HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Strapi

>

Releases

>

5.11.1

Strapi Release: 5.11.1

Tag Name: v5.11.1

Release Date: 3/12/2025

View Release
Strapi LogoStrapi

Open-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.

Open SourceHeadlessDeveloper-Friendly

TL;DR

Strapi 5.11.1 is a maintenance release that addresses several critical bugs, enhances accessibility, and includes an important security update. This release fixes TypeScript issues, improves the preview functionality, enhances the development experience with better port handling, and upgrades axios to patch a security vulnerability. It also includes UI improvements for purchase pages and adds accessibility features to relation buttons in the Content-Type Builder.

Highlight of the Release

    • Fixed TypeScript compilation issues with missing mock functions
    • Enhanced preview functionality with origin information and proper form disabling
    • Improved development experience with automatic port selection for multiple instances
    • Security upgrade for axios to address CWE-918 vulnerability
    • Added accessibility improvements to relation buttons in Content-Type Builder

Migration Guide

No migration steps are required for this patch release. This is a drop-in replacement that can be installed using your package manager:

# Using npm
npm install [email protected]

# Using yarn
yarn add [email protected]

# Using pnpm
pnpm add [email protected]

Upgrade Recommendations

This release contains an important security fix for axios (CWE-918 vulnerability) and several bug fixes that improve stability.

Priority: Medium-High

  • Security-conscious users: Upgrade immediately due to the axios security patch
  • TypeScript users: Strongly recommended to upgrade to fix compilation issues
  • Development environments: Recommended to upgrade for the improved multi-instance support
  • Production environments: Recommended but not urgent unless affected by specific bugs fixed in this release

The upgrade process should be straightforward with no breaking changes reported.

Bug Fixes

TypeScript Compilation Fix

Fixed an issue where missing mock functions were causing TypeScript to fail during compilation (#23054).

Preview Functionality Improvements

  • Added origin information to preview messages for better context (#23059)
  • Fixed an issue where the preview form wasn't properly disabled when content status is modified (#23083)

Development Experience

Implemented automatic port selection for Vite to allow running multiple Strapi instances in development mode simultaneously (#23008). This resolves conflicts when trying to run multiple instances on the same port.

New Features

No significant new features were introduced in this maintenance release. The focus was primarily on bug fixes, security updates, and minor enhancements to existing functionality.

Security Updates

Axios Security Upgrade

Upgraded axios to version 1.8.2 to address CWE-918 vulnerability (#23105). This security update protects against Server-Side Request Forgery (SSRF) attacks by fixing how axios handles URL redirections.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on bug fixes, security updates, and UI enhancements rather than performance optimizations.

Impact Summary

Strapi 5.11.1 is primarily a maintenance and security release that addresses several important issues without introducing breaking changes. The most significant impacts are:

  1. Security improvement: The axios upgrade addresses a potential SSRF vulnerability (CWE-918), enhancing the overall security posture of Strapi applications.

  2. Developer experience: TypeScript users will benefit from fixed compilation issues, and the improved port handling for development mode makes working with multiple Strapi instances much smoother.

  3. Content editing workflow: Enhancements to the preview functionality improve the content editing experience with better context in preview messages and proper form behavior when content status changes.

  4. Accessibility: The addition of ARIA attributes to relation buttons in the Content-Type Builder improves the experience for users relying on assistive technologies.

These improvements collectively enhance stability, security, and usability without requiring migration efforts from users.

Full Release Notes

5.11.1 (2025-03-12)

🔥 Bug fix

  • missing mock function causes typescript to fail (#23054)
  • add origin to preview message (#23059)
  • disable preview form when status is modified (#23083)
  • find available port for vite to allow multiple develop mode instances (#23008)

⚙️ Chore

  • new iteration on the purchase pages (2943bee4f4)
  • add documentId to tracking events (#23052)
  • upgrade vite to 5.4.13 (#23066)

💅 Enhancement

  • remove warning when project is at seat limit (6f12c0da79)
  • ctb: add aria data to relations buttons (#23076)

🚨 Security

  • deps: upgrade axios to 1.8.2 for CWE-918 (#23105)

❤️ Thank You

  • Alexandre Bodin
  • Ben Irvin
  • markkaylor
  • Maxime Castres
  • Rémi de Juvigny @remidej

Statistics:

File Changed86
Line Additions3,145
Line Deletions693
Line Changes3,838
Total Commits17

User Affected:

  • Fixed TypeScript issues that were causing compilation failures
  • Improved development experience with automatic port selection for multiple Strapi instances
  • Enhanced security with axios upgrade to address CWE-918 vulnerability

Contributors:

markkaylorremidejMcastresinnerdvationsHichamELBSIConvlyalexandrebodinMarc-Roig