TL;DR
Strapi v4.22.0 introduces bulk release management, allowing users to add multiple entries to a release at once. It also adds support for GET queries in GraphQL, fixes several bugs including issues with locale creation, relation lazy loading, and file name sanitization. Security vulnerabilities in dependencies have been patched, with details temporarily withheld to allow users time to upgrade.
Highlight of the Release
- New bulk release feature allows adding multiple entries to a release at once
- GraphQL now supports GET queries for better caching and CDN integration
- Security vulnerabilities patched in dependencies (@koa/cors and sanitize-html)
- Improved handling of non-internationalized fields when creating content in new locales
- Better visibility of relation names during lazy loading
Migration Guide
No specific migration steps are required for this update. Follow the standard Strapi update procedure:
-
Update your dependencies in package.json:
npm install [email protected] --save
# or
yarn add [email protected]
-
Run the installation:
npm install
# or
yarn install
-
Rebuild your admin panel:
npm run build
# or
yarn build
-
Start your Strapi application:
npm run develop
# or
yarn develop
For detailed instructions, refer to the general update guide.
Upgrade Recommendations
Priority: High
This release contains important security patches for dependencies and an undisclosed vulnerability fix. All Strapi users are strongly encouraged to upgrade to v4.22.0 as soon as possible to ensure their applications are protected.
The new features and bug fixes also provide significant improvements to content management workflows, particularly for users working with multilingual content and content releases.
Bug Fixes
Content Manager Improvements
- Fixed an issue where creating content in a new locale didn't pre-fill non-internationalized fields, improving the content creation workflow for multilingual sites
- Improved relation field display by showing the names of relations when lazy loading them, enhancing content editor experience
- Fixed validation issues when not creating content for all locales in the i18n plugin
Content Releases Refinements
- Fixed capitalization in scheduling information for better UI consistency
- Improved error handling by preventing modal closure when errors occur during release editing, allowing users to correct issues without losing their work
Media Library Enhancement
- Added file name sanitization when uploading images to prevent potential issues with special characters or invalid file names
New Features
Bulk Release Management
The Content Releases feature has been enhanced with bulk operations capability. Content editors can now select multiple entries and add them to a release in a single operation, significantly improving workflow efficiency when preparing content releases.
GraphQL GET Query Support
GraphQL plugin now supports GET queries, removing a previous limitation that blocked authenticated GET requests to the /graphql endpoint. This enhancement enables better caching strategies and CDN integration for GraphQL queries, which can improve performance for read-heavy applications.
Security Updates
This release includes security patches for two dependencies:
-
Updated @koa/cors from 3.4.3 to 5.0.0 to address the vulnerability reported in npm advisory 1095223
-
Updated sanitize-html (and its types) from 2.11.0 to 2.13.0 to address the vulnerability reported in npm advisory 1096639
Additionally, Strapi has patched an undisclosed vulnerability. The details of this vulnerability are temporarily withheld to give users time to upgrade before public disclosure.
Performance Improvements
The addition of GET query support for GraphQL can lead to performance improvements through better caching capabilities. GET requests are more cache-friendly than POST requests, allowing for more efficient use of CDNs and browser caching mechanisms. This can reduce server load and improve response times for frequently accessed GraphQL queries.
Impact Summary
Strapi v4.22.0 delivers important security fixes alongside workflow enhancements that significantly improve content management efficiency. The bulk release feature streamlines the process of preparing content releases by allowing editors to add multiple entries at once. GraphQL GET query support opens up new possibilities for performance optimization through better caching and CDN integration.
Several quality-of-life improvements have been implemented, including better handling of non-internationalized fields in multilingual content, improved relation field display during lazy loading, and more consistent UI elements in the content releases interface.
The security patches address vulnerabilities in dependencies and include an undisclosed fix that will be detailed in future communications. These security improvements make this update particularly important for all Strapi installations.
Full Release Notes
⚠️ Security Warning and Notice ⚠️
Strapi was made aware of a vulnerably that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.
🔥 Bug fix
- [core:content-manager] fix: Creating a new locale doesn't pre-fill the non-internationalized fields (#18773) @derrickmehaffy
- [core:content-manager] fix: show name of relations when lazy loading them (#19915) @Marc-Roig
- [core:content-releases] fix(releases): Scheduling info capitalization (#19945) @madhurisandbhor
- [core:content-releases] fix(releases): On edit release error dont close modal (#19946) @madhurisandbhor
- [core:upload] fix: sanitize file name when uploading image (#19913) @Marc-Roig
- [plugin:i18n] fix:issue on do not validate locale if not creating for all locales (#19799) @binar1
🚀 New feature
⚙️ Chore
📚 Update and Migration Guides
- General update guide can be found here
- Migration guides can be found here 📚
