Headline
CVE-2022-29894: GitHub - strapi/strapi: π Open source Node.js Headless CMS to easily build customisable APIs
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
API creation made simple, secure and fast.
The most advanced open-source headless CMS to build powerful APIs with no effort.
Try live demo
Strapi is a free and open-source headless CMS delivering your content anywhere you need.
- Keep control over your data. With Strapi, you know where your data is stored, and you keep full control at all times.
- Self-hosted. You can host and scale Strapi projects the way you want. You can choose any hosting platform you want: AWS, Render, Netlify, Heroku, a VPS, or a dedicated server. You can scale as you grow, 100% independent.
- Database agnostic. Strapi works with SQL databases. You can choose the database you prefer: PostgreSQL, MySQL, MariaDB, and SQLite.
- Customizable. You can quickly build your logic by fully customizing APIs, routes, or plugins to fit your needs perfectly.
Getting Started
Read the Getting Started tutorial or follow the steps below:
β³ Installation
Install Strapi with this Quickstart command to create a Strapi project instantly:
- (Use yarn to install the Strapi project (recommended). Install yarn with these docs.)
yarn create strapi-app my-project --quickstart
or
- (Use npm/npx to install the Strapi project.)
npx create-strapi-app my-project --quickstart
This command generates a brand new project with the default features (authentication, permissions, content management, content type builder & file upload). The Quickstart command installs Strapi using a SQLite database which is used for prototyping in development.
Enjoy π
π Requirements
Complete installation requirements can be found in the documentation under Installation Requirements.
Supported operating systems:
- Ubuntu LTS/Debian 9.x
- CentOS/RHEL 8
- macOS Mojave
- Windows 10
- Docker - Docker-Repo
(Please note that Strapi may work on other operating systems, but these are not tested nor officially supported at this time.)
Node:
- NodeJS >= 12 <= 16
- NPM >= 6.x
Database:
- MySQL >= 5.7.8
- MariaDB >= 10.2.7
- PostgreSQL >= 10
- SQLite >= 3
We recommend always using the latest version of Strapi to start your new projects.
Features
- Modern Admin Panel: Elegant, entirely customizable and a fully extensible admin panel.
- Secure by default: Reusable policies, CORS, CSP, P3P, Xframe, XSS, and more.
- Plugins Oriented: Install the auth system, content management, custom plugins, and more, in seconds.
- Blazing Fast: Built on top of Node.js, Strapi delivers amazing performance.
- Front-end Agnostic: Use any front-end framework (React, Vue, Angular, etc.), mobile apps or even IoT.
- Powerful CLI: Scaffold projects and APIs on the fly.
- SQL databases: Works with PostgreSQL, MySQL, MariaDB, and SQLite.
See more on our website.
Contributing
Please read our Contributing Guide before submitting a Pull Request to the project.
Community support
For general help using Strapi, please refer to the official Strapi documentation. For additional help, you can use one of these channels to ask a question:
- Discord (For live discussion with the Community and Strapi team)
- GitHub (Bug reports, Contributions)
- Community Forum (Questions and Discussions)
- Feedback section (Roadmap, Feature requests)
- Twitter (Get the news fast)
- YouTube Channel (Learn from Video Tutorials)
Migration
Follow our migration guides on the documentation to keep your projects up-to-date.
Roadmap
Check out our roadmap to get informed of the latest features released and the upcoming ones. You may also give us insights and vote for a specific feature.
Documentation
See our dedicated repository for the Strapi documentation, or view our documentation live:
- Developer docs
- User guide
Try live demo
See for yourself whatβs under the hood by getting access to a hosted Strapi project with sample data.
License
See the LICENSE file for licensing information.