HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Strapi

>

Releases

>

4.9.0

Strapi Release: 4.9.0

Tag Name: v4.9.0

Release Date: 3/29/2023

View Release
Strapi LogoStrapi

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open SourceHeadlessDeveloper-Friendly

TL;DR

Strapi v4.9.0 introduces significant new features including Data Transfer Pull functionality and Private S3 bucket provider support. The release also includes performance optimizations, enhanced error handling, and various bug fixes. Key improvements focus on better data management, security enhancements, and developer experience upgrades. This update is particularly valuable for teams working with remote data sources or requiring secure media storage solutions.

Highlight of the Release

    • New Data Transfer Pull functionality for importing data from remote Strapi instances
    • Private S3 bucket provider support for secure media storage
    • Audit logs configuration and license update reactions
    • Performance optimizations in core functionality
    • Enhanced error handling and improved developer experience

Migration Guide

Migrating to v4.9.0

General Update Steps

  1. Make a backup of your Strapi project before updating
  2. Update your dependencies in package.json:
{
  "dependencies": {
    "@strapi/strapi": "4.9.0",
    "@strapi/plugin-users-permissions": "4.9.0",
    "@strapi/plugin-i18n": "4.9.0"
    // Update other Strapi packages as needed
  }
}
  1. Delete your node_modules folder and package-lock.json / yarn.lock file
  2. Run npm install or yarn install to install the new versions
  3. Run npm run build or yarn build to rebuild your admin panel
  4. Start your Strapi application: npm run develop or yarn develop

Private S3 Bucket Configuration

If you're using the AWS S3 provider and want to switch to private buckets:

  1. Update your S3 bucket policy to restrict public access
  2. Update your provider configuration in ./config/plugins.js:
module.exports = ({ env }) => ({
  upload: {
    config: {
      provider: 'aws-s3',
      providerOptions: {
        accessKeyId: env('AWS_ACCESS_KEY_ID'),
        secretAccessKey: env('AWS_ACCESS_SECRET'),
        region: env('AWS_REGION'),
        params: {
          Bucket: env('AWS_BUCKET'),
          ACL: 'private', // Set to private
        },
        baseUrl: env('CDN_BASE_URL', ''), // Optional: CDN base URL
        rootPath: env('S3_ROOT_PATH', ''), // Optional: root path prefix
      },
    },
  },
});

Data Transfer Pull Usage

To use the new Data Transfer Pull functionality:

  1. Generate a transfer token on your source Strapi instance
  2. Use the CLI command to pull data:
npx strapi transfer --from <source-url> --to-token <destination-token> --from-token <source-token>

For more options and detailed configuration, refer to the Strapi documentation.

Upgrade Recommendations

This release includes significant new features and performance improvements, making it a recommended upgrade for most Strapi users.

Priority: Medium to High

  • For developers using S3 for media storage: High priority upgrade to take advantage of the new private bucket capabilities
  • For teams working with multiple Strapi instances: High priority to utilize the new Data Transfer Pull functionality
  • For Enterprise Edition users: High priority to benefit from the new audit logs configuration options
  • For general users: Medium priority to benefit from performance improvements and bug fixes

Before upgrading to v4.9.0, ensure you:

  1. Create a complete backup of your project and database
  2. Test the upgrade in a staging environment before applying to production
  3. Review the full changelog and migration guide for any specific considerations
  4. Plan for a maintenance window if upgrading a production environment

The upgrade process should be straightforward for most users, with no breaking changes reported in this release.

Bug Fixes

Content Management Fixes

  • Fixed an issue where single components were being populated even when not required
  • Resolved a problem with the InputUID component showing the regenerate button when the field was disabled
  • Fixed error handling in the API error handler to properly handle Axios errors
  • Corrected the behavior to allow sorting by ID in content API operations

Data Transfer Fixes

  • Improved error handling for transfer websocket connections
  • Added proper confirmation messages for data transfer operations
  • Fixed issues with the transfer pull command

Authentication Fixes

  • Added whitespace trimming for authentication fields to prevent login issues with accidental spaces
  • Improved error handling when token salt is missing

Other Fixes

  • Fixed typos in example code
  • Corrected the default PostgreSQL port fallback to use 5432
  • Fixed webpack configuration to include module in mainFields
  • Decoupled image resizing and optimization for better handling of media processing

New Features

Data Transfer Pull Functionality

The new Data Transfer Pull feature allows you to import data from remote Strapi instances. This powerful functionality enables seamless content migration between different Strapi environments. The implementation includes:

  • Remote source provider for pulling data
  • CLI commands for data transfer operations
  • Confirmation prompts to prevent accidental data overwrites
  • Throttle options to control transfer speed
  • Graceful abort handling for transfer operations

Private S3 Bucket Provider

A new provider for private S3 buckets has been added, enhancing security for media storage:

  • Support for signed URLs to access private media
  • Configuration options for URL expiration (default: 15 minutes)
  • Integration with content editor for seamless media handling
  • Telemetry events for private provider usage

Audit Logs Configuration

Enterprise Edition users can now configure audit logs with more granular control:

  • Configuration options for audit log retention
  • Automatic reaction to license updates
  • Improved event handling for audit log operations

Security Updates

Security Enhancements

  • The new Private S3 bucket provider significantly improves security for media storage by using signed URLs instead of public access
  • Updated several dependencies with security fixes:
    • Bumped sanitize-html from 2.7.3 to 2.10.0
    • Bumped webpack-dev-server from 4.11.1 to 4.13.1
    • Bumped react-intl from 6.2.8 to 6.3.2
    • Bumped react-window from 1.8.7 to 1.8.8

These updates address potential security vulnerabilities in the dependencies and improve the overall security posture of Strapi applications.

Performance Improvements

Core Performance Optimizations

The release includes several performance optimizations in the core functionality:

  • Reduced and optimized lodash usage throughout the admin app, resulting in smaller bundle sizes and faster load times
  • Performance improvements in the core strapi functions
  • Optimized database operations, particularly for bulk operations

Build and Development Improvements

  • Expanded NX usage and migrated logger to TypeScript for better development experience
  • Improved caching strategies for faster builds
  • Updated to Yarn 3 for better dependency management and faster installations

Impact Summary

Strapi v4.9.0 delivers substantial improvements to data management capabilities, security, and developer experience. The introduction of Data Transfer Pull functionality addresses a critical need for teams working with multiple Strapi instances, enabling seamless content migration between environments. This feature significantly reduces the complexity of data synchronization workflows.

The Private S3 bucket provider enhances security posture for media assets, allowing organizations to implement more restrictive access controls while maintaining seamless content management workflows. This is particularly valuable for organizations with strict security requirements or those handling sensitive media assets.

Performance optimizations throughout the codebase improve the overall responsiveness of both the admin interface and API operations. The reduced lodash usage and improved build processes contribute to smaller bundle sizes and faster load times.

For Enterprise Edition users, the enhanced audit logs configuration provides more granular control over compliance and security monitoring. The automatic reaction to license updates ensures that enterprise features remain properly configured.

The numerous bug fixes address pain points in content management, authentication, and data transfer operations, improving the stability and reliability of Strapi applications. The upgrade to Yarn 3 and expanded TypeScript usage reflects Strapi's commitment to modern development practices and improved developer experience.

Overall, this release represents a significant step forward in Strapi's capabilities, particularly for teams managing complex content workflows across multiple environments or with enhanced security requirements.

Full Release Notes

🚀 New feature

💅 Enhancement

🔥 Bug fix

⚙️ Chore

📚 Update and Migration Guides

  • General update guide can be found here
  • Migration guides can be found here 📚

Statistics:

File Changed300
Line Additions5,240
Line Deletions4,671
Line Changes9,911
Total Commits250

User Affected:

  • Can now use Data Transfer Pull functionality to import data from remote Strapi instances
  • Benefit from performance optimizations in the core system
  • Can configure private S3 buckets for secure media storage
  • Have access to new error classes and improved error handling
  • Can use the new `createMany` function that now returns created IDs

Contributors:

Marc-Roigremidejjhoward1994dependabot[bot]Bassel17christiancp100innerdvationsFeranchzConvlyarhubisimotae14joshuaellisderrickmehaffyarthurjdamalexandrebodinunrevised6419edlefebvreWalkingPizzasjoukedv