- Updates the prepare script in the top level to run prepare on packages, so
that packages can be built when running `yarn`
- Updates the build script in ghost/core to run build on packages, so that
packages are built before being monobundled
- Updates monobundle to be a dependency and use the new TryGhost repo, which
includes some minor fixes and improvements, such as supporting devDeps
- Updates the GitHub workflows to run the build command in the top level
directory rather than ghost/core so that other packages are built, too.
refs https://ghost.slack.com/archives/C025584CA/p1683105468216909
When holding cmd,ctrl or shift when clicking a post list item, it would try to select it. But that meant some user flows were broken where users would open multiple posts at the same time in a new tab.
This change allows you to cmd/ctrl/shift/right click on the edit button again.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9
Because our filtering layer is so coupled to the DB and we don't generally
apply restrictions, it was possible to fetch authors and filter by their
password or email field. Coupled with the "starts with" operator this can be
used to brute force the first character of these fields by trying random
combinations until an author is included in the filter. After which the next
character can be brute forced, and so on until the data has been leaked
completely.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9
Because our filtering layer is so coupled to the DB and we don't generally
apply restrictions, it was possible to fetch authors and filter by their
password or email field. Coupled with the "starts with" operator this can be
used to brute force the first character of these fields by trying random
combinations until an author is included in the filter. After which the next
character can be brute forced, and so on until the data has been leaked
completely.
no issue
There was an error when generating the snapshot for this test. It never ran, so the snapshot was never committed. On top of that, the generated snapshot would change every time because the email verification token was not replaced with a static value.
closes https://github.com/TryGhost/Team/issues/3137
We have now included the ability to display an "Unpublished" tag for revisions that have been unpublished. The tag is only displayed when the revision's reason property is set to "unpublished". A new revision is triggered when a post is unpublished, regardless whether there's a change in the content.
refs https://github.com/TryGhost/Team/issues/3129
This has copied the same pattern from the gh-user-list-item component.
Co-authored-by: Sanne de Vries <sannedv@protonmail.com>
fixes https://github.com/TryGhost/Team/issues/2385
The Sentry version has been locked to v7.11.1 for some time because Sentry still used a legacy Node feature, called domains. Due to a bug or change in in Noide 16+, those domains broke handling uncaught promise execptions. So Ghost crashed when a promise exception wasn't caught. But that shouldn't be the case because we have a global uncaught exception handler.
Luckily Sentry switched to AsyncLocalStorage in v7.48.0. This fixes the issue as demonstrated in c0cd62184c
no issue
- Hide post preview select if there is no published posts yet.
---
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
copilot:summary
- we have calls to the metrics library so we can measure the time it
takes the Mailgun API to return a response
- however, there's a bug in the code whereby if the `batchHandler`
takes a long time and then throws an error, this time will be reported
to metrics
- this is misleading because it looks like Mailgun is taking a long time
if the databases are slow
- this pulls the specific SDK call out into a function so it's easier to
wrap with timing code
refs https://ghost.slack.com/archives/C02G9E68C/p1682941387256079?thread_ts=1682507718.761429&cid=C02G9E68Chttps://github.com/TryGhost/Team/issues/3123
This commit modifies the revisionList method to sort the revisions array by createdAt property in descending order, instead of reversing the order of the array. This makes the code more intuitive and easier to follow for future developers.
Additionally, the published_latest key-value pair is renamed to initial_publish to better reflect its meaning. This key-value pair is added to the revision object at the index where the post status changed from 'draft' to 'published', indicating the initial publication of the post.
refs https://github.com/TryGhost/Team/issues/3123
This commit modifies the revisionList method to add a new key-value pair published_latest: true to the object if the current index matches with the index of the latest published revision with the reason 'published'. The change only affects the latest published revision and doesn't modify any existing data. This update improves the display of post revisions by highlighting the latest published revision in the list.