Ghost Release: 5.59.1

TL;DR

Ghost v5.59.1: Security Fix & Newsletter Filter Bug Resolution

This patch release addresses two important issues:

1. Security Fix: Resolved a vulnerability that allowed arbitrary file reading via symlinks during content import.
2. Bug Fix: Fixed newsletter filters that weren't working properly in bulk member operations.

This release is primarily focused on security and bug fixes, with no new features or breaking changes. All Ghost users should upgrade promptly to ensure system security.

Highlight of the Release

• Security vulnerability patched that prevented arbitrary file reading via symlinks during content import
• Fixed newsletter filters functionality in bulk member operations (labeling, unsubscribing, deletion)
• Improved handling of NQL/API edge cases for newsletter-related filters

Migration Guide

No migration steps are required for this patch release. Simply update to v5.59.1 to receive the security and bug fixes.

Upgrade Recommendations

Priority: High

All Ghost installations should be upgraded to v5.59.1 as soon as possible to address the security vulnerability in the content import functionality. This release contains an important security fix that protects against arbitrary file reading via symlinks.

The newsletter filter bug fix also resolves potential issues with bulk member operations, which could prevent proper member management for sites using newsletter-specific filters.

Bug Fixes

Newsletter Filters in Bulk Operations

Fixed an issue where newsletter filters weren't working correctly in bulk member operations. This bug specifically affected:

• Member labeling
• Member unsubscribing
• Member deletion

The problem was related to an NQL/API edge case where standalone filters with parentheses weren't being handled correctly within bulk operations. The fix implements a regex function that identifies when these filters are used and removes the parentheses when required.

This is a temporary solution to mitigate the risk of potential data loss for Ghost users, with plans to address the underlying NQL/API issue more comprehensively in a future release.

New Features

No new features were introduced in this patch release. This is a security and bug fix release only.

Security Updates

Arbitrary File Read via Symlinks in Content Import

Fixed a security vulnerability that could allow arbitrary file reading via symlinks during content import. This issue was identified and reported by ixSly.

Details:

• The vulnerability allowed potential access to files outside the intended scope during content import operations
• This has been addressed by improving the security checks during the import process
• For full details, see the security advisory GHSA-9c9v-w225-v5rg

Performance Improvements

No specific performance improvements were included in this patch release.

Impact Summary

This patch release addresses two significant issues: a security vulnerability in content import and a bug affecting newsletter filters in bulk member operations.

The security fix prevents potential unauthorized access to files via symlinks during content import, which is critical for maintaining the security integrity of Ghost installations.

The newsletter filter bug fix ensures that administrators and content managers can properly use newsletter-related filters when performing bulk operations on members (such as labeling, unsubscribing, or deleting). This resolves an edge case in the NQL/API handling that could have led to incorrect filtering and potential data management issues.

While the newsletter filter fix is implemented as a temporary solution using regex, it effectively mitigates the risk of data loss until a more comprehensive fix for the underlying NQL/API issue can be developed in a future release.

Full Release Notes