Task #6: Ghost CMS Security Update — ✅ COMPLETE #32

New Issue

Closed

opened 2026-03-19 14:19:35 -05:00 by mkrause612 · 0 comments

mkrause612 commented 2026-03-19 14:19:35 -05:00

Owner

Copy Link

Ghost CMS Security Update — ✅ COMPLETE
Time: 15-30 minutes (actual: ~20 minutes)
Status: COMPLETE — March 13, 2026
Priority: Tier 0 — Critical Security
Documentation: docs/tasks/ghost-security-update/

Ghost CMS at firefrostgaming.com is running v6.16.1, vulnerable to two active CVEs. No workaround exists — must update to 6.19.3.

CVEs:

• CVE-2026-26980 (CVSS 9.4 Critical) — SQL injection in Content API, unauthenticated DB read
• CVE-2026-29784 (CVSS 7.5 High) — CSRF account takeover via session/verify endpoint

Key Deliverables:

• Ghost updated to v6.19.3 on Ghost VPS (64.50.188.14)
• Site verified operational post-update
• Infrastructure manifest updated (Ghost CMS was undocumented)

Dependencies: Requires SSH access to Ghost VPS (64.50.188.14)

See task directory for complete update procedure (CLI and Docker paths both documented).

---

Full docs: docs/core/tasks.md or task directory

Ghost CMS Security Update — ✅ COMPLETE **Time:** 15-30 minutes (actual: ~20 minutes) **Status:** COMPLETE — March 13, 2026 **Priority:** Tier 0 — Critical Security **Documentation:** `docs/tasks/ghost-security-update/` Ghost CMS at firefrostgaming.com is running v6.16.1, vulnerable to two active CVEs. No workaround exists — must update to 6.19.3. **CVEs:** - CVE-2026-26980 (CVSS 9.4 Critical) — SQL injection in Content API, unauthenticated DB read - CVE-2026-29784 (CVSS 7.5 High) — CSRF account takeover via session/verify endpoint **Key Deliverables:** - Ghost updated to v6.19.3 on Ghost VPS (64.50.188.14) - Site verified operational post-update - Infrastructure manifest updated (Ghost CMS was undocumented) **Dependencies:** Requires SSH access to Ghost VPS (64.50.188.14) **See task directory for complete update procedure (CLI and Docker paths both documented).** --- **Full docs:** `docs/core/tasks.md` or task directory

mkrause612 added the

status

done

type

task

area/operations labels 2026-03-19 14:19:35 -05:00

mkrause612 added this to the Firefrost Operations project 2026-03-19 14:42:10 -05:00

mkrause612 referenced this issue 2026-03-19 14:54:47 -05:00

Task #6: Ghost CMS Security Update — ✅ COMPLETE #25

mkrause612 referenced this issue 2026-03-19 15:02:14 -05:00

Task #46: Server-to-Server SSH Key Setup #64

mkrause612 referenced this issue from a commit 2026-03-19 15:02:37 -05:00

fix: correct Task #32 numbering (was incorrectly labeled Task #31)

mkrause612 referenced this issue 2026-03-19 15:11:00 -05:00

Task #32: Terraria Branding Training Arc #50

mkrause612 changed title from Task #38: Ghost CMS Security Update to Task #6: Ghost CMS Security Update — ✅ COMPLETE 2026-03-19 15:11:28 -05:00

mkrause612 closed this issue 2026-03-19 15:20:48 -05:00

mkrause612 referenced this issue from a commit 2026-03-19 15:22:21 -05:00

fix: close all completed tasks and add missing Mailcow issue

mkrause612 referenced this issue 2026-03-20 23:51:24 -05:00

Task #32: Terraria Branding Training Arc #116

mkrause612 referenced this issue 2026-03-21 02:33:40 -05:00

Task #32: Terraria Branding Training Arc #184

mkrause612 referenced this issue from a commit 2026-04-08 09:32:41 -05:00

feat: Add task_number to YAML frontmatter for 26 tasks

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

Clear labels

area/automation

n8n workflows and automation

area/billing

Paymenter billing system

area/development-tools

Internal tools for workflow automation and team productivity

area/email

Mailcow email system

area/game-servers

Minecraft or other game servers

area/networking

Network infrastructure and configuration

area/operations

General operations and documentation

area/panel

Pterodactyl Panel

area/website

Ghost CMS website

area/wings

Pterodactyl Wings

duplicate

This issue is a duplicate of another issue

for/holly

Assigned to Holly (unicorn20089)

for/meg

Assigned to Meg (GingerFury)

for/michael

Assigned to Michael (Frostystyle)

good-first-issue

Good for newcomers

help-wanted

Extra attention needed

needs-board-sync

New issue needs to be added to project board

operations

priority

critical

Emergency — immediate attention required

priority

high

Important — address soon

priority

low

Nice to have, not urgent

priority

medium

Normal priority

status

backlog

Not yet started, in backlog

status

blocked

Cannot proceed, blocked by dependency

status

done

Completed and closed

status

in-progress

Currently being worked on

status

review

Work complete, awaiting review

status

to-do

Ready to start, in queue

type

bug

Something isn't working

type

docs

Documentation improvements or additions

type

feature

New feature or enhancement request

type

infrastructure

Infrastructure, deployment, or DevOps work

type

refactor

Code refactoring or technical debt

type

task

General task or work item

wont-do

This will not be worked on

No Label area/operations

status

done

type

task

Milestone

No items

No Milestone

Projects

Clear projects

No project Firefrost Operations

Assignees

Clear assignees

Gingerfury Unicorn20089 mkrause612

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: firefrost-gaming/firefrost-operations-manual#32