Content Toolkit

3.0.0-beta.17.5

Strapi Release: 3.0.0-beta.17.5

Tag Name: v3.0.0-beta.17.5

Release Date: 11/4/2019

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open Source Headless Developer-Friendly

TL;DR

Strapi v3.0.0-beta.17.5 brings significant enhancements to documentation, framework capabilities, and fixes several critical bugs. This release includes improved translations, comprehensive documentation guides, lifecycle callback cancellation support, and important security fixes for the reset password functionality. Multiple UI and functionality improvements have been made, particularly for media handling in groups and GraphQL nested groups.

Highlight of the Release

Fixed security issue with reset password functionality
Added email validation on user registration
Lifecycle pre-callbacks can now be cancelled for custom validations
Fixed multiple media upload in repeatable groups
Fixed GraphQL nested groups returning null
Improved documentation with new guides for slugs, version updates, and cron features
Enhanced error messages during dependency installation

Migration Guide

Upgrading from v3.0.0-beta.17.4 to v3.0.0-beta.17.5

Update your dependencies:

npm install [email protected] --save
# or
yarn upgrade [email protected]

Security Updates: If you've customized the user registration or password reset flows, ensure your implementations include proper email validation and secure reset password handling.
Lifecycle Callbacks: If you're using lifecycle callbacks, you can now take advantage of the ability to cancel pre-callbacks by returning Promise.reject(). This allows for custom validations with appropriate UI feedback.
GraphQL Users: If you were experiencing issues with nested groups returning null values in GraphQL, this has been fixed and should work properly after updating.
Media in Repeatable Groups: The fix for multiple media in repeatable groups should resolve issues if you were experiencing problems with this functionality.

For more detailed information, refer to the migration guide from beta.16 to beta.17.4 which has also been updated in this release.

Upgrade Recommendations

Priority: High

This update is highly recommended for all Strapi users, especially due to the security fixes included in this release. The password reset vulnerability fix and email validation improvements are important security enhancements.

Additionally, if you're experiencing issues with GraphQL nested groups or multiple media uploads in repeatable groups, this update provides critical fixes for those functionalities.

The lifecycle pre-callbacks cancellation feature also provides significant improvements for developers implementing custom validation logic.

To upgrade:

npm install [email protected] --save
# or
yarn upgrade [email protected]

After upgrading, test your application thoroughly, especially if you're using the features that have been fixed or enhanced in this release.

Bug Fixes

GraphQL Fixes

Fixed an issue where GraphQL nested groups were returning null values, improving data retrieval reliability.

Media Handling

Fixed multiple media upload functionality in repeatable groups (issue #4205), allowing proper handling of multiple media files within group components.

UI and State Management

Fixed a state update issue where component references were being called before state updates were complete, ensuring more reliable UI behavior.

Security Fixes

Added email validation on user registration to prevent invalid email addresses from being used
Fixed a security vulnerability in the reset password functionality

Documentation Corrections

Multiple typo fixes and corrections across the documentation:

Fixed typo in configurations concept docs
Fixed typo in model concept docs
Fixed typo in contributing documentation
Fixed "Administrator" spelling in various places
Updated outdated links and examples in documentation
Fixed dead links and link paths

New Features

Lifecycle Pre-Callbacks Cancellation

Developers can now cancel lifecycle pre-callbacks by returning Promise.reject(). This enables custom validations within lifecycle callbacks, with the Admin UI showing appropriate error banners when validation fails. Previously, errors inside lifecycle callbacks would only be written to logs without user feedback.

Scoped Providers Support

The framework now properly loads scoped providers, allowing for better organization and isolation of plugin functionality.

Documentation Enhancements

Several new guides have been added to the documentation:

Slug usage guide
Version update guide
Cron feature details
Error handling guide
JWT validation guide
Migration guide from beta.16 to beta.17.4

Translation Updates

Polish (PL) translations have been updated
Brazilian Portuguese (pt-BR) translations have been improved

Security Updates

Password Reset Vulnerability

A security issue with the reset password functionality has been fixed (PR #4443). This addresses a vulnerability in the password reset flow that could potentially be exploited.

User Registration Email Validation

Added validation for email addresses during user registration (PR #4433), preventing the creation of accounts with invalid email formats. This improves security by ensuring only properly formatted email addresses can be used for account creation.

Performance Improvements

API Performance

Added documentation for using limit=0 parameter to retrieve full data sets efficiently, helping developers optimize their API queries.

Error Handling

Improved error messages during dependency installation, making troubleshooting faster and more efficient.
Enhanced error handling for lifecycle callbacks, providing better feedback to users when validation fails.

Impact Summary

Strapi v3.0.0-beta.17.5 delivers important security fixes, bug fixes, and enhancements that improve the overall stability and functionality of the CMS. The security fixes for password reset and email validation are particularly important for all production deployments.

For developers, the ability to cancel lifecycle pre-callbacks enables more sophisticated validation patterns with proper UI feedback. The fixes for GraphQL nested groups and multiple media uploads in repeatable groups resolve significant pain points that affected data management workflows.

Documentation has been substantially improved with new guides for common tasks like using slugs, updating versions, and implementing cron jobs. These improvements, along with numerous typo fixes and translation updates, enhance the overall developer experience.

The release also includes quality-of-life improvements like better error messages during dependency installation and enhanced state management for UI components. These changes contribute to a more robust and user-friendly development experience.

Overall, this is an important update that addresses security concerns while also improving functionality and developer experience across multiple areas of the platform.

Full Release Notes

💅 Enhancement

[Admin] Update PL translations (#4321) @wysher
[Admin] Update pt-BR translation (#4397) @guibernardino
[Documentation] Improve documentation guides (#4344) @lauriejim
[Documentation] Fix typo in documentation (#4350) @imronras
[Documentation] Add note about uploads for Heroku to deployment docs (#4352) @derrickmehaffy
[Documentation] Update Admin panel customization documentation (#4361) @jiv-e
[Documentation] Update template links in services/controllers to new doc pages (#4363) @derrickmehaffy
[Documentation] Fix typo in configurations concept docs (#4392) @imronras
[Documentation] Fix typo in contributing doc (#4393) @jundi14
[Documentation] Fix typo in model concept docs (#4394) @Satrya2405
[Documentation] Change examples of API endpoints (#4395) @lauriejim
[Documentation] Add cron feature details in the documentation (#4396) @lauriejim
[Documentation] Add slug guide (#4398) @lauriejim
[Documentation] Add a version update guide (#4400) @lauriejim
[Documentation] Remove old documentation example (#4401) @lauriejim
[Documentation] Update migration-guide-beta.16-to-beta.17.4.md (typo) (#4411) @alxnkt
[Documentation] Use limit=0 to require full data set (#4421) @lmolema
[Framework] Lifecycle pre callbacks can be cancelled (#4379) @AHgPuK
[Framework] Improve the error message on install dependencies error (#4389) @alexandrebodin
[Plugin] Load scoped providers (#4371) @lauriejim

🐛 Bug fix

[Admin] Ensure state has been updated before calling ref.current() (#4399) @JoshTheWanderer
[Plugin] Fix graphql nested groups returning null (#4347) @alexandrebodin
[Plugin] Fix multiple media upload in group (#4368) @kenkz447
[Plugin] Add Email validation on user register (#4433) @NerdyLuffy
[Plugin] Fix security issue with reset password (#4443) @alexandrebodin

Statistics:

File Changed87

Line Additions977

Line Deletions661

Line Changes1,638

Total Commits85

User Affected:

Benefit from improved error messages during dependency installation
Can now cancel lifecycle pre-callbacks for better validation control
Have access to more comprehensive documentation guides and examples
Can use scoped providers for better plugin organization