Tag Name: v3.6.7
Release Date: 8/19/2021
StrapiOpen-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.
Strapi v3.6.7 is a minor release that includes enhancements to the admin interface, framework improvements, and security fixes. It adds SAML login callback support, improves path handling in the framework, updates documentation to reference Discord instead of Slack, and fixes security vulnerabilities in dependencies. This release is particularly important for users implementing SSO with SAML and those concerned about security.
No specific migration steps are required for this release. This is a minor update that should be backward compatible with previous v3.6.x installations.
For general migration guidance, please refer to the official Strapi migration guides.
This release contains security fixes and SSO improvements, so upgrading is recommended, especially for:
tar dependencyTo upgrade, run one of the following commands depending on your package manager:
npm install [email protected] --save
# or
yarn upgrade [email protected]
After upgrading, restart your Strapi server to apply the changes.
Changed "common beginning" to "common path" in the framework's path handling logic (#10509). This improves how Strapi handles file paths throughout the application, making the system more robust when dealing with different directory structures.
A new POST route has been added to the SSO routes to properly support SAML login callbacks (#10690). This enhancement improves compatibility with SAML identity providers that use POST binding for authentication responses, making Strapi's SSO implementation more robust and versatile.
Added analytics tracking to the Strapi Awesome banner in the admin interface (#10701), allowing for better insights into user engagement with this feature.
Fixed security vulnerabilities in the tar dependency by upgrading to a newer version in the following packages:
These updates address the vulnerability identified as SNYK-JS-TAR-1536758.
No specific performance improvements were highlighted in this release.
This release primarily focuses on enhancing SSO functionality with SAML support, fixing security vulnerabilities, and making minor improvements to the framework and documentation.
The addition of a POST route for SAML login callbacks is particularly significant for organizations using SAML-based SSO, as it improves compatibility with identity providers that use POST binding for authentication responses.
The security fixes address vulnerabilities in the tar dependency, which is important for maintaining the security posture of Strapi installations.
The framework improvement related to common path handling enhances the robustness of Strapi when dealing with different directory structures.
Documentation updates reflect the community's transition from Slack to Discord for communication, ensuring new contributors are directed to the correct platform.
Overall, while this is a minor release, it contains important security fixes and SSO enhancements that make upgrading worthwhile for most users.
