Disable Security Alert in Backend and E-Mail

Hello guys,

I was wondering if there is a way to disable the security alerts regarding recommended updates that

a) show up in the backend as a banner at the top
b) are sent out via e-mail everytime someone logs in

I know, of course, that just disabling and thus ignoring them is not a good solution as one should be noticed about the issues and keep ghost updated.

However, the reason I want to do this, is because I have a self-hosted Ghost website that I manage for a customer. So of course I keep track of the security alerts and available Ghost updates, but I don’t want my customer to get these alerts when he logs in to the backend.

As for example members is not used on this Ghost website, and one of the security alerts in Ghost 3.X had to do only with the members function, I decided to wait a little longer for an update of his website, however until then my customer kept getting the notifications in the backend and via mail.

Instead of having to tell my customer that everything’s fine with his website and he doesn’t have to worry despite the alerts he’s getting, I just want him to not get noticed while I manage everything that’s necessary.

I couldn’t find this topic in the forum and simply disabling the Ghost update check in the config / privacy.md seemed to have no effect on the display of the security alerts.

Any suggestions would be welcomed!

Thanks and all the best,

Zlatan

EDIT / UPDATE: What I am referring to is this (from e.g. Security update available for Ghost 4.x and 5.x):
“We’ve also published a notification to all affected sites that will appear in Ghost Admin and shared the details here on the forum. Affected Ghost sites will also self-notify site owners by email.”

Hey @Zlatanera :wave: Can you please expand on the “are sent out via e-mail everytime someone logs in”. The system should be notifying Owner and Administrator role users only once per alert type. So we might have a bug if the same user is receiving an email about same security alert more than once.

Hello @naz,

yes everytime someone (= any user, but that might be Owner & Admin only) logs in to the backend of the website, it seems that ALL users (Owner & Admin, there aren’t any other roles in my case) receive the e-mail:

This also means that I know every time that my client logs in to the Backend as I get noticed with this e-mail.

As stated above, this is a self-hosted Ghost instance, with also the mails being sent out from my custom domain. So this could also be a misconfiguration on my side. (Any hints on what I should check would be welcomed.)

Best, Zlatan

@Zlatanera can you please clarify if the notification goes out once per-user or multiple time for same user with the same content? If it’s the latter, we have a bug.

The code which handles the email notification is here. If you could reproduce this issue independently would appreciate a bug report in the main Ghost repository.

Hello @naz,

the notification goes out multiple times for the same user with the same content.

I could login to the instance right now with my user account and would receive the same e-mail I screenshotted again.

Also whenever another user logs in to that same instance, I get the e-mail notification as well in that moment.

Best, Zlatan

Is this a situation where the server hibernates and ghost perhaps restarts between visitors, which triggers another set of reminders? What exactly is the hosting setup?