HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Strapi

>

Releases

>

4.25.22

Strapi Release: 4.25.22

Tag Name: v4.25.22

Release Date: 3/19/2025

View Release
Strapi LogoStrapi

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open SourceHeadlessDeveloper-Friendly

TL;DR

Strapi v4.25.22 is a security patch release that addresses a vulnerability in the axios dependency by upgrading it to version 1.8.2. This update protects against CVE-2025-27152, a Server-Side Request Forgery (SSRF) vulnerability. The release is focused on security hardening and doesn't introduce new features or breaking changes.

Highlight of the Release

    • Security patch for axios dependency to address CVE-2025-27152
    • Protection against Server-Side Request Forgery (SSRF) vulnerabilities

Migration Guide

No specific migration steps are required for this update. Simply update your Strapi version to v4.25.22 using your package manager:

npm install [email protected]
# or
yarn upgrade [email protected]

After updating, restart your Strapi application to ensure the security patch is applied.

Upgrade Recommendations

Immediate Upgrade Recommended

This release addresses a security vulnerability in the axios dependency (CVE-2025-27152). It is strongly recommended to upgrade immediately to protect your application from potential Server-Side Request Forgery (SSRF) attacks.

The update is non-breaking and focused solely on security improvements, making it a low-risk upgrade with high security benefits.

Bug Fixes

No specific bug fixes were included in this release. The focus was on addressing the security vulnerability in the axios dependency.

New Features

No new features were introduced in this release. This is a security-focused update that addresses a vulnerability in a dependency.

Security Updates

Axios Dependency Upgrade

Upgraded axios from an earlier version to 1.8.2 to address CVE-2025-27152, which is related to Server-Side Request Forgery (SSRF) vulnerabilities. This update helps protect your Strapi application from potential security exploits that could allow attackers to make server-side requests to unintended destinations.

Performance Improvements

No specific performance improvements were included in this release. The update was focused on security enhancements.

Impact Summary

This is a security-focused release that addresses a vulnerability in the axios dependency by upgrading it to version 1.8.2. The update protects against CVE-2025-27152, which is related to Server-Side Request Forgery (SSRF) vulnerabilities.

The impact is positive for all users as it enhances the security posture of Strapi applications without introducing any breaking changes or requiring migration steps. This update is particularly important for applications that might be exposed to untrusted inputs that could be used in HTTP requests.

As this is purely a security patch, there are no new features, UI changes, or performance impacts to consider. The update process should be straightforward and low-risk.

Full Release Notes

🚨 Security

📚 Update and Migration Guides

  • General update guide can be found here
  • Migration guides can be found here 📚

Statistics:

File Changed300
Line Additions17,113
Line Deletions7,658
Line Changes24,771
Total Commits250

User Affected:

  • Protected from potential security vulnerabilities in axios dependency
  • Should update to this version to maintain security compliance

Contributors:

butcherZmarkkaylorsimotae14BaldinofMarc-RoigBassel17innerdvationsdependabot[bot]lucasboillyalexandrebodinConvlypandeyprafullremidejDhruv-Maradiyakaioduartederrickmehaffylaurensklingcache-your-dreamsjhoward1994SalahAdDinunrevised6419Rishith-SmukulpadwalLink2Twentysamgutentagjorritdhokodilshad-knkIMalaniakMcastresHichamELBSIseenabaazseenasingh30