Today we are releasing Ghost 0.3.3 - which is a critical maintenance and security release, recommended for all users.
It's been an amazing (insane) week at Ghost HQ, and part of that has lead to us fixing a number of critical issues within Ghost core which we are releasing today as Ghost 0.3.3.
As well as fixing a couple of interaction bugs, this update fixes a number of critical security vulnerabilities and, as such, it is recommended that all users upgrade to 0.3.3 right away.
- [Fixed] Broken URL-based image uploads on settings screens
- [Fixed] Console error on content screen with no posts
- [Fixed] Empty previews on content screen after scroll
- [Fixed] Private data appearing in API response
- [Fixed] Various firefox display bugs
- [Fixed] Various security issues
- [Added] CSRF protection across the admin
- [Updated] Bookshelf to 0.5.7
- [Updated] Knex to 0.4.11
We want to thank our contributors for their responsible disclosure of these issues directly to our security team.
How To Upgrade
Upgrade documentation can be found at
All users can now download today's release, Ghost 0.3.3, from the Ghost.org download page.