Tag Name: v5.5.2
Release Date: 12/17/2024
StrapiOpen-source headless CMS built with Node.js. Provides developers with complete freedom in choosing their favorite tools and frameworks for frontend development.
What's new: This release addresses a security vulnerability by removing a lookup parameter from the document service.
Why it matters: Security vulnerabilities can expose your Strapi application to potential attacks. This patch helps protect your data and application integrity.
Who should care: All Strapi users should update immediately to ensure their applications remain secure.
No migration steps are required for this update. Simply upgrade your Strapi version to v5.5.2 using your package manager:
# Using npm
npm install [email protected] --save
# Using Yarn
yarn upgrade [email protected]
# Using pnpm
pnpm update [email protected]
After updating, restart your Strapi application.
Priority: Critical
All Strapi users should update to v5.5.2 immediately, regardless of your current version. This is a security patch that addresses a vulnerability in the document service.
The update is backward compatible and requires no migration steps or configuration changes. The risk of not updating outweighs any potential inconvenience of the update process.
@ts-expect-error removal that was causing issuesNo new features were introduced in this release. This is strictly a security patch release.
This release patches a security vulnerability related to the document service's lookup parameter. As per Strapi's security policy, detailed disclosure has been delayed to allow users time to update their applications.
The fix involves removing the lookup parameter from the document service, which eliminates the vulnerability without impacting normal functionality.
No specific performance improvements were included in this release. The focus was on addressing the security vulnerability.
This release addresses a security vulnerability in Strapi's document service by removing a problematic lookup parameter. While the specific details of the vulnerability have been temporarily withheld (following responsible disclosure practices), the fix is straightforward and non-disruptive to existing functionality.
The changes in this release are minimal (725 changes across 43 files) and focused specifically on the security issue. No new features were added, and no breaking changes were introduced, making this a safe and essential update for all Strapi users.
Special thanks to the community contributors who helped identify and address this security issue.
This version was released to patch a security vulnerability, detailed disclosure has been delayed as per our security policy. We advise all users to update their applications as soon as possible.
