Ghost Release: 5.90.1

TL;DR

Ghost v5.90.1 - Portal Honeypot Field Implementation

This minor release adds a honeypot field to the Ghost Portal signup form to help mitigate bot signup activity. The honeypot field is hidden from regular users but can be filled out by bots, allowing Ghost to identify and log potential automated signups. This release focuses on properly implementing this anti-spam measure while ensuring it works consistently across page changes within Portal.

Highlight of the Release

• Added honeypot field to Portal signup form to detect and mitigate bot activity
• Improved state handling for Portal components
• Enhanced Portal functionality to maintain honeypot field state across page changes

Migration Guide

No migration steps are required for this release. The honeypot field implementation is handled automatically and doesn't require any configuration changes from administrators or developers.

Upgrade Recommendations

This release is recommended for all Ghost users, especially those experiencing issues with bot signups or spam accounts. The upgrade process is straightforward with no breaking changes:

1. Back up your Ghost installation as a precaution
2. Follow the standard Ghost update procedure for your installation method
3. No additional configuration is required after updating

The honeypot field will be automatically implemented in your Portal signup forms after the update.

Bug Fixes

Portal State Handling

• Fixed issues with state handling in Portal components to properly set and maintain field values
• Resolved inconsistencies in form state when navigating between different pages within Portal
• Addressed edge cases where form data wasn't properly preserved during user navigation

New Features

Honeypot Field for Bot Detection

Ghost Portal now includes a honeypot field in the signup form to help identify and mitigate bot signup activity. This field:

• Is hidden from regular users through CSS
• Logs potential bot activity when the field is filled out
• Maintains its state across page changes within Portal
• Provides a non-intrusive way to gather data on bot signup attempts

This implementation is currently in data collection mode, logging suspicious activity while Ghost evaluates the effectiveness of this approach.

Security Updates

Bot Mitigation Measures

While not a security fix for a specific vulnerability, this release enhances Ghost's security posture by:

• Adding a honeypot field to detect automated bot signups
• Implementing logging of suspected bot activity
• Creating infrastructure for potential future automated bot rejection

This is part of Ghost's ongoing efforts to protect sites from spam and automated abuse.

Performance Improvements

No specific performance improvements were mentioned in this release. The primary focus was on security enhancement through the implementation of the honeypot field in Portal.

Impact Summary

This release introduces a non-intrusive security enhancement to Ghost's Portal signup process through the implementation of a honeypot field. This helps site administrators identify and potentially block bot signups without affecting legitimate users. The implementation is currently in a data collection phase, logging suspicious activity to help Ghost evaluate and refine this approach.

The changes are focused on the Portal component, ensuring that the honeypot field works properly and maintains its state across page changes. This provides a foundation for future anti-spam measures while immediately beginning to collect data on bot activity.

For site administrators, this release offers improved protection against automated signups with no configuration required. For end users, the experience remains unchanged as the honeypot field is invisible to human visitors.

Full Release Notes