Ghost/core/shared/config/defaults.json
Fabien O'Carroll 944c2cc9af
🔒 Fixed member email change vulnerability
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
2021-09-23 10:49:30 +01:00

128 lines
2.8 KiB
JSON

{
"url": "http://localhost:2368",
"server": {
"host": "127.0.0.1",
"port": 2368,
"shutdownTimeout": 60000
},
"admin": {
"redirects": true
},
"updateCheck": {
"url": "https://updates.ghost.org",
"forceUpdate": false
},
"privacy": false,
"useMinFiles": true,
"paths": {
"contentPath": "content/"
},
"adapters": {
"sso": {
"active": "Default"
}
},
"storage": {
"active": "LocalFileStorage"
},
"scheduling": {
"active": "SchedulingDefault"
},
"members": {
"contentApiAccess": [],
"paymentProcessors": [],
"emailTemplate": {
"showSiteHeader": true,
"showPoweredBy": true
}
},
"logging": {
"level": "info",
"rotation": {
"enabled": false,
"period": "1d",
"count": 10
},
"transports": ["stdout"],
"slowHelper": {
"level": "warn",
"threshold": 200
}
},
"spam": {
"user_login": {
"minWait": 600000,
"maxWait": 604800000,
"freeRetries": 4
},
"user_reset": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries": 4
},
"global_reset": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries":4
},
"global_block": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries":99
},
"private_block": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries":99
},
"content_api_key": {
"minWait": 3600000,
"maxWait": 86400000,
"lifetime": 3600,
"freeRetries": 99
}
},
"caching": {
"frontend": {
"maxAge": 0
},
"301": {
"maxAge": 31536000
},
"customRedirects": {
"maxAge": 31536000
},
"favicon": {
"maxAge": 86400
},
"sitemap": {
"maxAge": 3600
},
"robotstxt": {
"maxAge": 3600000
}
},
"imageOptimization": {
"resize": true,
"srcsets": true
},
"compress": true,
"preloadHeaders": false,
"adminFrameProtection": true,
"sendWelcomeEmail": true,
"stripeDirect": false,
"enableStripePromoCodes": false,
"emailAnalytics": true,
"backgroundJobs": {
"emailAnalytics": true
},
"portal": {
"url": "https://unpkg.com/@tryghost/portal@~1.10.0/umd/portal.min.js",
"version": "1.10"
}
}