🐛 Fixed update notification showing after upgrade

refs https://github.com/TryGhost/Team/issues/754 refs https://github.com/TryGhost/Team/issues/204 refs https://forum.ghost.org/t/critical-security-notification-keeps-displaying-even-after-updating-to-the-latest-version/23673 - After Ghost instance upgrade higher than v4.3.3 the security notification should not be shown any more, as the instance is now patched and fixes the issue. - There was no way to derive the targetted Ghost version of the notification message so had to include matching based on other unique id of the message. - Future improvements to update check/notifications should take this inconvenience into account (e.g. introduce a special field in notifications that tracks targetted Ghost instance version)
2025-01-20 22:42:53 -05:00 · 2021-06-28 11:25:04 +04:00 · 2021-06-28 11:25:04 +04:00 · 3f2327c4d1
commit 3f2327c4d1
parent c328ab781b
1 changed files with 10 additions and 1 deletions
--- a/core/server/services/notifications/notifications.js
+++ b/core/server/services/notifications/notifications.js
@ -78,11 +78,20 @@ class Notifications {
            //       is done (https://github.com/TryGhost/Ghost/issues/10236) and notifications are
            //       be removed permanently on upgrade event.
            const ghostMajorRegEx = /Ghost (?<major>\d).0 is now available/gi;
+            const ghostSec43 = /GHSA-9fgx-q25h-jxrg/gi;

            // CASE: do not return old release notification
-            if (notification.message && (!notification.custom || notification.message.match(ghostMajorRegEx))) {
+            if (notification.message
+                && (!notification.custom || notification.message.match(ghostMajorRegEx) || notification.message.match(ghostSec43))) {
                let notificationVersion = notification.message.match(/(\d+\.)(\d+\.)(\d+)/);

+                if (!notificationVersion && notification.message.match(ghostSec43)) {
+                    // Treating "GHSA-9fgx-q25h-jxrg" notification as 4.3.3 because there's no way to detect version
+                    // from it's message. In the future we should consider having a separate field with version
+                    // coming with each notification
+                    notificationVersion = ['4.3.3'];
+                }
+
                const ghostMajorMatch = ghostMajorRegEx.exec(notification.message);
                if (ghostMajorMatch && ghostMajorMatch.groups && ghostMajorMatch.groups.major) {
                    notificationVersion = `${ghostMajorMatch.groups.major}.0.0`;