Ghost Release: 5.83.0

TL;DR

Ghost v5.83.0 introduces a significant new internal linking beta feature that allows users to search for posts, pages, authors, and tags directly within URL inputs, streamlining content linking workflows. The update also adds Sentry Session Replay for improved error debugging, introduces newsletter subtitle capabilities, enhances SVG security through sanitization, and fixes several UI issues. This release focuses on improving editor functionality, newsletter customization, and overall platform stability.

Highlight of the Release

• New internal linking beta feature for faster content linking workflows
• Added Sentry Session Replay for improved error debugging in Ghost Admin
• Introduced post and newsletter subtitle capabilities (behind feature flags)
• Enhanced SVG security through upload sanitization
• Added '@' shortcut for internal linking in the editor
• Improved newsletter template styling and customization options

Migration Guide

No significant migration steps are required for this update. The new features (internal linking, subtitles, etc.) are all behind feature flags and can be enabled at your discretion.

If you're using custom email templates, you may want to review the new hasFeature helper which allows for conditional content based on feature flags.

For developers working with the codebase, note that there have been several dependency updates and pinning that might affect your development environment.

Upgrade Recommendations

This update is recommended for all Ghost users, especially those who would benefit from the improved internal linking capabilities and newsletter enhancements. The security fix for SVG uploads makes this update particularly important for sites that allow file uploads.

The update includes no breaking changes and should be a smooth upgrade from previous versions. As always, it's recommended to backup your database before upgrading.

Bug Fixes

Fixed Admin Error When Overwriting Default Themes

Fixed an issue where attempting to overwrite a default theme (source or casper) would crash the admin interface. Now, users receive a helpful error message instructing them to rename the zip file instead.

Fixed Label Name Display

Corrected an issue where label names were not properly showing as titles.

Fixed Flaky Portal Test

Resolved an intermittent test failure in the Portal signup flow tests by making benefit descriptions less likely to have duplicate text, using timestamps in the randomization function.

Fixed Post-Title Background Color in Dark Mode

Corrected the background color for post titles when using dark mode.

Fixed "No Results" State Flashing in @-linking

Resolved an issue where the "no results" state would briefly flash during internal link searches by properly handling cancelled search promises.

New Features

Internal Linking Beta

The new internal linking beta feature allows users to search for posts, pages, authors, and tags directly within URL inputs in the link toolbar and bookmark card. This streamlines the content linking workflow by reducing interruptions and making it faster to create links to existing content.

Sentry Session Replay

Added Sentry Session Replay functionality to Ghost Admin, which records user sessions when errors occur to facilitate debugging. The implementation includes privacy protections that mask sensitive information such as input fields, media items, content in the editor, and metrics in the dashboard.

Post and Newsletter Subtitles

Introduced subtitle capabilities for both posts and newsletters, controlled by two separate feature flags: editorSubtitle and newsletterSubtitle. This allows content creators to add subtitles to their content and newsletters, enhancing content presentation options.

'@' Internal Link Shortcut

Added a new '@' shortcut in the editor that allows for quick internal linking to other content. This feature is currently behind a labs flag for internal testing before wider release.

hasFeature Email Template Helper

Added a new Handlebars helper for email templates that allows for conditional content based on feature flags. Usage: {{#hasFeature 'flagname'}} <p>html behind flag</p> {{/hasFeature}}.

Security Updates

SVG Upload Sanitization

Added sanitization for SVG uploads to prevent potential security vulnerabilities. Previously, SVGs were not sanitized and could contain malicious scripts. This update ensures that uploaded SVG files are properly sanitized before being stored or served.

Performance Improvements

Data Generator Improvements

Reduced the limit on the importer in the data generator to prevent test crashes. After testing, the limit was set to 30 (down from 35) which appears to be a safe threshold.

Dependency Management

Pinned several dependencies to specific versions to ensure consistent behavior and prevent unexpected issues from dependency updates. This includes packages like @types/node, @codemirror/lang-html, and others.

HMAC Secret Handling

Improved the handling of HMAC secrets by using base64 encoded strings instead of UTF-8 encoding, making it easier to work with randomly generated 64-byte secrets.

Impact Summary

Ghost v5.83.0 significantly enhances the content creation workflow with its new internal linking beta feature, allowing for seamless searching and linking to existing content directly within the editor. The addition of subtitle capabilities for both posts and newsletters provides more flexibility in content presentation, while the Sentry Session Replay feature will help developers better understand and fix errors that users encounter.

Security has been improved with SVG upload sanitization, addressing a potential vulnerability where SVG files could contain malicious scripts. Newsletter templates have received styling improvements, making newsletters more visually appealing and consistent.

For developers, the new hasFeature email template helper provides more flexibility in creating conditional content based on feature flags. Several bug fixes address UI issues and improve the overall stability of the platform.

This release represents a solid step forward in Ghost's evolution, with a focus on improving the content creation experience while maintaining security and stability.

Full Release Notes