Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Ghost: Urgent Security Update

    Ghost
    4
    9
    251
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcusquinn
      marcusquinn last edited by

      • https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8

      This doesn't seem to have been applied yet?

      We're not here for a long time - but we are here for a good time :)
      Jersey/UK
      Work & Ecommerce Advice: https://brandlight.org
      Personal & Software Tips: https://marcusquinn.com

      jdaviescoates 1 Reply Last reply Reply Quote 1
      • jdaviescoates
        jdaviescoates @marcusquinn last edited by

        @marcusquinn Fixed in 5.2.3, which is what Cloudron is on ( and has been for a while, I think since v soon after it was available )

        I use Cloudron with Gandi & Hetzner

        1 Reply Last reply Reply Quote 0
        • marcusquinn
          marcusquinn last edited by

          I've clicked "Check for Updates" several times, and it's not offering me anything beyond 5.2.2 😞

          We're not here for a long time - but we are here for a good time :)
          Jersey/UK
          Work & Ecommerce Advice: https://brandlight.org
          Personal & Software Tips: https://marcusquinn.com

          jdaviescoates 1 Reply Last reply Reply Quote 0
          • jdaviescoates
            jdaviescoates @marcusquinn last edited by

            @marcusquinn sounds like you need to update Cloudron

            I use Cloudron with Gandi & Hetzner

            marcusquinn 1 Reply Last reply Reply Quote 1
            • marcusquinn
              marcusquinn @jdaviescoates last edited by

              @jdaviescoates No can do for this version, as it breaks our LDAP integrations. App updates really should not be tied to Cloudron updates either. I can't imagine why they would be in this case either.

              We're not here for a long time - but we are here for a good time :)
              Jersey/UK
              Work & Ecommerce Advice: https://brandlight.org
              Personal & Software Tips: https://marcusquinn.com

              girish jdaviescoates fbartels 3 Replies Last reply Reply Quote 0
              • girish
                girish Staff @marcusquinn last edited by

                @marcusquinn Are you not on 7.2? What is the LDAP bug you are hitting?

                1 Reply Last reply Reply Quote 0
                • jdaviescoates
                  jdaviescoates @marcusquinn last edited by

                  @marcusquinn said in Ghost: Urgent Security Update:

                  App updates really should not be tied to Cloudron updates either

                  Agree, but it seems they quite often are (I've hit this a couple of times recently)

                  I use Cloudron with Gandi & Hetzner

                  1 Reply Last reply Reply Quote 0
                  • fbartels
                    fbartels App Dev @marcusquinn last edited by

                    @marcusquinn said in Ghost: Urgent Security Update:

                    App updates really should not be tied to Cloudron updates either

                    In this specific case it is because the app packaging makes use of a feature only available in Cloudron >=7.2.

                    https://git.cloudron.io/cloudron/ghost-app/-/commit/ceab152d282cccc12d0cee68b5f4a7e336a8b8dd

                    marcusquinn 1 Reply Last reply Reply Quote 2
                    • marcusquinn
                      marcusquinn @fbartels last edited by

                      @fbartels Thanks, guessed as much. Something we'll need to have a think about.

                      We're not here for a long time - but we are here for a good time :)
                      Jersey/UK
                      Work & Ecommerce Advice: https://brandlight.org
                      Personal & Software Tips: https://marcusquinn.com

                      1 Reply Last reply Reply Quote 0
                      • Topic has been marked as a question  marcusquinn marcusquinn 
                      • Topic has been marked as solved  marcusquinn marcusquinn 
                      • First post
                        Last post
                      Powered by NodeBB