firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

Task #6: Ghost CMS Security Update — COMPLETE #25

New Issue
Closed
opened 2026-03-19 14:19:07 -05:00 by mkrause612 · 1 comment
mkrause612 commented 2026-03-19 14:19:07 -05:00
Owner
Copy Link

Ghost CMS Security Update — COMPLETE
Time: 15-30 minutes (actual: ~20 minutes)
Status: COMPLETE — March 13, 2026
Priority: Tier 0 — Critical Security
Documentation: docs/tasks/ghost-security-update/

Ghost CMS at firefrostgaming.com is running v6.16.1, vulnerable to two active CVEs. No workaround exists — must update to 6.19.3.

CVEs:

  • CVE-2026-26980 (CVSS 9.4 Critical) — SQL injection in Content API, unauthenticated DB read
  • CVE-2026-29784 (CVSS 7.5 High) — CSRF account takeover via session/verify endpoint

Key Deliverables:

  • Ghost updated to v6.19.3 on Ghost VPS (64.50.188.14)
  • Site verified operational post-update
  • Infrastructure manifest updated (Ghost CMS was undocumented)

Dependencies: Requires SSH access to Ghost VPS (64.50.188.14)

See task directory for complete update procedure (CLI and Docker paths both documented).

See full documentation: docs/tasks/ or docs/core/tasks.md

Ghost CMS Security Update — ✅ COMPLETE **Time:** 15-30 minutes (actual: ~20 minutes) **Status:** COMPLETE — March 13, 2026 **Priority:** Tier 0 — Critical Security **Documentation:** `docs/tasks/ghost-security-update/` Ghost CMS at firefrostgaming.com is running v6.16.1, vulnerable to two active CVEs. No workaround exists — must update to 6.19.3. **CVEs:** - CVE-2026-26980 (CVSS 9.4 Critical) — SQL injection in Content API, unauthenticated DB read - CVE-2026-29784 (CVSS 7.5 High) — CSRF account takeover via session/verify endpoint **Key Deliverables:** - Ghost updated to v6.19.3 on Ghost VPS (64.50.188.14) - Site verified operational post-update - Infrastructure manifest updated (Ghost CMS was undocumented) **Dependencies:** Requires SSH access to Ghost VPS (64.50.188.14) **See task directory for complete update procedure (CLI and Docker paths both documented).** --- **See full documentation:** `docs/tasks/` or `docs/core/tasks.md`
mkrause612 added the
status
done
type
task
area/operations labels 2026-03-19 14:19:07 -05:00
mkrause612 added this to the Firefrost Operations project 2026-03-19 14:42:21 -05:00
mkrause612 commented 2026-03-19 14:54:47 -05:00
Author
Owner
Copy Link

Duplicate of #32

Closing this duplicate. All discussion and tracking should happen in #32.

**Duplicate of #32** Closing this duplicate. All discussion and tracking should happen in #32.
mkrause612 added duplicate and removed
status
done
type
task
area/operations labels 2026-03-19 14:54:47 -05:00
mkrause612 changed title from Task #38: Ghost CMS Security Update to Task #6: Ghost CMS Security Update — COMPLETE 2026-03-19 15:11:28 -05:00
mkrause612 added
status
blocked
 and removed duplicate labels 2026-03-19 15:21:54 -05:00
mkrause612 added
status
done
 and removed
status
blocked
 labels 2026-03-19 15:23:51 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/automation
n8n workflows and automation
 area/billing
Paymenter billing system
 area/development-tools
Internal tools for workflow automation and team productivity
 area/email
Mailcow email system
 area/game-servers
Minecraft or other game servers
 area/networking
Network infrastructure and configuration
 area/operations
General operations and documentation
 area/panel
Pterodactyl Panel
 area/website
Ghost CMS website
 area/wings
Pterodactyl Wings
 duplicate
This issue is a duplicate of another issue
 for/holly
Assigned to Holly (unicorn20089)
 for/meg
Assigned to Meg (GingerFury)
 for/michael
Assigned to Michael (Frostystyle)
 good-first-issue
Good for newcomers
 help-wanted
Extra attention needed
 needs-board-sync
New issue needs to be added to project board
 operations
priority
critical
Emergency — immediate attention required
priority
high
Important — address soon
priority
low
Nice to have, not urgent
priority
medium
Normal priority
status
backlog
Not yet started, in backlog
status
blocked
Cannot proceed, blocked by dependency
status
done
Completed and closed
status
in-progress
Currently being worked on
status
review
Work complete, awaiting review
status
to-do
Ready to start, in queue
type
bug
Something isn't working
type
docs
Documentation improvements or additions
type
feature
New feature or enhancement request
type
infrastructure
Infrastructure, deployment, or DevOps work
type
refactor
Code refactoring or technical debt
type
task
General task or work item
wont-do
This will not be worked on
No Label
status
done
Milestone
No items
No Milestone
Projects
Clear projects
No project Firefrost Operations
Assignees
Clear assignees
Gingerfury Unicorn20089 mkrause612
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: firefrost-gaming/firefrost-operations-manual#25
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?