Content Toolkit

Strapi Release: 3.6.6

Tag Name: v3.6.6

Release Date: 8/4/2021

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open Source Headless Developer-Friendly

TL;DR

Strapi v3.6.6 is a maintenance release that includes several bug fixes, security updates, and enhancements. This update focuses on improving translations, fixing security vulnerabilities in the email provider, enhancing the admin interface, and updating documentation. The release includes fixes for RegExp escaping in the mongoose connector, updates to the AWS S3 provider documentation, and various UI improvements including a new marketplace banner linking to Strapi Awesome.

Highlight of the Release

Security upgrade for nodemailer from 6.6.0 to 6.6.1 addressing vulnerability SNYK-JS-NODEMAILER-1296415
Fixed RegExp escaping in mongoose connector to prevent query issues
Added marketplace banner linking to Strapi Awesome resources
Improved translations for Turkish and simplified Chinese languages
Enhanced AWS S3 provider documentation with clearer permission requirements
Support for custom devServer configurations in admin development

Migration Guide

No specific migration steps are required for this update. This is a maintenance release that can be installed by updating your Strapi version to v3.6.6.

To update:

npm install [email protected] [email protected] [email protected] strapi-plugin-*@3.6.6 strapi-connector-*@3.6.6

Or if you're using Yarn:

yarn upgrade [email protected] [email protected] [email protected] strapi-plugin-*@3.6.6 strapi-connector-*@3.6.6

For detailed migration guides for major versions, refer to the official Strapi documentation.

Upgrade Recommendations

This release contains important security fixes and bug fixes, so it is recommended to upgrade as soon as possible, especially if you are using the email provider with nodemailer.

The upgrade process should be straightforward with no breaking changes. Simply update your dependencies to version 3.6.6.

Priority: Medium Complexity: Low Recommended for: All users, especially those using the email provider or mongoose connector

Bug Fixes

Fixed RegExp escaping in mongoose connector when building queries, preventing potential issues with special characters in search queries (#10499)
Fixed typo in marketplace tracking: didGotToMarketplace renamed to didGoToMarketPlace (#10548)
Fixed typo: "actualy" corrected to "actually" (#10566)
Fixed translation IDs in the users-permissions plugin HeaderNav (#10670)
Fixed various typos in documentation (#10652, #10657)

New Features

Added a marketplace banner in the admin panel that links to Strapi Awesome resources (#10677)
Added support for custom devServer configurations in admin development, allowing better Docker setups (#10492)
Added event tracking to Content-Type Builder banner button (#10687)

Security Updates

Upgraded nodemailer from 6.6.0 to 6.6.1 to address security vulnerability SNYK-JS-NODEMAILER-1296415 in the email provider plugin (#10560)
Upgraded tar package to address potential security vulnerabilities

Performance Improvements

Upgraded Buffet to version 3.3.8 for improved performance and stability (#10621)
Improved theme handling by linking left menu header background color from theme for better UI consistency (#10584)

Impact Summary

Strapi v3.6.6 is a maintenance release that improves security, fixes bugs, and enhances the user experience. The security upgrade to nodemailer addresses a vulnerability that could potentially affect email functionality. The mongoose connector fix for RegExp escaping resolves an issue that could cause problems with search queries containing special characters.

The release also includes several UI improvements, including a new marketplace banner linking to Strapi Awesome resources and better theme integration for the left menu header. Translation improvements for Turkish and Chinese languages make the platform more accessible to international users.

Documentation updates, particularly for the AWS S3 provider, provide clearer guidance on required permissions, helping developers avoid overly permissive configurations. The support for custom devServer configurations improves development workflows, especially in Docker environments.

Overall, this release focuses on stability, security, and quality-of-life improvements rather than introducing major new features.

Full Release Notes

🌏 Translation

[admin] Update tr.json (Turkish language) (#10507) @onurdumangoz
[admin] Update tr.json (#10512) @onurdumangoz
[admin] Fix some users-permissions plugin HeaderNav translation ids (#10670) @natanaelsimoes
[plugin:i18n] [I18N] improve simplified Chinese translation (#10408) @jeffwcx

💅 Enhancement

[admin] fix: consider custom devServer config (#10492) @graphicfox
[admin] left menu header background color link from theme (#10584) @omrirz
[admin] add marketplace banner that links to strapi awesome (#10677) @markkaylor
[documentation] Remove one-click deploy buttons (#10592) @pierreburgy
[documentation] Update AWS S3 Provider Documentation (#10602) @cpaczek
[documentation] Fixed typo (#10652) @jodok
[documentation] Fix typo in documentation plugin (#10657) @adeel-ahmad-awan

🐛 Bug fix

[admin] fix typo didGotToMarketplace => didGoToMarketPlace (#10548) @markkaylor
[admin] Fix Typo actualy to actually (#10566) @KyloJorgensen
[admin] Upgrade buffet to 3.3.8 (#10621) @HichamELBSI
[connector:mongoose] always escape RegExp when building query in mongoose connector (#10499) @vkarpov15

🚨 Security

[plugin:email] [Snyk] Security upgrade nodemailer from 6.6.0 to 6.6.1 (#10560) @snyk-bot

📚 Migration guides can be found here 📚

Statistics:

File Changed86

Line Additions1,215

Line Deletions454

Line Changes1,669

Total Commits23

User Affected:

Benefit from fixed RegExp escaping in mongoose connector which prevents potential query issues
Can now use custom devServer configurations for better development workflows
Have access to updated AWS S3 provider documentation with clearer permission requirements