Tag Name: v4.4.1
Release Date: 9/29/2022
StrapiOpen-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.
Strapi v4.4.1 is a security and bug fix release that addresses a vulnerability in the Users & Permissions plugin, fixes issues with user creation and custom admin panel builds, and enhances the Media Library with improved asset card interactions. This release is important for all Strapi users to apply, especially those concerned with security and those using custom admin panel configurations.
No specific migration steps are required for this patch release. Simply update your Strapi installation to version 4.4.1 using your package manager:
npm install [email protected]
# or
yarn upgrade [email protected]
After updating, restart your Strapi application to apply the changes.
Priority: High
All Strapi users are strongly encouraged to upgrade to v4.4.1 as soon as possible, especially due to the security fix in the Users & Permissions plugin. This is a patch release that should not introduce any breaking changes to your application.
For users with custom admin panel configurations that might not include a src/admin folder, this update is particularly important as it resolves build errors you may have encountered.
To upgrade:
npm install [email protected]
# or
yarn upgrade [email protected]
Fixed an issue where building a custom admin panel would fail if the src/admin folder was missing. The system now properly checks if the folder exists before attempting to access files inside it, making custom admin panel configurations more robust.
Resolved an issue with user creation by ensuring email addresses are converted to lowercase. This prevents the creation of duplicate user accounts that differ only in the case of their email addresses (e.g., [email protected] and [email protected]), improving user management consistency.
The Media Library has been improved with a new feature that allows users to click on AssetCards to open them in a modal. This enhancement provides a more intuitive and efficient way to interact with media assets in the Strapi admin panel.
AssetCardBase component for consistent behaviorin Users & Permissions Plugin
This release addresses an important security vulnerability in the Users & Permissions plugin. The issue was related to an incorrect filter parameter being used with the entityService, which could potentially lead to unauthorized access or data exposure.
The fix ensures that the proper filter parameters are used when interacting with the entityService in the Users & Permissions plugin, strengthening the security of Strapi installations.
No specific performance improvements were highlighted in this release. The changes were primarily focused on security fixes, bug fixes, and UI enhancements.
Strapi v4.4.1 is a security-focused patch release that addresses a vulnerability in the Users & Permissions plugin while also fixing important bugs in the admin panel. The security fix prevents potential unauthorized access through improper filter parameter usage.
The bug fixes resolve issues with custom admin panel builds that don't include a src/admin folder and normalize email addresses during user creation to prevent duplicate accounts. Additionally, the Media Library receives a usability enhancement with clickable asset cards that open in modals.
This release has minimal impact on existing functionality but significantly improves security and stability. All users should upgrade promptly, especially those concerned with security or those using custom admin panel configurations.
