Strapi Release: 3.0.0-alpha.13.1

TL;DR

Strapi v3.0.0-alpha.13.1 brings significant enhancements to the headless CMS with new authentication providers (Discord, Amazon SES), improved security with rate limiting on auth routes, and better UI for relational data management. This release also includes critical bug fixes for policies, hooks, and JSON inputs, along with extensive internationalization updates across multiple languages.

Highlight of the Release

• Added Discord authentication provider for enhanced login options
• Implemented Amazon SES email provider for reliable email delivery
• Added rate limiting on authentication routes for improved security
• Improved UI for many-to-many relationships with better design and jump links
• Added Dutch (NL) language support and updated multiple language translations
• Fixed critical security issues with policies on admin routes

Migration Guide

Upgrading from v3.0.0-alpha.13.0.1 to v3.0.0-alpha.13.1

1. Update your dependencies:

   npm install [email protected] [email protected] --save
   

   Also update any other Strapi packages you're using:

   npm install [email protected] [email protected] --save
   

2. Rate Limiting Configuration: If you need to customize the new rate limiting on authentication routes, you can configure it in your application's configuration files.

3. Discord Authentication Provider: If you want to use the new Discord authentication provider, you'll need to:

   • Register an application in the Discord Developer Portal
   • Configure the provider in your Strapi application
   • Set up the appropriate callback URLs

4. Amazon SES Email Provider: To use the new Amazon SES email provider:

   • Configure your AWS credentials
   • Update your email configuration to use the Amazon SES provider

5. Database Changes: If you're using MySQL, be aware that some text fields have been changed from text to longtext type. This change should be automatically applied when you restart your application.

Upgrade Recommendations

Priority: Medium-High

This release includes important security fixes and new features that enhance the functionality and security of your Strapi application. The upgrade is recommended for all users, especially those who:

• Need additional authentication options like Discord
• Require Amazon SES for email delivery
• Are concerned about security vulnerabilities in admin routes
• Want improved UI for managing relational data

The upgrade process is straightforward with minimal breaking changes. Most changes are additive and should not affect existing functionality. However, as this is still an alpha release, it's recommended to test thoroughly in a development environment before deploying to production.

Bug Fixes

Framework Fixes

• Hook Loading: Fixed issues with hook loading that could cause application startup problems.

• Lodash Version: Updated Lodash version to address potential vulnerabilities.

• Policy Errors: Resolved policy error issues that were affecting proper policy application.

Plugin Fixes

• Admin Routes Security: Applied proper policies on admin routes to enhance security and prevent unauthorized access.

• JSON Input Handling: Fixed JSON input handling that was sending undefined values, causing errors in data processing.

• Multi API Controller: Resolved issues with multi API controller functionality to ensure proper routing and request handling.

• Users Permissions Advanced Settings: Fixed problems with the advanced settings in the users permissions plugin that were preventing proper configuration.

New Features

Authentication & Email Enhancements

• Discord Authentication Provider: Added support for Discord as an authentication provider, allowing users to log in using their Discord accounts. The implementation combines username and discriminator to ensure unique user identification.

• Amazon SES Email Provider: Integrated Amazon Simple Email Service (SES) as an email provider option, offering a reliable and scalable solution for sending emails from your Strapi application.

• Rate Limiting on Auth Routes: Implemented rate limiting on authentication routes to protect against brute force attacks and enhance overall security.

UI Improvements

• SelectMany Sorting: Implemented sorting functionality for the SelectMany component in the frontend, improving usability when working with multiple selections.

• Enhanced Many-to-Many Relationships: Improved the design of many-to-many relationship interfaces and added jump links for better navigation between related content.

Internationalization

• Dutch Language Support: Added complete Dutch (NL) language support to the admin panel, expanding accessibility for Dutch-speaking users.

Security Updates

Critical Security Enhancements

• Admin Routes Protection: Applied proper policies on admin routes to prevent unauthorized access to administrative functions.

• Rate Limiting: Added rate limiting on authentication routes to protect against brute force attacks and denial of service attempts.

• Command Injection Patch: Fixed a security vulnerability related to command injection that could potentially allow malicious code execution.

• Lodash Version Update: Updated Lodash dependency to address known security vulnerabilities in older versions.

Performance Improvements

Database Optimizations

• Changed MySQL column type from text to longtext for better handling of large content.

UI Performance

• Improved rendering and interaction with relational data interfaces, particularly for many-to-many relationships.

• Enhanced SelectMany component with sorting capabilities, improving usability and performance when working with large datasets.

Impact Summary

Strapi v3.0.0-alpha.13.1 delivers significant improvements across multiple areas of the CMS. The addition of Discord authentication and Amazon SES email provider expands integration options for developers. Security is enhanced through rate limiting on authentication routes and fixes for policy application on admin routes.

The UI experience sees notable improvements with better design for many-to-many relationships and sorting capabilities for the SelectMany component. These changes make content management more intuitive, especially when dealing with complex relational data.

Internationalization receives substantial attention with the addition of Dutch language support and updates to numerous existing translations, making Strapi more accessible to a global user base.

Critical bug fixes address issues with hook loading, JSON input handling, and policy errors, improving the overall stability of the platform. The update to Lodash and patching of a command injection vulnerability strengthen the security posture of Strapi applications.

For developers and administrators, this release provides a more secure, feature-rich, and user-friendly CMS platform while maintaining compatibility with existing projects.

Full Release Notes