npm @strapi/strapi 5.50.2
v5.50.2

6 hours ago

5.50.2 (2026-07-15)

🚀 New feature

  • admin: make admin auth cookie name configurable (#26931)
  • i18n: complete Korean (ko) translation (#26941)

🔥 Bug fix

  • admin: prevent deprecated CJS Vite Node API warning on startup (#26947)
  • admin: pre-commit fails when staging files ignored by ESLint (#26958)
  • admin: show plan label instead of edition in dashboard (#26891)
  • admin: restore runtime default for context helper (#26809)
  • ci: reduce false positives in issue template checker (#26955)
  • ci: use npm install in issue template checker workflow (#26974)
  • content-manager: clear stale Blocks editor selection on external value change (#26959)
  • core: backward compat - reject 'status' attribute when draftAndPublish is enabled (#26890)
  • core: validate license registry responses with zod (#26935)
  • core: preserve duplicate form relation edits when cloning (#26961)
  • data-transfer: bump ws to 8.21.0 to fix CVE-2026-48779 (#26898)
  • database: include status sort expression in SELECT when using DISTINCT (#26751)
  • database: lint script does not run type check (#26819)
  • email: only warn about sendmail provider in development (#26893)
  • openapi: add bearerAuth and bracket pagination query params (#26948)
  • strapi: auto-exclude pre-built plugin UI libs from Vite optimizeDeps (#26944)
  • strapi: fix develop blank admin from optimizeDeps auto-exclude (#27014)
  • upgrade: prompt to pin ranged @strapi/* dependencies before upgrading (#26929)
  • upload: load remote asset thumbnails with crossOrigin to prevent CORS preview failures (#26581, #26901)
  • utils: align remaining convert-query-params errors with ValidationError (#26908)

⚙️ Chore

  • ai-tooling: sync skills when cursor sets up a new worktree (#26954)
  • data-transfer: clarify --exclude files CLI messaging (#26914)
  • deps: patch/minor dependency bumps (#26823)
  • deps: bump @xhmikosr/decompress from 10.2.0 to 10.2.1 (#26928)
  • deps: bump sharp from 0.33.5 to 0.34.5 (#26993)
  • deps: bump @internationalized/date from 3.5.4 to 3.12.1 (#26994)
  • deps: bump design-system and icons to v2.2.3 (#27002)
  • eslint: enforce zero warnings in package lint scripts (#26922)
  • husky: run git hooks through yarn exec (#27006)
  • tooling: remove unused find-up after lint-staged 16 (#26792)
  • types: drop CommonJS tsconfig overrides, build JS via rollup (#26934)
  • typescript: scope tsconfig types per workspace (#26699)
  • typescript-utils: migrate to typescript (#26811)
  • typescript-utils: bump internal deps to 5.50.1 (#26946)

⚠️ Changes to be aware of

Admin auth cookie name

You can set admin.auth.cookie.name in admin config to rename the access-token cookie (default remains jwtToken). Useful when another app on a shared parent domain sets a jwtToken cookie and breaks admin login.

(#26931)

status attribute with Draft & Publish

In v5, status is reserved for draft/published filtering. If a content type has Draft & Publish enabled and a custom status field, Strapi now logs a startup warning instead of failing boot. The Content-Type Builder still blocks adding status or enabling D&P when status already exists.

(#26890)

Upgrade tool and ranged @strapi/* versions

@strapi/upgrade now warns and offers to pin ranged @strapi/* dependencies (e.g. ^5.50.0) before upgrading, so upgrades don't silently report "already up-to-date" when node_modules resolved ahead of package.json.

(#26929)

❤️ Thank You

Don't miss a new strapi release

NewReleases is sending notifications on new releases.