Changelog

Update (2025-12-12 00:41 UTC): The React and Next.js patches initially published on Dec. 11 at 21:10 incompletely addressed the vulnerabilities. A follow-up CVE was issued and follow-up patches have been released by the React and Next.js teams. All versions below have been updated accordingly. If you upgraded during this 3.5-hour window, please upgrade again.

Following last week’s critical vulnerability in React and Next.js, two additional vulnerabilities are being publicly disclosed today:

• CVE-2025-55184: Denial of Service (CVSS 7.5/10, high severity)
  • A malicious actor can send a request that makes the Next.js server hang.
  • On Netlify, this type of request gets interrupted by a timeout after 30–40 seconds. As Next.js on Netlify runs on automatically scaled serverless functions, there is no risk of impact to legitimate requests. However, this can have impacts to your monthly bill due to increased bandwidth and function CPU usage.
• CVE-2025-55183: Leaking Server Functions (CVSS 5.3/10, medium severity)
  • A malicious actor can send a request that leaks the compiled body of a given Server Function/Action.

Impact

In both cases, all Next.js sites using App Router are vulnerable. This includes all v14 releases up to and including 14.2.33, all v15 releases up to and including 15.5.7, all v16 releases up to and including 16.0.8, and v13.4+ if opted into the experimental.serverActions flag. (In the case of CVE-2025-55183, only sites actually using any Server Actions are vulnerable.)

We have collaborated with the React and Next.js teams to roll out mitigations to the Netlify network in advance of public disclosure.

However, as we’ve seen in the past week, malicious actors around the world are constantly working to quickly identify novel ways to exploit newly published vulnerabilities. The best protection is to upgrade.

What should I do?

Upgrade as soon as possible. Both vulnerabilities are patched in all these releases:

• Next.js 14.2.35
• Next.js 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, or 15.5.9
• Next.js 16.0.10

As Next.js 13 has been unsupported for over a year, the Next.js team has chosen not to patch it. If your site uses Next.js 13.4+ and has opted in to the experimental.serverActions flag, we strongly recommend upgrading to 14.2.34 or later as soon as possible (note: v14 is also technically unsupported).

To be abundantly clear: if you have upgraded to address last week’s CVE, you must upgrade once again.

Other RSC frameworks

These are React vulnerabilities, in the React Server Functions protocol present in all versions of React 19 up to and including 19.2.1.

The following RSC implementations are therefore vulnerable: waku, @parcel/rsc, @vitejs/plugin-rsc, react-server-dom-parcel, react-server-dom-webpack, react-server-dom-turbopack, and the React Router 7 RSC preview.

If you are using any of these, upgrade it to the latest version and upgrade react to 19.0.3, 19.1.4, or 19.2.3 as soon as possible.

Resources

• React disclosures
• Next.js disclosures

We are working continually with the React and Next.js teams and are committed to keeping your sites secure on Netlify.

This post was last updated on 2025-12-11 at 21:15 UTC

OpenAI’s GPT-5.2 and GPT-5.2-Pro are now available through AI Gateway and Agent Runners. You can call these models from Netlify Functions without configuring API keys; the AI Gateway provides the connection to OpenAI for you.

Example usage in a Function:

import { OpenAI } from "openai";

export default async () => {
  const openai = new OpenAI();

  const response = await openai.chat.completions.create({
    model: "gpt-5.2",
    messages: [
      { role: "user", content: "What are the key improvements in GPT-5.2?" }
    ]
  });

  return new Response(JSON.stringify(response), {
    headers: { "Content-Type": "application/json" }
  });
};

These models work across any function type and are compatible with other Netlify primitives such as caching and rate limiting, giving you control over request behavior across your site.

See the AI Gateway documentation for details.

Agent Runners support the same models, enabling AI to complete long-running coding tasks. You can learn more in the Agent Runners documentation.

OpenAI’s GPT-5.1-Codex-Max model is now available through Netlify’s AI Gateway and Agent Runners with zero configuration required.

Use the OpenAI SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the GPT-5.1-Codex-Max model:

import OpenAI from 'openai';

export default async () => {
    const openai = new OpenAI();

    const response = await openai.responses.create({
        model: 'gpt-5.1-codex-max',
        input: 'What improvements are in GPT‑5.1-Codex-Max?'
    });

    return new Response(JSON.stringify(response), {
        headers: { 'Content-Type': 'application/json' }
    });
};

GPT-5.1-Codex-Max is available across Background Functions, Scheduled Functions, and Edge Functions. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation.

You can also leverage GPT-5.1-Codex-Max with Agent Runners to build powerful AI-powered workflows, including expanded tool use and support for long-running agent tasks. Learn more in the Agent Runners documentation.

Update (2025-12-08 22:45 UTC): Sites that have not yet upgraded to a patched version of Next.js (or other affected framework) must upgrade immediately. Following upgrade, we also recommend rotating all credentials that are scoped for access within Netlify Functions, if you have been running a vulnerable version on or after December 4th, 2025 at 1:00 PM PT.

Over the last many days, several variants of the original React2Shell exploit have emerged. Netlify is working alongside others in a coordinated industry effort to monitor for exploit variants and has been adjusting our blocking mechanisms accordingly.

In addition to these attack blocking mechanisms, we are now blocking all further deploys for sites using versions of software affected by CVE-2025-55182 and CVE-2025-66478.

Update (2025-12-06 19:15 UTC): An official npm package has been released to update affected Next.js apps. Use npx fix-react2shell-next to update now. For more information, check the github repository for react2shell.

Update (2025-12-06 15:42 UTC): As this threat landscape is still evolving in real time, we advise all customers to immediately upgrade all React and Next.js projects to a patched version.

Update (2025-12-06 09:24 UTC): We have deployed further mitigations for newly discovered exploit vectors.

A critical vulnerability (CVE-2025-55182) was recently disclosed in React’s Server Functions protocol, a feature of React Server Components (RSC). React 19.0, 19.1, and 19.2 are affected.

Working closely with the React and Next.js teams, we received early notice and immediately took action to protect our customers.

The vulnerability can be exploited using all RSC implementations, including:

• Next.js versions 15 and 16, up to and including 15.0.4, 15.1.8, 15.2.5, 15.3.5, 15.4.7, 15.5.6, 16.0.6 (CVE-2025-66478)
• React Router RSC Preview
• Vite RSC plugin

In affected configurations, an attacker could craft a request that allows them to execute arbitrary code within the context of the victim’s app.

On December 3, at 14:00 UTC, the Netlify team rolled out a patch that prevents this vulnerability from being exploited on our customers’ sites. Since that time, all Netlify customers are not vulnerable to the exploit. We have found no evidence of exploitation on any Netlify sites.

Please upgrade all React and Next.js projects to a patched version immediately, and, in the case of Next.js, allow automatic updates of the OpenNext Netlify Next.js adapter.

We are working continually with the React and Next.js teams and are committed to keeping your sites secure on Netlify.

This post was last updated on 2025-12-08 at 22:45 UTC

You can now use AI Gateway in local development with just npm run dev when using the Netlify Vite Plugin. Previously, AI Gateway’s auto-configured environment variables only worked when running netlify dev, which added friction for developers using Vite-powered frameworks like Astro.

With this update, AI Gateway environment variables are automatically populated when running your Vite development server directly. This means you can run standard framework commands without extra steps:

# Works with any Vite-based framework
npm run dev

This is part of our ongoing effort to streamline the developer experience for Vite frameworks. Modern frameworks like Astro let you specify Netlify as your deployment target and handle everything automatically—now AI Gateway works the same way.

This change also improves compatibility with AI coding agents and other automated workflows that expect standard development commands to work without additional configuration.

Learn more about the Netlify Vite Plugin and AI Gateway in the documentation.

Anthropic’s Claude Opus 4.5 model is now available through Netlify’s AI Gateway with zero configuration required.

Use the Anthropic SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Claude Opus 4.5 model:

import Anthropic from "@anthropic-ai/sdk";

export default async () => {
  const anthropic = new Anthropic();

  const response = await anthropic.messages.create({
    model: "claude-opus-4-5-20251101",
    max_tokens: 4096,
    messages: [
      {
        role: "user",
        content: "Give me pros and cons of using claude-opus-4-5-20251120 over other models."
      },
    ],
  });

  return new Response(JSON.stringify(response), {
    headers: { "Content-Type": "application/json" }
  });
}

Claude Opus 4.5 is available across Background Functions, Scheduled Functions, and Edge Functions. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation.

You can also access the newest Claude Code capabilities via Agent Runners, including expanded tool use and support for long-running agent workflows. Learn more in the Agent runner documentation.

When you deploy a project using a ZIP file and the Netlify API, you can now also create branch deploys using the new branch parameter.

While it was always possible to pass a branch parameter to the https://api.netlify.com/api/v1/sites/{site_id}/builds endpoint, it previously had no effect for deploys made programmatically using the API. Now, when creating a ZIP-based deploy via the API, including the branch parameter will properly create a branch deploy instead of a production deploy.

This means teams using ZIP-based workflows through our API can now take full advantage of Netlify’s branch deploy features like preview URLs, and isolated testing environments for different branches.

To create a branch deploy for a ZIP-based site, simply include the branch parameter in your API request:

curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "zip=@your-site.zip" \
  -F "branch=feature-branch" \
  https://api.netlify.com/api/v1/sites/{site_id}/builds

Learn more about the Netlify API builds endpoint in the documentation.

Angular v21 was released today and it is supported on Netlify on day one.

To upgrade, follow the Angular upgrade steps and update @netlify/angular-runtime to v3.0.1 or later.

Learn more:

• Angular v21 Release
• Angular on Netlify
• Angular Runtime

Google’s Gemini 3 Pro Preview model is now available through Netlify’s AI Gateway and Agent Runners with zero configuration required.

Use the Google GenAI SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Gemini 3 Pro Preview model:

import { GoogleGenAI } from "@google/genai";

export default async (request: Request, context: Context) => {
  const ai = new GoogleGenAI({});

  const response = await ai.models.generateContent({
    model: "gemini-3-pro-preview",
    contents: "Explain why gemini 3 is better than other models",
  });

  return new Response(JSON.stringify({ answer: response.text }), {
    headers: { "Content-Type": "application/json" }
  });
};

Gemini 3 is available across Background Functions, Scheduled Functions, and Agent Runners. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation and Agent Runners documentation.