closes https://github.com/TryGhost/Team/issues/846
- members api was missing cacheControl middleware to declare its cache control headers
Co-authored-by: Rishabh <zrishabhgarg@gmail.com>
refs https://github.com/TryGhost/Team/issues/1200
- The leading/trailing whitespaces are trimmed by `new URL()` but are considered invalid in metascraper. Trimming solves this edge case.
refs https://github.com/TryGhost/Team/issues/960
- Character like "%%" or "%80" would crash our current url escaping
behavior. We consider they aren't valid URLs as the percentages
haven't been properly escaped.
refs https://github.com/TryGhost/Team/issues/1234
Sharp can occasionally fail resizing, this is usually due the the
underlying libvips library failing. We do not want this to cause an
error however, instead we should just show the original image - as
resizing is an optimisation, rather than a requirement.
closes https://github.com/TryGhost/Team/issues/819
- adds guard for an empty buffer when reading file from storage for resizing, if a blank image is loaded then redirect to the original file
refs https://github.com/TryGhost/Team/issues/1175
backports https://github.com/TryGhost/Ghost/pull/13680
We found the ETag header sent when serving the Admin template for /ghost/ was not changing between versions which after an upgrade could result in out of date cached content being served containing links to JS/CSS files that no longer existed.
The culprit is weak etags served by Node's `send` package, coupled with Admin template filesize not changing between versions and `npm pack` setting a fixed modification date for every file. See pillarjs/send#176 for more details.
- updated the Admin app's controller to read the template and generate an md5 hash of the contents so we can serve a strong ETag header value when serving the `/ghost/` html
no issue
- Added the `forceUpgrade` config setting to be able to use it together with BMA.
- The flag is a property of `host_settings` and is passed to the Admin client
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr
This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
no issue
- `RELEASE_TOKEN` is currently a GitHub personal token, but this
has some downsides:
- if the token ever expires and I'm unaware, it'll break the release
process
- GitHub Releases say the creator was `daniellockyer` even if someone
else actually did the release
- this commit switches over to using the built-in `GITHUB_TOKEN`, which
is owned by the `github-actions` app and should never expire
- aside from that, Ghost releases will be created by the neutral
`github-actions` account
no issue
- now 4.0 is out, the latest version is going to be higher than the
version we're trying to manually update to in this test
- the "latest version" for the 3.x branch should be v3 anyway, so this
commit updates that test to explicitly install v3
refs https://github.com/TryGhost/Team/issues/498
This was filling up logs with less than useful information - for every
single request made by a non-member to the frontend. Be gone!
closes https://github.com/TryGhost/Ghost/issues/12506
- adds an error handler that will rename the backup folder to the original name if the newly uploaded theme wasn't saved successfully
