strapi-plugin-content-versioning icon indicating copy to clipboard operation
strapi-plugin-content-versioning copied to clipboard

Published 20 hours ago verified publisher icon notum-cz

When used together with populate=deep plugin, ALL versions are always returned by API

Open fg-uulm opened this issue 7 months ago • 0 comments

Bug report

Describe the bug

When using this plugin together with https://github.com/Barelydead/strapi-plugin-populate-deep all existing versions of a content item are returned by the API, also regardless of their publication state. This slows down responses considerably e.g. with 10+ older versions existing and bloats responses extremely, and also poses a data security issue as removed data is still accessible in old versions through the API.

Steps to reproduce the behavior

  1. Setup strapi with this plugin and the plugin mentioned above
  2. Create some content type and a piece of content, create some versions by changing stuff
  3. Request the content from the API using ?populate=deep query
  4. Inspect JSON, see full version array
  5. Optional: add previewState=live to the query - nothing changes

Expected behavior

Have older draft state versions not exposed through the API, also when using populate=deep

System

  • Node.js version: v18.20.3
  • Strapi version: 4.14.5
  • Database: sqlite
  • Operating system: Linux

fg-uulm avatar Jul 03 '24 11:07 fg-uulm