Content Toolkit

3.0.0-beta.3

Strapi Release: 3.0.0-beta.3

Tag Name: v3.0.0-beta.3

Release Date: 6/7/2019

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open Source Headless Developer-Friendly

TL;DR

Strapi v3.0.0-beta.3 brings significant documentation improvements for cloud deployments on AWS and Digital Ocean, along with an important security fix for permission policies. This release focuses on making deployment processes clearer and more reliable while addressing a critical bug in the authentication system.

Highlight of the Release

Fixed critical permission policy bug that was mixing user JWT and admin JWT
Added comprehensive AWS deployment documentation including EC2 setup
Updated Digital Ocean deployment guides with best practices
Improved database connection configuration documentation
Enhanced migration guide with clearer instructions

Migration Guide

If you're upgrading from v3.0.0-beta.2 to v3.0.0-beta.3, follow these steps:

Update Strapi packages:

npm install [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] --save

Check permission policies: If you've customized permission policies or authentication flows, review your implementation to ensure it correctly handles the separation between user JWT and admin JWT.
Review deployment configurations: If you're deploying to AWS or Digital Ocean, consult the updated documentation for best practices regarding environment variables and database connections.

No database schema changes or breaking API changes were introduced in this release, so no additional migration steps are required.

Upgrade Recommendations

Priority: Medium

This upgrade is recommended for all Strapi v3.0.0-beta.2 users, especially those who:

Use custom permission policies or have extended the authentication system
Are deploying Strapi to AWS or Digital Ocean environments
Are experiencing issues with JWT authentication between admin and regular users

The security fix for JWT permission policies makes this update important for applications with sensitive data or in production environments. The upgrade process is straightforward with no breaking changes, making it a low-risk update that improves security and provides better deployment documentation.

Bug Fixes

Permission Policy Fix: Resolved a critical issue where permission policies were incorrectly mixing user JWT and admin JWT tokens (#3400). This fix ensures proper authentication separation between regular users and administrators.
PM2 Script Corrections: Fixed incorrect PM2 script examples in deployment documentation that could cause production startup issues.
Documentation Corrections:
- Fixed various typos throughout deployment guides
- Corrected inconsistencies between Alpha and Beta version documentation
- Addressed minor issues in migration instructions

New Features

New Documentation Features

AWS Deployment Guide: Comprehensive documentation for deploying Strapi on Amazon AWS, covering:
- EC2 instance setup and configuration
- PostgreSQL database installation and configuration
- Proper environment variable management
- Production deployment best practices
Digital Ocean Deployment Updates: Refreshed guides for both Alpha and Beta versions with:
- Best practices for database connection variables
- Updated deployment workflows
- Improved security configurations
Migration Guide Improvements: Enhanced migration documentation with:
- Clearer step-by-step instructions
- Fixed instructions for smoother version transitions
- Better explanations of breaking changes

Security Updates

JWT Authentication Policy: Fixed a security vulnerability where permission policies were incorrectly mixing user JWT and admin JWT (#3400). This issue could potentially allow unauthorized access by confusing the authentication systems between regular users and administrators. The fix ensures proper separation of authentication contexts, improving the overall security of Strapi applications.

Performance Improvements

No specific performance improvements were included in this release. The changes were primarily focused on documentation enhancements and bug fixes related to authentication.

Impact Summary

Strapi v3.0.0-beta.3 is primarily a documentation and security-focused release. The most significant impact comes from fixing the permission policy issue that incorrectly mixed user and admin JWT tokens, which improves the security model of Strapi applications.

For teams deploying to cloud environments, the extensive new documentation for AWS and Digital Ocean deployments provides clear, step-by-step instructions that will significantly reduce deployment friction and potential configuration errors. The improved migration guide also helps teams move between versions more confidently.

While this release doesn't introduce new features to the core platform, the security fix and documentation improvements make it a worthwhile upgrade for all beta users, especially those planning cloud deployments or with custom authentication requirements.

Full Release Notes

🐛 Bug fix

[Plugin] Fix permission policy mixing users jwt and admin jwt (#3400) @alexandrebodin

💅 Enhancement

[Documentation] Digital ocean deployment UPDATES (#3395) @davidkartuzinski
[Documentation] Clarified and fixed instructions (#3381) @davidkartuzinski
[Documentation] Amazon AWS Strapi Deployment Docs (#3373) @davidkartuzinski

Statistics:

File Changed41

Line Additions1,330

Line Deletions228

Line Changes1,558

Total Commits19

User Affected:

Improved deployment documentation for AWS and Digital Ocean platforms
Fixed permission policy bug that affected authentication
Better guidance for PostgreSQL database installation