5.50.2 (2026-07-15)
🚀 New feature
- admin: make admin auth cookie name configurable (#26931)
- i18n: complete Korean (ko) translation (#26941)
🔥 Bug fix
- admin: prevent deprecated CJS Vite Node API warning on startup (#26947)
- admin: pre-commit fails when staging files ignored by ESLint (#26958)
- admin: show plan label instead of edition in dashboard (#26891)
- admin: restore runtime default for context helper (#26809)
- ci: reduce false positives in issue template checker (#26955)
- ci: use npm install in issue template checker workflow (#26974)
- content-manager: clear stale Blocks editor selection on external value change (#26959)
- core: backward compat - reject 'status' attribute when draftAndPublish is enabled (#26890)
- core: validate license registry responses with zod (#26935)
- core: preserve duplicate form relation edits when cloning (#26961)
- data-transfer: bump ws to 8.21.0 to fix CVE-2026-48779 (#26898)
- database: include status sort expression in SELECT when using DISTINCT (#26751)
- database: lint script does not run type check (#26819)
- email: only warn about sendmail provider in development (#26893)
- openapi: add bearerAuth and bracket pagination query params (#26948)
- strapi: auto-exclude pre-built plugin UI libs from Vite optimizeDeps (#26944)
- strapi: fix develop blank admin from optimizeDeps auto-exclude (#27014)
- upgrade: prompt to pin ranged @strapi/* dependencies before upgrading (#26929)
- upload: load remote asset thumbnails with crossOrigin to prevent CORS preview failures (#26581, #26901)
- utils: align remaining convert-query-params errors with ValidationError (#26908)
⚙️ Chore
- ai-tooling: sync skills when cursor sets up a new worktree (#26954)
- data-transfer: clarify --exclude files CLI messaging (#26914)
- deps: patch/minor dependency bumps (#26823)
- deps: bump @xhmikosr/decompress from 10.2.0 to 10.2.1 (#26928)
- deps: bump sharp from 0.33.5 to 0.34.5 (#26993)
- deps: bump @internationalized/date from 3.5.4 to 3.12.1 (#26994)
- deps: bump design-system and icons to v2.2.3 (#27002)
- eslint: enforce zero warnings in package lint scripts (#26922)
- husky: run git hooks through yarn exec (#27006)
- tooling: remove unused find-up after lint-staged 16 (#26792)
- types: drop CommonJS tsconfig overrides, build JS via rollup (#26934)
- typescript: scope tsconfig types per workspace (#26699)
- typescript-utils: migrate to typescript (#26811)
- typescript-utils: bump internal deps to 5.50.1 (#26946)
⚠️ Changes to be aware of
Admin auth cookie name
You can set admin.auth.cookie.name in admin config to rename the access-token cookie (default remains jwtToken). Useful when another app on a shared parent domain sets a jwtToken cookie and breaks admin login.
(#26931)
status attribute with Draft & Publish
In v5, status is reserved for draft/published filtering. If a content type has Draft & Publish enabled and a custom status field, Strapi now logs a startup warning instead of failing boot. The Content-Type Builder still blocks adding status or enabling D&P when status already exists.
(#26890)
Upgrade tool and ranged @strapi/* versions
@strapi/upgrade now warns and offers to pin ranged @strapi/* dependencies (e.g. ^5.50.0) before upgrading, so upgrades don't silently report "already up-to-date" when node_modules resolved ahead of package.json.
(#26929)
❤️ Thank You
- Abdallah M. @abdallahmz
- akash-dabhi-qed @akash-dabhi-qed
- Ali Ataf @aliataf
- Andrei L @unrevised6419
- arun @aun009
- Bassel Kanso
- Ben Irvin
- Giulio Montagner @giu1io
- Jamie Howard @jhoward1994
- jasleenkaur-qed42
- moduvoice
- Monu Meena @Monu01123
- Nico André