Hello Apostrophe Community!
Apostrophe 4.22.0 introduces major improvements for developers using external frontends like Astro, including a new template injection system and expanded widget options that bring headless workflows closer to feature parity with traditional rendering. Alongside these enhancements, a series of quality-of-life fixes improve security, content filtering, international URL handling, and CSS performance.
Important: Before updating, ensure your Node.js version is 20 or higher, as this release requires a supported version of the runtime environment.
Enhanced Astro Integration and Template Injection
This release significantly improves support for external frontends, particularly Astro, with new infrastructure that enables better headless CMS workflows.
New Template Injection System: The new prependNodes and appendNodes methods replace the previous template injection approach, providing a cleaner way for modules to add HTML elements to pages. This enhancement enables modules like SEO and Palette to inject content consistently across both traditional and headless implementations.
Astro Widget Options: Developers can now pass both per-area and global widget options from the backend to Astro components using the new annotateWidgetForExternalFront() method. This brings Astro widget implementations closer to parity with traditional server-rendered widgets, including support for the @apostrophecms/anchors module.
Quality of Life Improvements Throughout
Beyond the major new features, this release includes refinements that improve daily editorial work:
Improved URL Handling: Redirects to URLs with accent marks and non-ASCII characters now work correctly with Astro and other external frontends, preventing redirect errors for international content.
Enhanced Piece Filtering: Fixed issues with filters when values from optional fields are falsy, ensuring reliable content discovery in large collections.
Better Login Security: Resolved an issue where customized login validation rules defined to run after form submission but before username/email and password checks were not being enforced.
- This only applied to projects where developers explicitly added such rules using the uponSubmit filter, which was documented but has never used in our own modules so far.
- Standard authentication methods (username/email + password) and all official ApostropheCMS modules such as CAPTCHA, hCAPTCHA and TOTP were never vulnerable.
- The fix ensures that all login validation rules, regardless of when they are triggered, are now properly enforced in addition to standard password validation.
Smarter CSS Generation: The Palette Pro extension now merges rules using the same selector, significantly reducing the size of generated CSS files and improving page load performance.
These improvements are ready for you to explore! Update your projects with npm update and let us know what you think on our roadmap.
🚀 Happy coding!