payload
Productivity & WikisPayload is a free, open‑source headless CMS that runs natively inside your Next.js /app folder, combining admin UI, backend API and server components in one codebase.
Features
- Runs natively inside a Next.js project’s /app folder
- Completely free and open‑source headless CMS
- Supports server components for querying the database directly
Recent releases
View all 21 releases →
v3.84.0
New feature
Notable features
- Client components usable as custom collection views
- Email recipient override configuration
- Locale-aware currency formatting and symbol positioning
Full changelog
v3.84.0 (2026-04-22)
🚀 Features
- allow client components to also be used as custom collection views (#16312) (8fe5f04)
- email-nodemailer: add email recipient override config (#16311) (1c1ed97)
- plugin-ecommerce: add locale-aware currency formatting and symbol positioning (#15139) (6731036)
- plugin-form-builder: add support for multi part uploads (#15268) (aa01a45)
- plugin-mcp: add support for server instructions (#15858) (c852d85)
🐛 Bug Fixes
- unique value errors are not displayed properly for localized fields (#16069) (f6e9073)
- correct slugifyTitle hook example in documentation (#16306) (48db8c1)
- handle multipart uploads without content-length (#16301) (c150ef8)
- plugin-ecommerce: verify PaymentIntent succeeded before creating… (#15902) (500e39d)
- richtext-lexical: internal links export as text in markdown transformer (#16302) (3dc6041)
- storage-*: simplify key handling for signed urls and composite prefixes (#16291) (6139508)
- templates: remove tilde SCSS imports and add Sass loadPaths for Windows (#16295) (7ca8b05)
- ui: json and richText fields expose unsupported operators in WhereBuilder (#16353) (a507fcc)
- ui: bulk edit ignores fields in named tabs and shows incorrect labels for unlabeled containers (#16340) (e5bc6be)
📚 Documentation
🧪 Tests
- add tests for autosave creating new versions and losing draft status on reload (#16335) (60d8678)
- add more integration tests to CI (#15419) (8a470c1)
📝 Templates
⚙️ CI
- disable audit-dependencies slack notification (#16329) (eeee018)
- use SLACK_CHANNEL env var for activity notifications (#16323) (a7cc58b)
- use artifacts for e2e prep so job retries don't fail on cache eviction (#16310) (bc590bd)
🏡 Chores
- change other instances of port 3000 being hardcoded in tests (#16290) (7f0b069)
- templates: fix link to one-click deployment (#16337) (5a39afc)
- templates: strengthen types in preview url gen (#14947) (fcbc987)
- templates: remove unused image-3 from website templates (#16155) (f0735b1)
🤝 Contributors
- Patrik (@PatrikKozak)
- Sasha (@r1tsuu)
- Jake Fletcher (@jacobsfletch)
- Elliot DeNolf (@denolfe)
- German Jablonski (@GermanJablo)
- Marcin Gierada (@teastudiopl)
- Anton Ambarov (@AntonAmbarov)
- Paul (@paulpopus)
- Jens Becker (@jhb-dev)
- Neha Prasad (@nehaaprasad)
- Jarrod Flesch (@JarrodMFlesch)
v3.83.0
Breaking risk
Security fixes
- SQL injection vulnerability in drizzle-orm and pg (db-postgres adapter)
v3.82.1
Bug fix
Fixed Next.js Turbo server fast refresh configuration key, improved nested documentation breadcrumb population, optimized S3 storage by avoiding unnecessary getObject calls when ETags match, and corrected documentation examples.
v3.82.0
Mixed
⚠ Upgrade required
- Minimum required Next.js version bumped to 16.2.2
- Updated Node.js requirement to v20
- Warning added regarding Cosmos DB incompatibility
Notable features
- typescript.postProcess hook for type generation
- Exported drag-and-drop components for UI
- Media file disambiguation via query parameter
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
About
Stars
42,740
Forks
3,763
Languages
TypeScript
CSS
JavaScript
Downloads/week
46,372
↑9%
NPM Maintainers
10
Contributors
100
TypeScript
Types included ✓
Install & Platforms
Install via
npm
