This affects all sites using the PDF export, not just those using the remote SSH login feature. We are not aware of any malicious use of this issue. Users should update their system and application packages as soon as possible. Otherwise, we strongly recommend disabling PDF exports for public sites with the -dSAFER flag.
New Feature: Nginx Support for HTTP/2 If Nginx is installed on your system, you can now enable support for HTTP/2 by installing the nginx-http2 package. To enable support, you just need to run the following command in your project’s directory: $ npm update ghost --force The --force flag is necessary to update the dependency cache of Ghost. Once you have done this, your site will be served over HTTP/2. You can check the communication over HTTP/2 status by running the following command: $ npm inspect ghost -v Host: `https://[Your Site]` You should see something like this: “Connecting to https://[Your Site]’s SSL port h2.” You can also use the -p flag to see the protocol used by your site: $ npm inspect ghost -p `https://[Your Site]` You can also configure Nginx to disable HTTP/2 on your site by adding the following rule to your server block: http/2 off You can find more detailed instructions on how to set up HTTP/2 with Nginx on the Nginx website
What’s New in Ghost v2.0?
Ghost v2.0 includes a number of new features, improvements, and bug fixes.
New Feature: Support for Ghost-Sync
Ghost-Sync is a new feature in the latest version of Ghost that allows you to synchronize your content with a remote Ghost instance. To do this, you simply need to specify what directory on your local machine stores the export files for your site, and then run the following command: $ ghcjs -m ghost-sync --directory /var/www/ghost/exports
Node.js version updates
We recommend updating your Node.js version to the latest release (currently v4.9.0) as soon as possible. This is not a vulnerability, but it does address several known issues with the 4.8 release.
New Feature: Nginx Support for HTTP/2 If Nginx is installed on your system, you can now enable support for HTTP/2 by installing the nginx-http2 package. To enable support, you just need to run the following command in your project’s directory: $ npm update ghost --force The --force flag is necessary to update the dependency cache of Ghost. Once you have done this, your site will be served over HTTP/2. You can check the communication over HTTP/2 status by running the following command: $ npm inspect ghost -v Host: `https://[Your Site]` You should see something like this: “Connecting to https://[Your Site]’s SSL port h2.” You can also use the -p flag to see the protocol used by your site: $ npm inspect ghost -p `https://[Your Site]` You can also configure Nginx to disable HTTP/2 on your site by adding the following rule to your server block: http/2 off You can find more detailed instructions on how to set up HTTP/2 with Nginx on the Nginx website
Timeline
Published on: 11/06/2022 17:15:00 UTC
Last modified on: 11/10/2022 06:45:00 UTC