Strapi Release: 3.0.0-alpha.16

TL;DR

Strapi v3.0.0-alpha.16 brings important bug fixes and enhancements to the framework. This release fixes issues with Mongoose decimal fields, Cloudinary uploads, and reverts a problematic filter PR. It also adds GraphQL custom security limits, updates translations (particularly Chinese and Russian), and improves documentation. Node.js and npm version requirements have been updated to match current LTS versions.

Highlight of the Release

• Fixed Float/Decimal fields handling in Mongoose
• Added GraphQL custom security limits
• Fixed upload functionality for videos and other formats in Cloudinary
• Updated Chinese (ZH) and Russian (RU) translations
• Updated Node.js and npm version requirements to current LTS

Migration Guide

Migration from v3.0.0-alpha.15 to v3.0.0-alpha.16

1. Update your Strapi installation:

   npm install [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
   

2. Node.js and npm Version Requirements:

   • Ensure you're using Node.js and npm versions that match the current LTS requirements as specified in the updated package.json

3. GraphQL Custom Limits (if using GraphQL plugin):

   • You can now configure custom security limits for GraphQL queries in your configuration

4. Mongoose Float/Decimal Fields:

   • If you were experiencing issues with Float or Decimal fields in Mongoose, these should now be resolved without requiring changes to your models

For more detailed migration instructions, refer to the official migration guide: https://github.com/strapi/strapi/wiki/migration-guide-alpha.15-to-alpha.16

Upgrade Recommendations

This release contains important bug fixes and enhancements that improve stability and functionality. The upgrade is recommended for all users, especially:

• Users experiencing issues with Float/Decimal fields in Mongoose
• Users who upload videos and other media formats to Cloudinary
• GraphQL API users who need better control over query complexity and security
• Users who need Chinese (ZH) or Russian (RU) language support

The upgrade process should be straightforward with minimal risk of breaking changes, as this is primarily a bug fix and enhancement release. Follow the migration guide to ensure a smooth transition from v3.0.0-alpha.15.

Bug Fixes

Framework Fixes

• Fixed handling of Float and Decimal fields when using Mongoose (#2351), resolving issues with numeric data storage and retrieval
• Reverted a problematic filter PR (#2430) that was causing issues
• Fixed ESLint inline condition errors (#2395) for better code quality and consistency

Plugin Fixes

• Fixed upload functionality for videos and other formats in Cloudinary (#2390), ensuring proper handling of various media types
• Fixed various translation issues and typos in documentation

New Features

GraphQL Custom Security Limits

Added the ability to configure custom security limits for GraphQL queries (#2400). This feature allows administrators to set limits on GraphQL query complexity and depth, providing better protection against potential abuse or resource-intensive queries.

Updated Translations

Significant improvements to internationalization with comprehensive updates to Chinese (ZH) translations across admin panels, content manager, email templates, and content type builder (#2258). Russian (RU) translations have also been updated for better localization experience.

Security Updates

GraphQL Security Enhancements

Added GraphQL custom security limits (#2400) to protect against potential denial of service attacks through complex queries. This feature allows administrators to configure limits on query complexity and depth, preventing resource exhaustion from malicious or poorly constructed GraphQL queries.

Performance Improvements

Node.js and npm Version Updates

Updated package.json to specify Node.js and npm versions to current LTS (#2391), which can lead to performance improvements and better stability by ensuring users are on supported versions of these dependencies.

GraphQL Query Optimization

The addition of GraphQL custom security limits (#2400) not only improves security but can also prevent performance degradation from overly complex or nested queries that could otherwise consume excessive server resources.

Impact Summary

Strapi v3.0.0-alpha.16 is a significant improvement over the previous alpha release, focusing on bug fixes and enhancements rather than major new features. The most impactful changes include fixing Mongoose decimal field handling, improving Cloudinary upload support for various media formats, and adding configurable security limits to GraphQL queries.

For developers, the update to Node.js and npm version requirements ensures compatibility with current LTS versions, while the ESLint fixes improve code quality. Content managers will benefit from better media upload handling and improved translations, particularly for Chinese and Russian language users.

The GraphQL custom security limits feature is particularly important for production deployments, as it helps prevent potential abuse of the API through overly complex queries. This release also includes documentation improvements, including the addition of sponsor information and a link to Productboard for feature requests in the CONTRIBUTING.md file.

Overall, this release enhances stability, security, and internationalization support while addressing several important bugs that affected specific use cases.

Full Release Notes