If you rely on a Ghost installation on DigitalOcean , you will have to update it from time to time. Here are the steps we take to make sure my Ghost installation is up-to-date.

The platform released v5.2.3 which patchs affected versions <= 4.48.1, 5.0.0 - 5.2.2 from remote code execution in locale setting. A vulnerability in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor.

Workaround

Patched versions of Ghost add validation to the locale input to prevent execution of arbitrary files. Updating Ghost is the quickest complete solution. As a workaround, if for any reason you cannot update your Ghost instance. For more information, please follow this link or contact security@ghost.org and they will answer to your questions.

We love toys and all things geeky! The idea that this stormtrooper would guard our desk when away was something we wanted to try and capture. Also the white armour fits perfectly with the minimal aesthetic of our tech.
Photo by Liam Tucker / Unsplash

First thing first, please proceed to a backup. Whenever you decide to make major changes to your Droplet on Digital Ocean, it is highly recommended to create a backup before anything.

Then, access to your doplet using the terminal and entering the command line as follow :

ssh root@[yourdomain]

Right after you logged in, switch h to ghost-mgr user. To upgrade or maintain the Ghost install in future, you’ll always have to become the ghost-mgr user in order to have the correct permissions:

sudo -i -u ghost-mgr

All tasks can be completed with the Ghost-CLI tool. Run ghost help for an overview of available commands, or check out the Ghost-CLI docs for full details.

Once you've become the ghost-mgr user, navigate to the Ghost installation location by default using the cd command as below :

cd /var/www/ghost

Next, you can check-update to double checked which version you're using and if there is any new version available. Bingo ! The current version is 5.2.2 and the latest versions is 5.2.3 so we can immediatly proceed to the update.

Then, we can verify which version of Ghost the server is running and ensure the update went well.

We are running Ghost v5.2.3 so everything worked perfectly. Note that if If Ghost Manager is out of date, you will want to update that first and then run ghost update again. To update Ghost Manager, use the command :

sudo npm install -g ghost-cli@latest

You need to pay attention to the terminal output. For example, if there are files or directories with incorrect permissions, you will be asked to run a chmod command as below :

sudo find ./ ! -path "./versions/*" -type f -exec chmod 664 {} \;”

Ghost stops and restarts by itself while updating so you don't need to add any step to the process. However, after the successful update, you can quit the ghost-mgr user using the command exit and restart the droplet by typing sudo reboot.

Happy blogging !

Share this post