Strapi Release: 4.12.7

TL;DR

Strapi v4.12.7 is a critical security release that reverts back to v4.12.5 due to a high severity issue discovered in v4.12.6. This release ensures the stability and security of your Strapi applications by removing potentially problematic code introduced in the previous version.

Highlight of the Release

• Emergency security release reverting to v4.12.5 codebase
• Addresses high severity issue present in v4.12.6
• Restores stability and security to Strapi installations

Migration Guide

Migration from v4.12.6 to v4.12.7

1. Update your Strapi version:

   npm install [email protected] --save
   # or
   yarn upgrade [email protected]
   

2. If you made any changes to accommodate features or changes introduced in v4.12.6, you may need to revert those changes as this version returns to the v4.12.5 codebase.

3. After updating, restart your Strapi application and verify that everything is functioning correctly.

4. Consider reviewing your system logs and database for any signs of exploitation if you were running v4.12.6 in a production environment.

Upgrade Recommendations

Urgency: Critical

All users currently on v4.12.6 should upgrade immediately to v4.12.7 to address the high severity issue.

Users on v4.12.5 or earlier versions should still consider upgrading to v4.12.7 to stay on the latest secure version, though they are not affected by the specific vulnerability being addressed.

This is a drop-in replacement that reverts to the v4.12.5 codebase, so the upgrade process should be straightforward with minimal risk of introducing new issues.

Bug Fixes

This release fixes a high severity issue that was introduced in v4.12.6 by reverting to the stable v4.12.5 codebase. The specific details of the issue have not been disclosed, likely to protect users who haven't yet updated from potential exploitation.

New Features

No new features were introduced in this release. This is strictly a security-focused release that reverts to the stable v4.12.5 codebase.

Security Updates

This release addresses a high severity security issue that was present in v4.12.6. By reverting to v4.12.5, Strapi has removed the vulnerable code. The exact nature of the security issue has not been detailed in the release notes, which is common practice to protect users who haven't yet updated.

Performance Improvements

No specific performance improvements were introduced in this release. The focus was on addressing the security vulnerability by reverting to the previous stable version.

Impact Summary

This release has a significant security impact as it addresses a high severity issue in v4.12.6. By reverting to the v4.12.5 codebase, Strapi has prioritized the security and stability of user installations over maintaining any features or changes that were introduced in v4.12.6.

The reversion approach indicates that the security issue was serious enough to warrant removing all changes from v4.12.6 rather than attempting to patch the specific vulnerability. This suggests the issue may have been fundamental to changes introduced in that version.

Users who have been running v4.12.6 should not only update but also consider performing security audits of their systems to ensure they weren't compromised during the window of vulnerability.

Full Release Notes