Content Toolkit

Strapi Release: 3.0.0

Tag Name: v3.0.0

Release Date: 5/26/2020

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open Source Headless Developer-Friendly

TL;DR

Strapi 3.0.0 has been released, marking the transition from beta to stable. This release includes significant configuration changes, UI improvements, and various bug fixes. Key updates include a new logo, enhanced JWT configurations, and improved user management features. The release also addresses several security and performance issues, making it a recommended upgrade for all users.

Highlight of the Release

Official stable release (v3.0.0) after beta phase
New Strapi logo and UI improvements
Enhanced JWT configuration options
New configuration dump and restore CLI commands
Users count endpoint for better user management
Improved security with sanitized user responses

Migration Guide

Migrating from v3.0.0-beta.20.3 to v3.0.0

Configuration Structure Changes

The configuration structure has been significantly updated. You'll need to:

Update Email Configuration: Email settings have been moved from the database to configuration files.

// config/plugins.js
module.exports = ({ env }) => ({
  email: {
    provider: 'sendmail',
    settings: {
      defaultFrom: '[email protected]',
      defaultReplyTo: '[email protected]',
    },
  },
});

JWT Configuration: If you need to customize JWT settings, create or update your configuration:

// config/plugins.js
module.exports = ({ env }) => ({
  'users-permissions': {
    jwtSecret: env('JWT_SECRET'),
    jwt: {
      expiresIn: '7d',
    },
  },
});

Clean Up Old Configuration: Remove any deprecated configuration options that are no longer used.
Update Proxy Configuration: If you're using a proxy, update your configuration according to the new structure.

For a complete migration guide, refer to the official documentation.

Upgrade Recommendations

Urgency: Medium-High

This is a major stable release that marks the transition from beta to production-ready. All users are recommended to upgrade, especially those using beta versions.

Steps to Upgrade:

Backup your project before upgrading

Update your dependencies in package.json:

{
  "dependencies": {
    "strapi": "3.0.0",
    "strapi-admin": "3.0.0",
    "strapi-connector-bookshelf": "3.0.0",
    "strapi-plugin-content-manager": "3.0.0",
    "strapi-plugin-content-type-builder": "3.0.0",
    "strapi-plugin-email": "3.0.0",
    "strapi-plugin-graphql": "3.0.0",
    "strapi-plugin-upload": "3.0.0",
    "strapi-plugin-users-permissions": "3.0.0",
    "strapi-utils": "3.0.0"
  }
}

Run npm install or yarn install
Follow the migration guide to update your configuration files
Run npm run build or yarn build to rebuild the admin panel
Start your application with npm run develop or yarn develop

For projects with custom modifications, test thoroughly in a development environment before deploying to production.

Bug Fixes

Core Framework

Fixed case sensitivity issue with global policies, now matching is case-insensitive
Fixed MongoDB error when trying to cast from empty array
Fixed configuration loading and structure issues

Content Management

Fixed React-select UI issues in content type builder
Fixed issues with URL encoding for local upload provider
Fixed various front-end UI issues

User Permissions

Fixed security issue by preventing user registration with confirmed status
Sanitized user object in user plugin update method return value
Fixed GraphQL password mutation naming inconsistencies

Upload Plugin

Improved error messages for upload proxy
Fixed URL encoding for local upload provider
Optimized Header object usage in upload proxy

New Features

Configuration Management

Added new configuration dump and restore CLI commands for easier configuration management
Moved email settings from database to configuration files
Added support for JWT configurations with customizable options

User Management

Added Users count endpoint for better user management capabilities
Added support for private field in UID fields
Improved GraphQL password mutations for better naming consistency

UI Improvements

New Strapi logo introduced
Repositioned header logo to the left for better visual alignment

Security Updates

User Authentication

Added JWT configurations for better security control
Prevented user registration with confirmed status to avoid security bypasses
Sanitized user object in API responses to prevent sensitive data exposure

Data Protection

Fixed URL encoding for local upload provider to prevent potential path traversal issues
Improved policy handling with case-insensitive matching to ensure consistent security enforcement

Performance Improvements

Database Operations

Improved MongoDB handling to prevent errors when casting from empty arrays
Optimized configuration loading process

API Responses

Enhanced user object sanitization to reduce unnecessary data transfer
Improved header handling in upload proxy using built-in entries function

Impact Summary

Strapi 3.0.0 represents a significant milestone as the first stable release after the beta phase. This release brings important configuration structure changes, requiring migration from previous beta versions. The update includes enhanced security features with improved JWT configurations and user management, UI improvements with a new logo and better visual alignment, and various bug fixes across the framework.

For developers, the most impactful changes are the configuration structure updates and new CLI commands for configuration management. Content managers will benefit from UI improvements and fixed issues in the content type builder. Administrators gain better user management capabilities with the new users count endpoint and improved security measures.

The release also addresses several security concerns by preventing user registration with confirmed status, sanitizing user objects in API responses, and fixing URL encoding issues in the upload provider. Performance improvements include better MongoDB handling and optimized configuration loading.

Overall, this stable release provides a more secure, performant, and user-friendly experience, making it a recommended upgrade for all Strapi users.

Full Release Notes

🎉 3.0.0 is here 🎉

Migration Guide here

💅 Enhancement

[admin] Change the logo (#6321) @HichamELBSI
[admin] Move header logo to the left (#6353) @HichamELBSI
[documentation] Add missing comma (#6226) @caiojhonny
[documentation] Erroneous double quote syntax error (#6257) @RileyMShea
[documentation] Fix typo (#6313) @epegzz
[plugin:content-type-builder] Adding private field support to UID #6204 (#6331) @thiagoaugusto
[plugin:graphql] 💥 Fix #5653: improve UserPermissions - password mutations (#5655) @ScottAgirs
[plugin:upload] Clarified upload proxy error messages (#6338) @Froelund
[plugin:users-permissions] Add Users count endpoint (#5859) @trick0
[plugin:users-permissions] Add JWT configurations (#6315) @lauriejim

🐛 Bug fix

[admin] Chore/fix front issues (#6354) @soupette
[core:database] Fix mongo error trying to cast from empty array (#6358) @alexandrebodin
[core:framework] Fix global policies case sensitive (#6293) @alexandrebodin
[plugin:content-manager] fixes #5984 (#6055) @tudorilisoi
[plugin:content-type-builder] Fix ctb react-select ui (#6291) @soupette
[plugin:upload] Fix url encoding for local upload provider (#6012) @mkqavi
[plugin:upload] Upload proxy - Using Header objects build-in entries function (#6340) @Froelund
[plugin:users-permissions] Sanitize user object in user plugin update method return value (#6003) @drewtownchi
[plugin:users-permissions] Prevent user registration with confirmed status (#6124) @frosato-dev

Statistics:

File Changed300

Line Additions9,532

Line Deletions10,044

Line Changes19,576

Total Commits250

User Affected:

New configuration structure requiring migration from beta.20.3
Enhanced JWT configurations for better security control
Improved policy handling with case-insensitive matching
New configuration dump and restore CLI commands