Strapi Release: 3.3.3

TL;DR

Strapi v3.3.3 is a security-focused release that addresses a vulnerability in the upload plugin's search route. This update sanitizes the /upload/search/:q route to prevent potential security issues. The release also includes documentation improvements and dependency updates to enhance the overall stability and security of the platform.

Highlight of the Release

• Security fix for the upload plugin's search route
• Documentation improvements for custom SQL queries
• Updated Heroku deployment guide to set NODE_ENV to production
• Multiple dependency updates for improved stability

Migration Guide

No specific migration steps are required for this release. This is a patch update that focuses on security improvements and documentation updates, so upgrading from v3.3.2 should be straightforward without any breaking changes.

For general migration guidance, refer to the official Strapi migration guides.

Upgrade Recommendations

This release contains an important security fix for the upload plugin. All users are strongly encouraged to upgrade as soon as possible, especially if you're using the media library functionality in your Strapi application.

The upgrade process from v3.3.2 to v3.3.3 should be straightforward:

npm install [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Or if you're using Yarn:

yarn upgrade [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Bug Fixes

No specific bug fixes were mentioned in the release notes. The primary focus was on addressing a security vulnerability in the upload plugin's search functionality.

New Features

No significant new features were introduced in this release. The focus was primarily on security improvements, documentation updates, and dependency maintenance.

Security Updates

Upload Plugin Search Route Sanitization

A security vulnerability in the /upload/search/:q route has been addressed by implementing proper sanitization. This fix prevents potential injection attacks when searching for uploaded files, enhancing the overall security of the media library functionality.

PR: #8658

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security enhancements and documentation updates.

Impact Summary

This release primarily addresses a security vulnerability in the upload plugin's search functionality, which is a critical component for any Strapi application that uses the media library. By sanitizing the search route, this update helps protect against potential injection attacks.

The documentation improvements enhance the developer experience by providing better guidance on custom SQL queries and updating the Heroku deployment guide with proper environment configuration. These changes help developers implement more efficient data retrieval methods and ensure proper production deployments.

The dependency updates (formik, bootstrap, and snyk) contribute to the overall stability and security of the platform by incorporating the latest fixes and improvements from these libraries.

Overall, while this is a minor patch release, the security fix makes it an important update for all Strapi users to implement.

Full Release Notes