Tag Name: v4.24.5
Release Date: 6/5/2024
StrapiOpen-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.
Strapi v4.24.5 is a maintenance release that fixes a critical security middleware issue with Content Security Policy (CSP) configuration merging, updates the Design System dependency, and improves CI testing infrastructure. This release ensures proper security configuration handling and provides UI component enhancements.
No migration steps are required for this release. This is a patch release that can be safely upgraded to without breaking changes.
This release contains an important security middleware fix for Content Security Policy configuration. All Strapi users are recommended to upgrade to v4.24.5, especially if you're using custom CSP configurations.
To upgrade:
npm install [email protected] --save
# or
yarn upgrade [email protected]
After upgrading, restart your Strapi application to apply the changes.
Fixed an issue with the Content Security Policy (CSP) configuration merging in the security middleware. The bug was causing improper merging of custom CSP configurations with default values, potentially leading to unexpected security policy behavior. This fix ensures that security configurations are properly merged with defaults, maintaining the intended security posture of Strapi applications.
PR: #19590 by @med8bra
No significant new features were introduced in this maintenance release. The update primarily focuses on bug fixes and dependency updates.
Fixed a security-related issue in the security middleware where Content Security Policy configurations weren't properly merging with default values. This could potentially lead to unintended CSP behavior, affecting the security posture of Strapi applications. The fix ensures that security configurations are correctly applied, maintaining proper protection against various web vulnerabilities.
PR: #19590 by @med8bra
No specific performance improvements were documented in this release.
Strapi v4.24.5 addresses a significant security middleware issue related to Content Security Policy configuration merging. This fix ensures that custom CSP configurations are properly merged with defaults, preventing potential security misconfigurations. The release also updates the Design System to version 1.19.0, providing UI component improvements for the admin interface.
The security middleware fix is particularly important for administrators who have implemented custom CSP configurations, as it ensures these settings are correctly applied. Developers will benefit from both the security fix and the updated Design System components.
Additionally, the CI testing infrastructure has been improved by removing the deprecated mysql_native_password authentication method, which helps maintain a more modern and secure development environment.
Full Changelog: v4.24.4...v4.24.5
