Content Toolkit

Strapi Release: 5.10.4

Tag Name: v5.10.4

Release Date: 2/26/2025

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open Source Headless Developer-Friendly

TL;DR

Strapi v5.10.4: Enhanced Preview Features and Security Improvements

This release enhances Strapi's preview functionality with new save and publish capabilities, adds a review workflow injection zone, and implements important security improvements with email rate limiting for admin password resets. It also fixes permission issues in content manager widgets, resolves data transfer errors, and includes various bug fixes and documentation improvements.

Highlight of the Release

New preview features including save and publish document functionality
Toggle capability for preview side editor with smooth animations
Added security with email rate limiting for admin password resets
Fixed permission issues in content manager home widgets
New review workflow injection zone for extending functionality

Migration Guide

No specific migration steps are required for this release. This is a minor update (v5.10.3 to v5.10.4) that includes new features and bug fixes without breaking changes.

To update to this version:

npm install [email protected]
# or
yarn add [email protected]

After updating, restart your Strapi application to apply the changes.

Upgrade Recommendations

This release is recommended for all Strapi users, especially those who:

Use the preview functionality and would benefit from the new save and publish capabilities
Need enhanced security for admin password reset functionality
Have experienced issues with permissions in content manager home widgets
Have encountered errors with data transfers

The update is a minor version increment (v5.10.3 to v5.10.4) and should be safe to apply without significant risk. No breaking changes have been introduced in this release.

Bug Fixes

Security Enhancement: Added new email rate limit middleware and applied it to admin password reset functionality to prevent abuse (#22813)
Permission Handling: Fixed issues with advanced permissions in content manager home widgets, ensuring proper permission checks are applied (#22921)
Data Types: Resolved invalid documentId type in the getvalues utility (9f1ceb2bf4)
Async Operations: Fixed issue by properly awaiting document existence verification (242fecbcf1)
Data Transfer: Improved error handling by properly surfacing errors from createassetsreadstream (#22905)

New Features

Preview Enhancements

Save and Publish Document: The preview functionality now allows users to save and publish documents directly from the preview interface (#22902)
Toggle Preview Side Editor: Added ability to toggle the preview side editor with smooth animations, improving the content editing experience (#22919)
Review Workflow Injection Zone: Introduced a new injection zone in the review workflow, enabling developers to extend and customize the review process (#22942)

Security Updates

Security Improvements

Rate Limiting for Password Reset: Implemented email rate limiting middleware for admin password reset functionality, protecting against potential brute force or denial of service attacks (#22813)
Permission Enforcement: Fixed permission handling in content manager home widgets, ensuring that users only see content they have permission to access (#22921)

Performance Improvements

No specific performance improvements were highlighted in this release. The focus was primarily on feature enhancements, bug fixes, and security improvements.

Impact Summary

Strapi v5.10.4 delivers significant improvements to the preview functionality, making content editing more efficient with new save and publish capabilities and a toggleable side editor. Security is enhanced through email rate limiting for admin password resets, protecting against potential attacks.

The release also addresses several important bugs, including permission issues in content manager home widgets and data transfer error handling. These fixes ensure a more reliable and secure experience for all users.

For developers, the new review workflow injection zone opens up possibilities for customization and extension of the content review process. Additionally, the permission checker service is now properly documented, making it easier to implement custom permission logic.

Overall, this release enhances the user experience for content editors while providing important security and reliability improvements for administrators and developers.

Full Release Notes

5.10.4 (2025-02-26)

🚀 New feature

preview: save and publish document (#22902)
preview: add review workflow injection zone (#22942)

🔥 Bug fix

add new email ratelimit middleware and apply to admin pass reset (#22813)
apply advanced permissions in content manager home widgets (#22921)
invalid documentId type in the getvalues util (9f1ceb2bf4)
await document exists (242fecbcf1)
data-transfer: surface errors from createassetsreadstream (#22905)

⚙️ Chore

remove files from the old homepage (#22908)
bump design system to rc.17 (#22968)
document the permission checker service (#22922)

❤️ Thank You

Convly
DMehaffy
Jamie Howard @jhoward1994
Jean-Sébastien Herbaux
Lucas Boilly @lucasboilly
Marc-Roig
markkaylor
Rémi de Juvigny @remidej

Statistics:

File Changed78

Line Additions1,404

Line Deletions742

Line Changes2,146

Total Commits16

User Affected:

Benefit from enhanced preview capabilities with new save and publish document functionality
Can toggle the preview side editor for a better content editing experience
Have access to a new review workflow injection zone for improved content review processes