Strapi
Create
Roadmap
Security
18
Changelog
Powered by Canny

Security

Category

Support 2FA (via Admin Panel)
I think it would be very easy to add something like TOTP 2FA (EG google authentication) http://www.passportjs.org/packages/passport-2fa-totp/
10
Support 2FA (via users & permissions plugin)
If you're building an API which needs a high-security level, it can be very useful to use a 2FA. We could pretty easily support two-factor authentication using the current implementation of the Users & Permissions plugin. For more details, please see https://github.com/strapi/strapi/issues/786
12
Set password complexity
I would like to be able to set password complexity. It would be convenient to set restrictions to password length, big letters, small letters, numbers, etc see: https://github.com/strapi/strapi/issues/4990
4
Add option for sending admin invite email instead of just a link to copy/paste
Currently when you add a new admin user we do not send an email to the user, we create a link that has to be manually copy/pasted over to the user.
0
Can specific File-Uploaded Type
It should be more specific for allowed types of media in "Files" choice to prevent uploading some file types, like only PDF or CSV.
1
Update axios to v1.8.4 for Strapi v4
Latest Strapi v4 still has vulnerable axios versions like 1.8.2 and 1.7.4 in use, while Strapi v5 was already released with https://github.com/strapi/strapi/pull/23329 . When can we expect this vulnerability fix to be released for Strapi v4? Specifically for @strapi/plugin-i18n, @strapi/plugin-sentry and @strapi/helper-plugin plugins?
0
Enable MFA for administrator login
How can I enable MFA for administrator login? like: email token link third party authenticator
0
Multiple authentication providers per user
The current implementation only supports one provider by user. This feature will allow your user to support multiple authentication providers like Google and Twitter for the same user. Related issue: https://github.com/strapi/strapi/issues/2468
8
Change user email
Currently, you cannot change the user email because it works like a unique ID. As we allow to edit the user password, we should also offer the ability to edit the email. This is the purpose of this feature. More details in this issue: https://github.com/strapi/strapi/issues/2691
0
Add Hierarchical RBAC permission capabilities
Currently any admin user with edit rights can edit any other admin user (including themselves) to elevate their permissions beyond their current role. Related EE TID: 8077
0
Load More
Powered by Canny