Payload CMS Release: Release 1.1.3

TL;DR

PayloadCMS v1.1.3 delivers important bug fixes addressing issues with GraphQL typing for pagination, duplicate entries with relationships, and local authentication strategy. This maintenance release improves stability and security by preventing sensitive information from being added to schemas when local authentication is disabled.

Highlight of the Release

• Fixed GraphQL typing for pagination with prevPage and nextPage
• Resolved issues with duplicating content that contains relationships
• Enhanced security by preventing password and email fields from being added to schemas when local authentication is disabled

Migration Guide

No migration steps are required for this release. The fixes are backward compatible and should work seamlessly with existing Payload CMS implementations.

Upgrade Recommendations

This release contains important bug fixes and security improvements. All users are recommended to upgrade to v1.1.3, especially if you:

• Use GraphQL with pagination
• Duplicate content with relationships
• Have disabled the local authentication strategy

The upgrade should be straightforward with no breaking changes or migration steps required.

Bug Fixes

GraphQL Pagination Typing

Fixed incorrect typing for prevPage and nextPage in GraphQL responses, ensuring proper type definitions for pagination-related fields. This resolves potential type errors when working with paginated data in GraphQL queries.

Duplicate with Relationships

Resolved an issue where duplicating content that contained relationships to other documents would cause errors or incorrect data. This fix ensures that relationships are properly handled during the duplication process.

Local Authentication Strategy

Fixed an issue where password and email fields were being added to schemas even when the local authentication strategy was disabled via the disableLocalStrategy option. This ensures that sensitive authentication fields are not unnecessarily included in schemas when using alternative authentication methods.

New Features

No new features were added in this release. This is a maintenance release focused on bug fixes and security improvements.

Security Updates

Enhanced Authentication Security

Fixed a security issue where password and email fields were being added to schemas even when the local authentication strategy was disabled. This improvement ensures that sensitive authentication fields are not unnecessarily exposed in your API schema when using alternative authentication methods, reducing potential attack surface.

Performance Improvements

No specific performance improvements were included in this release. The focus was on bug fixes and security enhancements.

Impact Summary

PayloadCMS v1.1.3 is a maintenance release that addresses several important bugs and security concerns. The fixes for GraphQL pagination typing and relationship duplication improve the developer experience and data integrity. The security enhancement related to the local authentication strategy ensures that sensitive fields aren't unnecessarily exposed in your API schema.

While this is a minor release, it resolves issues that could impact data integrity when duplicating content with relationships and improves type safety in GraphQL implementations. The security improvement is particularly important for implementations using alternative authentication strategies.

Overall, this release enhances the stability and security of PayloadCMS without introducing breaking changes or requiring migration steps.

Full Release Notes