Strapi Release: 3.1.6

TL;DR

Strapi v3.1.6 introduces several enhancements to the core framework, including the ability to define private attributes in API responses and support for Unix socket connections. This release also fixes GraphQL association resolvers, improves URL encoding in the upload plugin, and addresses various admin interface bugs. Documentation has been updated with clearer explanations and the minimum required Node.js version has been bumped to 10.16.

Highlight of the Release

• Added support for defining private attributes globally or per model to control API response data
• Added ability to configure server to listen on Unix sockets through server.socket configuration
• Fixed GraphQL association resolver for manyWay nature relationships
• Improved URL encoding in the upload plugin for better handling of special characters
• Updated minimum required Node.js version to 10.16.0+

Migration Guide

Node.js Version Requirement

The minimum required Node.js version has been bumped from 10.10 to 10.16.0+. This change was necessary due to the update of the sharp dependency to version 0.26.0, which requires Node 10.16.0 or higher.

If you're running an older version of Node.js, you'll need to upgrade before updating to Strapi v3.1.6. You can check your current Node.js version with:

node -v

Using Private Attributes

To use the new private attributes feature, you can define attributes that should be hidden from API responses either globally in your config/server.js file:

module.exports = {
  privateAttributes: ['password', 'resetPasswordToken']
}

Or per model in the model's settings:

module.exports = {
  attributes: {
    // your model attributes
  },
  options: {
    privateAttributes: ['secretField', 'internalNotes']
  }
}

Using Unix Socket Configuration

To configure your Strapi server to listen on a Unix socket, update your config/server.js:

module.exports = {
  host: '0.0.0.0',
  port: 1337,
  socket: '/path/to/socket.sock'
}

When the socket option is provided, it takes precedence over the host and port configuration.

Upgrade Recommendations

This is a minor release with several enhancements and bug fixes. It's recommended to upgrade if:

1. You need to hide specific attributes from API responses (using the new privateAttributes feature)
2. You want to configure Strapi to listen on Unix sockets
3. You're experiencing issues with GraphQL associations of manyWay nature
4. You've encountered problems with URL encoding in the upload plugin

Before upgrading, ensure your Node.js version is 10.16.0 or higher, as this is now the minimum required version. The upgrade process should be straightforward with minimal risk of breaking changes.

To upgrade, run:

npm install [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Or if using Yarn:

yarn upgrade [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Bug Fixes

Admin Interface Fixes

Several bugs in the admin interface have been addressed, including:

• Fixed Heroku PostgreSQL database environment variable deconstruction
• Fixed issues with PG SSL CA verification
• Corrected wrong prop assignments in components

GraphQL Association Resolver Fix

Fixed the GraphQL association resolver for manyWay nature relationships, resolving issue #4353 and its duplicates. This ensures that many-to-many relationships are properly resolved in GraphQL queries.

URL Encoding in Upload Plugin

The upload plugin now properly encodes URLs before fetching them, preventing issues when handling files with special characters in their names or paths.

Analytics Registration Information

Fixed incorrect information being sent during analytics registration.

New Features

Private Attributes for API Responses

Strapi now allows developers to define privateAttributes both globally and per model to control what data is exposed in API responses. This feature enhances security by making it easier to hide sensitive information from API consumers.

Unix Socket Support

The server can now be configured to listen on Unix sockets through the server.socket configuration option. This provides an alternative to traditional TCP/IP connections and can improve performance in certain deployment scenarios, especially when the web server and application server are on the same machine.

Updated GraphQL Plugin Dependencies

The GraphQL plugin dependencies have been updated to ensure better compatibility and performance. This update helps keep the GraphQL implementation current with the latest standards and improvements.

Security Updates

No specific security fixes were mentioned in this release. However, the addition of private attributes functionality enhances the security posture by providing a more robust way to hide sensitive information from API responses.

Performance Improvements

Unix Socket Support

The addition of Unix socket support through the server.socket configuration can lead to performance improvements in certain deployment scenarios. Unix sockets can provide lower latency communication between processes on the same machine compared to TCP/IP connections, potentially improving response times.

GraphQL Dependencies Update

The update to GraphQL plugin dependencies may result in performance improvements for GraphQL API queries, as newer versions often include optimizations and efficiency improvements.

Impact Summary

Strapi v3.1.6 brings several important enhancements to the framework, most notably the ability to define private attributes in API responses and support for Unix socket connections. These features give developers more control over data exposure and deployment configurations.

The private attributes feature is particularly valuable for security-conscious applications, allowing developers to easily hide sensitive information from API responses without having to implement custom sanitization logic. This works both at a global level and per model, providing flexible control over data exposure.

The Unix socket support enhances deployment options, especially in containerized environments or when using reverse proxies, potentially improving performance for local connections.

Bug fixes in this release address several pain points, including GraphQL association resolvers for many-to-many relationships and URL encoding in the upload plugin. The admin interface also received fixes for PostgreSQL database connections on Heroku and other UI issues.

Documentation improvements and translation updates enhance the developer experience, while the updated minimum Node.js requirement to 10.16.0+ ensures compatibility with current dependencies.

Overall, this release focuses on developer experience, security, and flexibility, with minimal breaking changes (only the Node.js version requirement) making it a recommended upgrade for most Strapi users.

Full Release Notes