Task #6: Ghost CMS Security Update — ✅ COMPLETE #91

New Issue

Open

opened 2026-03-20 21:05:25 -05:00 by mkrause612 · 0 comments

mkrause612 commented 2026-03-20 21:05:25 -05:00

Owner

Copy Link

Task #6: Ghost CMS Security Update — ✅ COMPLETE

Time Estimate: 15-30 minutes (actual: ~20 minutes)

Documentation: docs/tasks/ (see operations manual)

---

Time: 15-30 minutes (actual: ~20 minutes)
Status: COMPLETE — March 13, 2026
Priority: Tier 0 — Critical Security
Documentation: docs/tasks/ghost-security-update/

Ghost CMS at firefrostgaming.com is running v6.16.1, vulnerable to two active CVEs. No workaround exists — must update to 6.19.3.

CVEs:

• CVE-2026-26980 (CVSS 9.4 Critical) — SQL injection in Content API, unauthenticated DB read
• CVE-2026-29784 (CVSS 7.5 High) — CSRF account takeover via session/verify endpoint

Key Deliverables:

• Ghost updated to v6.19.3 on Ghost VPS (64.50.188.14)
• Site verified operational post-update
• Infrastructure manifest updated (Ghost CMS was undocumented)

Dependencies: Requires SSH access to Ghost VPS (64.50.188.14)

See task directory for complete update procedure (CLI and Docker paths both documented).

---

---

Source: docs/core/tasks.md (Task #6)

### Task #6: Ghost CMS Security Update — ✅ COMPLETE **Time Estimate:** 15-30 minutes (actual: ~20 minutes) **Documentation:** `docs/tasks/` (see operations manual) --- **Time:** 15-30 minutes (actual: ~20 minutes) **Status:** COMPLETE — March 13, 2026 **Priority:** Tier 0 — Critical Security **Documentation:** `docs/tasks/ghost-security-update/` Ghost CMS at firefrostgaming.com is running v6.16.1, vulnerable to two active CVEs. No workaround exists — must update to 6.19.3. **CVEs:** - CVE-2026-26980 (CVSS 9.4 Critical) — SQL injection in Content API, unauthenticated DB read - CVE-2026-29784 (CVSS 7.5 High) — CSRF account takeover via session/verify endpoint **Key Deliverables:** - Ghost updated to v6.19.3 on Ghost VPS (64.50.188.14) - Site verified operational post-update - Infrastructure manifest updated (Ghost CMS was undocumented) **Dependencies:** Requires SSH access to Ghost VPS (64.50.188.14) **See task directory for complete update procedure (CLI and Docker paths both documented).** --- --- **Source:** `docs/core/tasks.md` (Task #6)

mkrause612 added the

status

backlog

priority

critical

type

infrastructure

area/websitefor/michael labels 2026-03-20 21:05:25 -05:00

mkrause612 referenced this issue from a commit 2026-04-04 11:27:32 -05:00

Add Task #91: Fix Server Matrix node detection

mkrause612 referenced this issue from a commit 2026-04-05 04:09:32 -05:00

Session handoff: FOMO complete, Task #91 fixed, architecture documented

mkrause612 referenced this issue from a commit 2026-04-05 04:39:01 -05:00

Chronicler #60 Momentum — Lineage update

mkrause612 referenced this issue from a commit 2026-04-05 04:45:19 -05:00

Final session handoff — Momentum complete

mkrause612 referenced this issue from a commit 2026-04-08 09:32:41 -05:00

feat: Add task_number to YAML frontmatter for 26 tasks

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

Clear labels

area/automation

n8n workflows and automation

area/billing

Paymenter billing system

area/development-tools

Internal tools for workflow automation and team productivity

area/email

Mailcow email system

area/game-servers

Minecraft or other game servers

area/networking

Network infrastructure and configuration

area/operations

General operations and documentation

area/panel

Pterodactyl Panel

area/website

Ghost CMS website

area/wings

Pterodactyl Wings

duplicate

This issue is a duplicate of another issue

for/holly

Assigned to Holly (unicorn20089)

for/meg

Assigned to Meg (GingerFury)

for/michael

Assigned to Michael (Frostystyle)

good-first-issue

Good for newcomers

help-wanted

Extra attention needed

needs-board-sync

New issue needs to be added to project board

operations

priority

critical

Emergency — immediate attention required

priority

high

Important — address soon

priority

low

Nice to have, not urgent

priority

medium

Normal priority

status

backlog

Not yet started, in backlog

status

blocked

Cannot proceed, blocked by dependency

status

done

Completed and closed

status

in-progress

Currently being worked on

status

review

Work complete, awaiting review

status

to-do

Ready to start, in queue

type

bug

Something isn't working

type

docs

Documentation improvements or additions

type

feature

New feature or enhancement request

type

infrastructure

Infrastructure, deployment, or DevOps work

type

refactor

Code refactoring or technical debt

type

task

General task or work item

wont-do

This will not be worked on

No Label area/website for/michael

priority

critical

status

backlog

type

infrastructure

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Gingerfury Unicorn20089 mkrause612

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: firefrost-gaming/firefrost-operations-manual#91