Update the app Ghost to fix a security flaw

EN :uk:

A security vulnerability has been found this week in Ghost apps, it is recommended to upgrade the Ghost application to version 4.16+.

About this vulnerability

"Ghost has found and fixed a breach that allowed unauthenticated email users to change the email addresses of arbitrary member accounts. Details can be found here.

Affected versions

The vulnerability affects Ghost versions between 3.18.0 and 4.15.0 (inclusive), which includes the version of Ghost used previously in YunoHost.

If you can’t upgrade

As a temporary measure: before upgrading, you can use the permission system to block acees to your app OR you can block the POST /members/api/send-magic-link/ endpoint with a change in nginx config.

Thanks to @slnsrt who gives us the alert :heart:


Thank you for the report! An upgrade is being tested: Upgrade to v4.16.0 by tituspijean · Pull Request #49 · YunoHost-Apps/ghost_ynh · GitHub


Excellent. Looking forward to the upgrade. Many thanks.

@slnsrt I transformed your first message to make a security announcement.


Many thanks to all those involved in facilitating the security patch, update and upgrade. Excellent team work.


1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.