Changelog

OpenAI’s GPT-5.1-Codex-Max model is now available through Netlify’s AI Gateway and Agent Runners with zero configuration required.

Use the OpenAI SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the GPT-5.1-Codex-Max model:

import OpenAI from 'openai';

export default async () => {
    const openai = new OpenAI();

    const response = await openai.responses.create({
        model: 'gpt-5.1-codex-max',
        input: 'What improvements are in GPT‑5.1-Codex-Max?'
    });

    return new Response(JSON.stringify(response), {
        headers: { 'Content-Type': 'application/json' }
    });
};

GPT-5.1-Codex-Max is available across Background Functions, Scheduled Functions, and Edge Functions. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation.

You can also leverage GPT-5.1-Codex-Max with Agent Runners to build powerful AI-powered workflows, including expanded tool use and support for long-running agent tasks. Learn more in the Agent Runners documentation.

A critical vulnerability (CVE-2025-55182) was recently disclosed in React’s Server Functions protocol, a feature of React Server Components (RSC). React 19.0, 19.1, and 19.2 are affected.

Working closely with the React and Next.js teams, we received early notice and immediately took action to protect our customers.

The vulnerability can be exploited using all RSC implementations, including:

• Next.js versions 15 and 16, up to and including 15.0.4, 15.1.8, 15.2.5, 15.3.5, 15.4.7, 15.5.6, 16.0.6 (CVE-2025-66478)
• React Router RSC Preview
• Vite RSC plugin

In affected configurations, an attacker could craft a request that allows them to execute arbitrary code within the context of the victim’s app.

On December 3, at 14:00 UTC, the Netlify team rolled out a patch that prevents this vulnerability from being exploited on our customers’ sites. Since that time, all Netlify customers are not vulnerable to the exploit. We have found no evidence of exploitation on any Netlify sites.

As a general security precaution, we recommend upgrading to the latest versions of your framework and, in the case of Next.js, allowing automatic updates of the OpenNext Netlify Next.js adapter.

We are working continually with the React and Next.js teams and are committed to keeping your sites secure on Netlify.

This post was last updated on 2025-12-04 at 11:52 UTC

You can now use AI Gateway in local development with just npm run dev when using the Netlify Vite Plugin. Previously, AI Gateway’s auto-configured environment variables only worked when running netlify dev, which added friction for developers using Vite-powered frameworks like Astro.

With this update, AI Gateway environment variables are automatically populated when running your Vite development server directly. This means you can run standard framework commands without extra steps:

# Works with any Vite-based framework
npm run dev

This is part of our ongoing effort to streamline the developer experience for Vite frameworks. Modern frameworks like Astro let you specify Netlify as your deployment target and handle everything automatically—now AI Gateway works the same way.

This change also improves compatibility with AI coding agents and other automated workflows that expect standard development commands to work without additional configuration.

Learn more about the Netlify Vite Plugin and AI Gateway in the documentation.

Anthropic’s Claude Opus 4.5 model is now available through Netlify’s AI Gateway with zero configuration required.

Use the Anthropic SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Claude Opus 4.5 model:

import Anthropic from "@anthropic-ai/sdk";

export default async () => {
  const anthropic = new Anthropic();

  const response = await anthropic.messages.create({
    model: "claude-opus-4-5-20251101",
    max_tokens: 4096,
    messages: [
      {
        role: "user",
        content: "Give me pros and cons of using claude-opus-4-5-20251120 over other models."
      },
    ],
  });

  return new Response(JSON.stringify(response), {
    headers: { "Content-Type": "application/json" }
  });
}

Claude Opus 4.5 is available across Background Functions, Scheduled Functions, and Edge Functions. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation.

You can also access the newest Claude Code capabilities via Agent Runners, including expanded tool use and support for long-running agent workflows. Learn more in the Agent runner documentation.

When you deploy a project using a ZIP file and the Netlify API, you can now also create branch deploys using the new branch parameter.

While it was always possible to pass a branch parameter to the https://api.netlify.com/api/v1/sites/{site_id}/builds endpoint, it previously had no effect for deploys made programmatically using the API. Now, when creating a ZIP-based deploy via the API, including the branch parameter will properly create a branch deploy instead of a production deploy.

This means teams using ZIP-based workflows through our API can now take full advantage of Netlify’s branch deploy features like preview URLs, and isolated testing environments for different branches.

To create a branch deploy for a ZIP-based site, simply include the branch parameter in your API request:

curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "zip=@your-site.zip" \
  -F "branch=feature-branch" \
  https://api.netlify.com/api/v1/sites/{site_id}/builds

Learn more about the Netlify API builds endpoint in the documentation.

Angular v21 was released today and it is supported on Netlify on day one.

To upgrade, follow the Angular upgrade steps and update @netlify/angular-runtime to v3.0.1 or later.

Learn more:

• Angular v21 Release
• Angular on Netlify
• Angular Runtime

Google’s Gemini 3 Pro Preview model is now available through Netlify’s AI Gateway and Agent Runners with zero configuration required.

Use the Google GenAI SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Gemini 3 Pro Preview model:

import { GoogleGenAI } from "@google/genai";

export default async (request: Request, context: Context) => {
  const ai = new GoogleGenAI({});

  const response = await ai.models.generateContent({
    model: "gemini-3-pro-preview",
    contents: "Explain why gemini 3 is better than other models",
  });

  return new Response(JSON.stringify({ answer: response.text }), {
    headers: { "Content-Type": "application/json" }
  });
};

Gemini 3 is available across Background Functions, Scheduled Functions, and Agent Runners. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation and Agent Runners documentation.

If you have a Netlify Organization, you can now add a DNS record that has a DNS zone from a different team in your Netlify organization.

Previously, DNS records could only be added to DNS zones in the Netlify team that managed them, limiting those with Netlify Organizations. With this new change it is easier than ever for your organization to share DNS zones across Netlify Teams and projects.

Learn more about managing DNS records in the Netlify documentation.

Skew protection is now available for deploys triggered from the CLI starting with the Netlify CLI version 23.11.0 and above. Previously, skew protection did not work with CLI workflows.

To upgrade your Netlify CLI version:

npm update -g netlify-cli

Note that if you use npx when you run your Netlify CLI commands, you will always use the latest Netlify CLI version.

Learn more about the benefits of skew protection, including more stable user experiences and preventing server-client version mismatch errors in our docs.