TL;DR
Strapi v3.6.9 brings important security enhancements, bug fixes, and quality-of-life improvements. This release adds Simplified Chinese translations across the admin interface, enhances webhook functionality, improves security with password verification requirements, and fixes issues with content type relations. It also includes dependency updates to address security vulnerabilities and adds deprecation notices for v3 packages as Strapi continues its transition to v4.
Highlight of the Release
- Complete Simplified Chinese translation across the admin interface and all plugins
- Enhanced security with current password verification when updating user passwords
- Fixed relation deletion when disabling draft & publish on content types
- Improved webhook functionality allowing creation/triggering with no events
- Security improvements in documentation plugin authentication
- Dependency updates to address security vulnerabilities (tar 6.1.9, Sharp 0.29.0)
Migration Guide
No specific migration steps are required for this update. This is a patch release that maintains backward compatibility with v3.6.8.
However, note that this release includes deprecation notices for v3 packages as Strapi continues its transition to v4. Users should begin planning their migration to Strapi v4 as v3 will eventually reach end-of-life.
For general migration guidance between Strapi versions, refer to the official migration guides.
Bug Fixes
Content Type Relation Handling
Fixed an issue where relations weren't properly deleted when disabling the draft & publish feature on a content type. This ensures data integrity when changing content type configurations.
File Watcher Improvements
The file watcher has been updated to only ignore admin folder occurrences from the current project folder onwards, rather than ignoring all admin folders including those in parent directories. This provides more accurate file watching behavior during development.
New Features
Complete Simplified Chinese Translation
The entire Strapi admin interface and all plugins now have complete Simplified Chinese translations, making the platform more accessible to Chinese-speaking users. This comprehensive translation effort covers the admin panel, content manager, and all other plugins.
Enhanced Webhook Functionality
Webhooks can now be created and triggered without specifying events, providing more flexibility in how webhooks are configured and used within Strapi applications.
Security Updates
Password Change Security Enhancement
Added a requirement to verify the current password when users update their own profile password, significantly improving security by preventing unauthorized password changes if a user's session is compromised.
Documentation Plugin Authentication
Improved the authentication cookie system in the documentation plugin to enhance security and prevent potential authentication vulnerabilities.
Dependency Security Updates
Updated the tar package to version 6.1.9 to address known security vulnerabilities in older versions. This update was applied to both the main packages and the create-strapi-starter package.
Performance Improvements
Sharp Library Update
The Sharp image processing library has been updated to version 0.29.0, which includes various performance improvements and bug fixes for image manipulation operations.
Impact Summary
Strapi v3.6.9 is a maintenance release that focuses on security improvements, bug fixes, and quality-of-life enhancements. The security updates are particularly important, addressing potential vulnerabilities in password management and the documentation plugin's authentication system.
The addition of complete Simplified Chinese translations significantly improves accessibility for Chinese-speaking users, opening up the platform to a broader audience. The fix for relation handling when disabling draft & publish on content types resolves a data integrity issue that could cause problems in content management workflows.
For developers, the updated dependencies (Sharp and tar) address security concerns while providing improved functionality. The addition of deprecation notices for v3 packages serves as an important reminder that users should begin planning their migration to Strapi v4.
Overall, this release enhances the stability, security, and accessibility of Strapi v3 while preparing users for the eventual transition to v4.
Full Release Notes
🐛 Bug fix
- [core:content-manager] Delete relations when disabling dp on a content type (#9878) @petersg83
🌏 Translation
💅 Enhancement
- [core:admin] [V3] Enable to trigger empty events webhook (#12192) @Convly
- [core:upload] bump sharp to 0.29.0 (#10800) @tlux
- [doc:readme] Improve the test section of the CONTRIBUTRING file. (#10848) @Elhebert
- [doc:readme] [V3] Packages Deprecation (#12520) @Convly
🚨 Security
- [core:admin] Add current password requirement to edit own profile password (#11992) @soupette
- [plugin:documentation] Change documentation auth cookie system (#12246) @petersg83
- [tooling] Bump tar to 6.1.9 (#10849) @Convly
📚 Migration guides can be found here 📚
