firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
0dab5abb58d3cd1971ffcf47321b736f28ecc0d2
firefrost-operations-manual/docs/tasks/ghost-security-update/deployment-plan.md
Claude 830599ce44 feat: add Task #38 — Ghost CMS urgent security update 
CVE-2026-26980 (CVSS 9.4) + CVE-2026-29784 (CVSS 7.5)
Current version: 6.16.1 (vulnerable)
Target version: 6.19.3 (patches both CVEs)
Exposure window: March 2 - present

Deployment plan covers both Ghost CLI and Docker update paths.
Ghost CMS flagged as undocumented service — manifest update needed.

Created by Chronicler #29
2026-03-10 23:18:56 +00:00

178 lines
2.4 KiB
Markdown
Raw Blame History

# Deployment Plan — Ghost CMS Security Update
**Task:** Ghost CMS Security Update
**Document Type:** deployment-plan
**Status:** ACTIVE
**Last Updated:** 2026-03-10
**Target Version:** 6.19.3 (patches CVE-2026-26980 + CVE-2026-29784)
---
## Pre-Flight
SSH into Ghost VPS:
```bash
ssh root@64.50.188.14
```
Check current Ghost version to confirm:
```bash
ghost version
```
If `ghost` command not found, detect install method:
```bash
which ghost
```
```bash
docker ps | grep ghost
```
```bash
find / -name "ghost" -type d 2>/dev/null | grep -v proc | head -10
```
---
## Step 1 — Identify Install Method
**If `ghost version` works → Ghost CLI install. Follow Path A.**
**If `docker ps` shows a Ghost container → Docker install. Follow Path B.**
---
## Path A: Ghost CLI Update (most likely)
**Step 1 — Navigate to Ghost directory:**
```bash
cd /var/www/ghost
```
**Step 2 — Run the update:**
```bash
ghost update 6.19.3
```
**Step 3 — Confirm version:**
```bash
ghost version
```
**Step 4 — Check status:**
```bash
ghost status
```
Expected output: Ghost is running, version 6.19.3
---
## Path B: Docker Update
**Step 1 — Find the compose file:**
```bash
find / -name "docker-compose.yml" 2>/dev/null | xargs grep -l ghost
```
**Step 2 — Navigate to it:**
```bash
cd /path/to/ghost/compose/
```
**Step 3 — Update the image tag in docker-compose.yml:**
Change:
```
image: ghost:6.16.1
```
To:
```
image: ghost:6.19.3
```
**Step 4 — Pull and restart:**
```bash
docker-compose pull
```
```bash
docker-compose up -d
```
**Step 5 — Confirm:**
```bash
docker ps | grep ghost
```
---
## Post-Update Verification
**Check the admin panel loads:**
```
https://firefrostgaming.com/ghost
```
**Verify version in admin footer — should read 6.19.3**
**Check site is serving correctly:**
```
https://firefrostgaming.com
```
**Check Ghost process is healthy:**
```bash
ghost status
```
---
## If Something Goes Wrong
**Ghost CLI rollback:**
```bash
ghost update --rollback
```
**Check logs:**
```bash
ghost log
```
**Ghost service restart:**
```bash
ghost restart
```
---
## Completion Checklist
- [ ] SSH into Ghost VPS
- [ ] Confirmed current version (6.16.1)
- [ ] Identified install method (CLI or Docker)
- [ ] Updated to 6.19.3
- [ ] Confirmed version in admin panel footer
- [ ] Site loading correctly post-update
- [ ] Update task status to COMPLETE
- [ ] Update infrastructure manifest with Ghost CMS entry
Reference in New Issue View Git Blame Copy Permalink