Payload CMS Release: Release 1.9.2

TL;DR

Payload CMS v1.9.2 brings important bug fixes for user management, internationalization, and UI improvements. This maintenance release addresses issues with user creation, password reset security, i18n field labels, and dark mode styling. The update focuses on enhancing security, improving the developer experience, and fixing documentation.

Highlight of the Release

• Fixed security vulnerability in password reset functionality
• Added ability to create users without specifying an email address
• Fixed internationalization issues with UI field labels
• Improved dark mode styling for version differences view
• Updated documentation with correct examples and formatting

Migration Guide

No migration steps are required for this release. This is a patch update (v1.9.1 → v1.9.2) that includes bug fixes and documentation improvements that should not break existing functionality.

All changes are backward compatible, and you can upgrade safely without modifying your existing code.

Upgrade Recommendations

We recommend all users upgrade to v1.9.2, especially if you:

• Use the user authentication and password reset functionality
• Work with internationalized content and UI
• Use dark mode in the admin panel
• Create users programmatically

The upgrade process should be straightforward:

npm install [email protected]
# or
yarn add [email protected]

This release contains security improvements and important bug fixes without introducing breaking changes.

Bug Fixes

User Management

• Fixed issue #2801 where users could not be created without specifying an email address
• Fixed security vulnerability #2805 by sanitizing reset password results

UI and Internationalization

• Fixed issue #2821 with internationalization (i18n) UI field labels not displaying correctly
• Added missing dark-mode styles for the version differences view
• Improved styling for version difference comparisons

Documentation

• Fixed formatting in the blocks table documentation
• Added missing async/await syntax to payload.init examples
• Added credentials to REST API examples for better clarity

New Features

No significant new features were introduced in this release. This is primarily a maintenance release focused on bug fixes, documentation improvements, and minor UI enhancements.

Security Updates

This release includes an important security fix for the password reset functionality. The issue (#2805) was addressed by properly sanitizing reset password results, which helps prevent potential security vulnerabilities related to password reset operations.

Performance Improvements

No specific performance improvements were included in this release. The focus was on bug fixes, security enhancements, and documentation updates.

Impact Summary

Payload CMS v1.9.2 is a maintenance release that addresses several important bugs and security concerns. The most significant impact comes from fixing a security vulnerability in the password reset functionality and allowing users to be created without mandatory email addresses.

For developers, the documentation improvements provide clearer examples for initialization and REST API usage. Content editors working with internationalized content will benefit from fixed i18n field labels, and those using dark mode will see improved styling for version differences.

This release demonstrates Payload's commitment to security, usability, and developer experience through targeted bug fixes and quality-of-life improvements. While not introducing new features, it strengthens the foundation of the CMS by addressing specific pain points reported by the community.

Full Release Notes