No.
The branch over at GitHub - YunoHost-Apps/ghost_ynh: Ghost package for YunoHost is kept updated for the sake of having it available. However it will not work, since it contains the incompatibility with MariaDB.
Should we worry about the security updates? On Ghost forum I see an announcement that spurs everyone to update to v5.22.
"We have been made aware of a security vulnerability in Ghost 4.x between v4.46.0 and v4.48.8 and Ghost 5.x prior to v5.22.7. This is patched in the latest releases, which have already been rolled out on Ghost(Pro). Self-hosters should update to the latest versions as soon as possible.
Details:
On sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their privileges permanently or get access to further information. This issue was caused by a gap in our API validation for nested objects.
Ghost(Pro):
Ghost(Pro) has already been patched. We have investigated and found no evidence that the issue was exploited prior to the patch being added - meaning no customer sites have been compromised. As Ghost(Pro) is maintained by the Ghost core team, it is always patched immediately when any security incident is reported.
Patch & Workarounds:
v4.48.8 / v5.22.7 are patched for all known exploits
v4.48.9 / v5.24.1 contain deeper fixes to the API to close the potential for this vulnerability to appear elsewhere or regress
As a workaround, if for any reason you cannot update your Ghost instance, you can prevent this exploit by disabling members until an update can be performed."
Yes. None will be done in the foreseeable future.
1 Like
Luckily, I never created anything yet on the Ghost I installed 
I will probably use a flat file CMS instead. Still not decided on which one⊠Automad ? Bludit ? Grav ? HmmâŠ
Outch.
Itâs because yunohost should use postgresql and itâs not in todolist ?
No. Please read the Github issue on the Ghost repo.
YunoHost uses MariaDB in lieu of MySQL. Ghost will only support MySQL and says that itâs the knex library fault if an incompatibility arose.
Thanks for your time and patience.
@baudouinvh @freddewitt @GoustiFruit @mbro
I might have found a temporary workaround to fix the issue. Would you mind trying it?
To do a fresh install:
sudo yunohost app install https://github.com/YunoHost-Apps/ghost_ynh/tree/testing -f
To upgrade:
sudo yunohost app upgrade ghost -u https://github.com/YunoHost-Apps/ghost_ynh/tree/testing -F
1 Like
Test rapide: aucun problĂšme visible (installation seulement).
Ces messages quand mĂȘme Ă la fin du processus:
On a un souci régulier de détection du démarrage du service, rien de bien grave.
Le problĂšme actuel porte sur lâĂ©dition de nouveaux posts, peux-tu tenter dâen Ă©diter un?
Jâen ai crĂ©Ă© un nouveau â publiĂ© â OK; puis ai modifiĂ© â publiĂ© â OK; puis ai supprimĂ© aussi â OK.
Alors, quelle est cette magie: tu as résolu (contourné) le bins avec MariaDB ?
1 Like
As said on github, fresh install works with me 
I donât have my test env set up at the moment, but if nobody else comes in I can volunteer in a few days to test out the upgrade. Looking at the code, though, my guess is that if fresh installs work then upgrades will too 
I have âsimplyâ patched the code where the incompatibility happens. Hopefully it will not be a mouse-and-cat chase at every upgrade and they will fix it upstream soon.
1 Like
Iâve tried the upgrade route and something went wrong
I logged in as root and did not use sudo and donât think the problem is there. Am I making a terminal syntax mistake ?
1 Like
Probably: the last option should be UPPERCASE.
2 Likes
Hum, je vois que Ghost est maintenant marqué comme cassé :
- est-ce que câest toujours le problĂšme de compatibilitĂ© entre mysql et mariadb ?
- y a-t-il un espoir que les développeurs de Ghost changent leur positionnement sur mariadb ?
- ou faut-il chercher un remplacement ?
Je nâai pas encore commencĂ© Ă travailler sur mes sites sous Ghost, mais si je me lance, je nâai pas envie de me retrouver avec un outil qui risque de rapidement devenir obsolĂšte, ou pour lequel les mises Ă jour seront toujours problĂ©matiques. Je ne fais aucun reproche aux mainteneurs de yunohost, je me fais seulement du souci quant Ă la politique des gens de chez Ghost.
En passant, Ghost a des fonctions bien sympathiques (abonnement, newsletter, commentaires) : quel CMS/blog lĂ©ger, disponible sur yunohost, aurait quelque chose dâapprochant ? Sur ma liste, automad et bludit semblent toujours les plus faciles, mais je suis curieux, si quelquâun a une expĂ©rience avec dâautresâŠ
Bonjour !
Jâai un peu dĂ©laissĂ© Ghost dĂ©solé⊠câest un problĂšme avec nos tests automatisĂ©s qui plantent au moment du test de sauvegarde et restauration: YunoRunner for CI (yunohost.org)
Nos tests automatisés ne vérifient pas cela, mais a priori non.
Il faudra leur dĂ©mander. Ils se dĂ©douanent sur une bibliothĂšque quâils utilisent, knex.
Pour le reste de tes questions, elles sont bienvenues dans un fil dédié.
1 Like
Hum, la sauvegarde et la restauration semblent OK, non ? Câest Ă lâĂ©tape suivante, la suppression, que ça bloque ?
Bonjour Titus,
Je vois que Ghost est de nouveau fonctionnel.
Je voudrais savoir si la mise Ă jour est toujours problĂ©matique (moult difficultĂ©s pour y arriver), avec des risques de mise en berne pendant des pĂ©riodes indĂ©finies ; ou si ces soucis sont toujours temporaires et quâon peut continuer Ă utiliser lâapplication sans sâinquiĂ©ter outre mesure.
Jâaimerais bien installer Ghost pour un site, mais ces derniers mois mâont poussĂ©s dans les bras dâautres systĂšmes. Cependant, si Ghost reste relativement safe sur Yunohost, le dilemme me hante, peut-ĂȘtre que jây reviendraiâŠ
PS: bah, finalement, NON, je laisse tomber Ghost. Je nâai pas envie dâĂȘtre soumis Ă leurs dĂ©cisions. Donc retour au boulot, sur Automad, ou peut-ĂȘtre Bludit (Automad est plus compliquĂ©, mais permet plus de choses).