Ghost: Urgent Security Update

marcusquinn

• https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8

This doesn't seem to have been applied yet?

jdaviescoates

@marcusquinn Fixed in 5.2.3, which is what Cloudron is on ( and has been for a while, I think since v soon after it was available )

marcusquinn

I've clicked "Check for Updates" several times, and it's not offering me anything beyond 5.2.2

jdaviescoates

@marcusquinn sounds like you need to update Cloudron

marcusquinn

@jdaviescoates No can do for this version, as it breaks our LDAP integrations. App updates really should not be tied to Cloudron updates either. I can't imagine why they would be in this case either.

girish

@marcusquinn Are you not on 7.2? What is the LDAP bug you are hitting?

jdaviescoates

@marcusquinn said in Ghost: Urgent Security Update:

App updates really should not be tied to Cloudron updates either

Agree, but it seems they quite often are (I've hit this a couple of times recently)

fbartels

@marcusquinn said in Ghost: Urgent Security Update:

App updates really should not be tied to Cloudron updates either

In this specific case it is because the app packaging makes use of a feature only available in Cloudron >=7.2.

https://git.cloudron.io/cloudron/ghost-app/-/commit/ceab152d282cccc12d0cee68b5f4a7e336a8b8dd

marcusquinn

@fbartels Thanks, guessed as much. Something we'll need to have a think about.