Strapi Release: 4.2.0

TL;DR

Strapi v4.2.0 introduces two major features: custom menu logo functionality and providers in the marketplace. The release also includes several bug fixes, security updates, and improvements to the upload plugin. Node.js support has been updated, and new translations have been added. This release enhances the admin UI customization capabilities and expands the marketplace functionality.

Highlight of the Release

• Custom menu logo functionality allows admins to personalize their Strapi admin panel
• Providers are now available in the marketplace with dedicated tabs and search functionality
• Fixed deep populate on components by removing the limit
• Updated from deprecated mailgun-js to mailgun.js for better security
• Added new Karakalpak locale and improved existing translations

Migration Guide

Node.js Support Update

This release updates the minimum supported Node.js version. Make sure your environment is using a compatible Node.js version as specified in the package.json files.

Email Provider Migration (if using Mailgun)

If you're using the Mailgun email provider, the underlying library has been changed from mailgun-js to mailgun.js. While the API contract has been preserved to avoid breaking changes, you may want to review your email configuration if you're using advanced Mailgun features.

No database migrations or major breaking changes are included in this release, so upgrading from v4.1.12 should be straightforward.

Upgrade Recommendations

This is a minor version update (4.1.12 → 4.2.0) that introduces new features without breaking changes. It's recommended to upgrade to benefit from the new features and security fixes.

Steps to upgrade:

1. Back up your project before upgrading
2. Update your Strapi dependencies in package.json:

   "dependencies": {
     "@strapi/strapi": "4.2.0",
     "@strapi/plugin-users-permissions": "4.2.0",
     "@strapi/plugin-i18n": "4.2.0"
   }
   

3. Run npm install or yarn install to update the dependencies
4. Restart your Strapi application

If you're using the Mailgun email provider, verify your email configuration is working correctly after the upgrade due to the change from mailgun-js to mailgun.js.

Bug Fixes

Core Fixes

• Content Manager: Removed limit on deep populate on components, fixing issues with deeply nested component structures
• Email: Changed from deprecated mailgun-js to mailgun.js, addressing CVE-2021-29418 vulnerability
• Utils: Fixed yup strapiID validation that wasn't working properly
• Upload Plugin: Fixed various issues in the upload plugin functionality
• Gitignore: Updated .gitignore to allow use of the word "coverage" in API endpoints and content-types

Documentation Plugin

• Fixed generation of OpenAPI documentation with top-level type attribute

Tooling

• Prevented argv check on "add-missing-keys-to-other-language" module import, making the script more robust

New Features

Custom Menu Logo

The new menu logo feature allows administrators to customize the Strapi admin panel by uploading their own logo. This feature includes:

• A dedicated UI in the project settings to upload and manage custom logos
• Support for uploading logos from computer or via URL
• Image validation for proper dimensions and file formats
• Permission controls for project-level settings
• Tracking for usage analytics

Providers in Marketplace

The marketplace now includes a dedicated section for providers with:

• Separate tabs for plugins and providers
• Search functionality for providers
• Count indicators for available items
• A "Submit Provider" button for developers to contribute their own providers

Security Updates

• Fixed CVE-2022-29256, a low severity vulnerability that could affect build environments
• Fixed CVE-2021-46708
• Updated from mailgun-js to mailgun.js to address CVE-2021-29418 vulnerability
• Bumped qs from 6.10.3 to 6.10.5 to address potential security issues

Performance Improvements

No specific performance improvements were highlighted in this release. The focus was primarily on new features, bug fixes, and security updates.

Impact Summary

Strapi v4.2.0 enhances the admin experience by introducing custom menu logo functionality, allowing administrators to personalize their Strapi instance with their own branding. The marketplace has been expanded to include providers alongside plugins, with dedicated tabs and search functionality, making it easier to discover and integrate third-party services.

Several important bug fixes are included, such as removing the limit on deep populate for components, which resolves issues with complex content structures. Security has been improved by addressing multiple CVEs and updating dependencies like mailgun-js to more secure alternatives.

The release also includes Node.js support updates, new translations (including Karakalpak locale), and various tooling improvements. These changes collectively enhance the developer experience, admin customization options, and platform security.

For most users, this update is beneficial and straightforward to apply, with no breaking changes that would require significant migration efforts.

Full Release Notes