@song19891121 The permissions were refactored so that by default, if a category has no permissions checked (in the Access Control modal), nobody can access it.
This is a departure from the previous behaviour, which was:
Registered users can access and post
Guests can access but cannot post
Which was confusing for some.
Long story shot
The upgrade script should transparently convert your existing permissions properly, but clearly there are some bugs. When you upgrade, go through all of your categories and ensure the permissions are set correctly.
npm install installs everything in package.json but we have different dependencies based on what database you pick during node app --setup (redis, mongo, level). Usually just running npm install is enough but in this case there were changes to the database dependencies.