your code to use the Posts API instead
• Review your custom code for any TypeScript any types that could be replaced with proper types
• If you've built custom themes, check for compatibility with the updated theme checks

Bug Fixes

Theme Compatibility

• Fixed logic for checking theme compatibility with @page properties
• Added theme hide title+image incompatibility warning
• Added margin override to signup card input to prevent style conflicts with theme global styles

API and Data Handling

• Fixed loading assets from CDN URL, resolving issues with user profile images
• Fixed unpublished collection posts filtering in both Admin and Content APIs
• Fixed Segment event naming

AdminX UI Fixes

• Fixed gradient bug in Portal preview
• Fixed tier dropdown bug in Portal/Links that always showed links for the first tier
• Fixed free trial toggle bug that didn't keep the trial value and toggle in sync
• Fixed textfield right placeholder bug
• Fixed menu highlight when settings is searched

New Features

Collections API

• Added Admin API endpoint /collections/slug/:slug to fetch collections by slug
• Implemented Collections Content API with support for reading individual collections by ID and slug
• Added support for ?include=count.posts parameter in Collections API
• Improved collections filtering with support for tag expansions
• Implemented proper handling of unpublished collection posts

Tips & Donations

• Added a new section to Membership settings with a button to copy the Tips & donations Stripe link
• Added tipsAndDonations feature flag to control the feature

Member Import Enhancements

• Added ability to assign tiers during member import
• Implemented feature flag for import tier functionality

Newsletter Management

• Changed NewsletterList to use the new Table component with TableRow and TableCell subcomponents
• Improved data display for newsletters

Security Updates

Test Email Rate Limiting

• Implemented rate limiting for test emails to prevent abuse by malicious users
• Limited test emails to one recipient per request
• Added a limit of 10 test emails per hour
• This addresses a security issue where the test/preview email API endpoint could be abused

Performance Improvements

Dependency Management

• Deduplicated eslint and eslint-plugin-ghost to top-level package.json
• Deduplicated ts-node and typescript dependencies
• Removed old versions of @typescript-eslint/{eslint-plugin,parser}
• Improved dependency cache keys for build processes

Build System

• Converted CRA packages to Vite for better performance
• Updated ESLint config for React+TypeScript packages
• Fixed build command for nql-filter-expansions
• Added ghost/nql-filter-expansions to TS dev script list
• Deduplicated tsconfig.json to use base config

Code Optimization

• Added nql-filter-expansions module to centralize filter expansions
• Migrated admin and core modules to use nql-filter-expansions
• Improved type definitions by replacing any with proper types
• Enabled no-explicit-any for majority of packages

Impact Summary

Ghost 5.56.0 brings significant improvements to the Collections feature with the introduction of dedicated API endpoints for both Admin and Content APIs. This enables developers to build more sophisticated integrations around collections. The new Tips & Donations section in Membership settings provides site owners with an additional monetization option.

The release also focuses on improving the AdminX interface with numerous UI refinements and fixes, making the admin experience more intuitive and consistent. Security has been enhanced with rate limiting for test emails, addressing a potential abuse vector.

For theme developers, there are important fixes for compatibility checks and style conflicts, while the codebase has undergone significant refactoring to improve maintainability and performance through dependency deduplication and build system improvements.

Overall, this release represents a solid step forward in Ghost's evolution, with meaningful improvements for all types of users while maintaining backward compatibility.

Full Release Notes