---
title: "Changelog | Netlify"
description: "Stay updated with the latest features, fixes, and improvements. Realize the speed, agility and performance of a scalable, composable web architecture with Netlify. Explore the composable web platform now!"
source: "https://www.netlify.com/changelog/page/14/"
last_updated: "2026-07-03T01:04:07.000Z"
---
# Changelog

All Tags Agent-runners AI Ai-gateway Angular Astro AX Build CLI Database Design Devtools Domains E-commerce Extensions Forms Framework Functions Logs Next.js Nuxt.js Remix SDK Security Updates Workflow  [Subscribe to feed](https://www.netlify.com/changelog/feed.xml)

-   [
    
    ## Netlify CLI 21.4.1 UI and workflow enhancements
    
    ](/changelog/netlify-cli-21-ui-and-workflow-enhancements/)
    
    May 15, 2025
    
    ![CLI updates](https://cdn.sanity.io/images/o0o2tn5x/marketing/b1db9efe7b933f1954460b5947eb885f03af5573-2400x1261.png)
    
    [Netlify CLI](https://cli.netlify.com/) 21.4.1 has a cleaner look, simplified workflows, and a new command.
    
    Install the latest version:
    
    ```
    npm install netlify-cli -g# oryarn global add netlify-cli
    ```
    
    **Onboard to Netlify projects with `netlify clone` command**
    
    Pull an existing Netlify project locally from its repo with one command:
    
    ```
    netlify clone <repository-url>
    ```
    
    Clones the repo and links it to the right Netlify site–ideal for onboarding or switching projects.
    
    **Builds are included with `netlify deploy`**
    
    The deploy command now runs a build step by default, eliminating separate build commands.
    
    Instead of `netlify build && netlify deploy` or `netlify deploy --build`, simply run:
    
    ```
    netlify deploy
    ```
    
    To deploy without building, use netlify `deploy --no-build`.
    
    **Smarter manual setup**
    
    `netlify init` now auto-detects your framework and suggests the right build settings. It’ll even help you create a netlify.toml if you don’t have one.
    
    **Better updates and onboarding**
    
    Additional improvements include:
    
    -   Better update notifications with links to release notes
    -   Improved onboarding guidance with clearer next steps and resource links
    -   Reorganized help command with better documentation references
    
    [Permalink to Netlify CLI 21.4.1 UI and workflow enhancements Permalink](/changelog/netlify-cli-21-ui-and-workflow-enhancements/)
    
-   [
    
    ## Security Update: Next.js sites on Netlify not vulnerable to CVE-2025-32421
    
    ](/changelog/security-update-next-js-sites-on-netlify-not-vulnerable-to-cve-2025-32421/)
    
    May 15, 2025
    
    -   [security](/changelog/tag/security/)
    -   [next.js](/changelog/tag/next-js/)
    
    The Next.js team [recently disclosed CVE-2025-32421](https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4), a low-severity vulnerability allowing for CDN cache poisoning in some scenarios.
    
    The engineering team at Netlify has confirmed that all Next.js sites on Netlify **are not vulnerable**. The vulnerability requires use of a CDN that may cache responses without explicit Cache-Control headers, but Netlify’s CDN never does so.
    
    As a general security precaution, we recommend upgrading to the latest versions of the Next.js framework and [allowing automatic updates of the OpenNext Netlify Next.js adapter](https://docs.netlify.com/frameworks/next-js/overview/#reverting-to-an-older-adapter-version).
    
    [Permalink to Security Update: Next.js sites on Netlify not vulnerable to CVE-2025-32421 Permalink](/changelog/security-update-next-js-sites-on-netlify-not-vulnerable-to-cve-2025-32421/)
    
-   [
    
    ## Introducing the Netlify Cache API
    
    ](/blog/introducing-netlify-cache-api/)
    
    May 8, 2025
    
    • Article
    
    ![](/_astro/8825011c4a7db4cdf0b624c7d3701efb5ac92a42-1200x675_Z2b5S8k.webp)
    
    Discover the new Netlify Cache API beta. Built on web standards, it lets developers cache fetch requests in serverless and edge functions. Works seamlessly with any framework (or without one) for faster, more resilient apps.
    
    [Permalink to Introducing the Netlify Cache API Permalink](/blog/introducing-netlify-cache-api/)
    
-   [
    
    ## Build Plugins: End of support for Node.js 14 + Node.js 16
    
    ](https://answers.netlify.com/t/build-plugins-end-of-support-for-node-js-14-node-js-16/136405)
    
    April 29, 2025
    
    • Support Forums
    
    -   [updates](/changelog/tag/updates/)
    
    The following versions of Node.js have reached their official end of life. Node.js v14 on February 16, 2023 Node.js v16 on August 9, 2023 It is also worth noting that the following version is also about to reach its end of life date. Node.js v18 on…
    
    [Learn more about Build Plugins: End of support for Node.js 14 + Node.js 16 Learn More](https://answers.netlify.com/t/build-plugins-end-of-support-for-node-js-14-node-js-16/136405)
    
-   [
    
    ## Security Update: React Router and Remix Vulnerabilities
    
    ](/changelog/security-update-react-router-remix-vulnerabilities/)
    
    April 27, 2025
    
    -   [security](/changelog/tag/security/)
    -   [remix](/changelog/tag/remix/)
    
    We are aware of recently disclosed vulnerabilities affecting React Router and Remix:
    
    1.  **[CVE 2025-31137](https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477) (React Router 7 and Remix): Spoof request path allowing certain access control bypasses**
    2.  **[CVE-2025-43864](https://github.com/advisories/GHSA-f46r-rw29-r322) (React Router 7 only): Cache poisoning leading to unusable responses**
    3.  **[CVE-2025-43865](https://github.com/remix-run/react-router/security/advisories/GHSA-cpj6-fhp6-mr6j) (React Router 7 only): Cache poisoning with arbitrary data**
    
    **Impact on Netlify sites:**
    
    -   **CVE 2025-31137:** Sites on Netlify **are not vulnerable**, because the Netlify CDN cache varies on the query string by default, and Remix and React Router sites on Netlify do not use the impacted Express package.
    -   **CVE-2025-43864:** Sites on Netlify using **React Router 7.2.0 to 7.5.1** **were vulnerable until 04/27 3:00 UTC**. However, exploitation requires _all_ of the following conditions for a given URL to be poisonable:
        -   The site must not be using React Router’s SPA mode.
        -   The page or loader must be explicitly setting **caching headers**.
        -   A malicious request would need to be the **first request** to reach the cache (such as immediately after a deploy or cache invalidation).
    -   **CVE-2025-43865:** Sites on Netlify using **React Router 7.0.0 to 7.5.1** **were vulnerable until 04/27 3:00 UTC**. However, exploitation requires _all_ of the following conditions for a given URL to be poisonable:
        -   The page or loader must be explicitly setting **caching headers**.
        -   A malicious request would need to be the **first request** to reach the cache (such as immediately after a deploy or cache invalidation).
    
    We strongly recommend upgrading to the latest versions of React Router (7.5.2).
    
    Given these specific requirements, the number of vulnerable Netlify sites is low. However, out of an abundance of caution, our engineering team is actively rolling out a mitigation to further protect against these vulnerabilities. We will continue to monitor the situation and will provide updates as our work progresses.
    
    **Update:** As of 2025-04-27 3:00 AM UTC, a mitigation has been rolled out to the Netlify CDN for all vulnerable sites.
    
    [Permalink to Security Update: React Router and Remix Vulnerabilities Permalink](/changelog/security-update-react-router-remix-vulnerabilities/)
    
-   [
    
    ## Improved diagnosis tools for failed deploys
    
    ](/changelog/improved-diagnosis-tools-for-failed-deploys/)
    
    April 25, 2025
    
    -   [ax](/changelog/tag/ax/)
    -   [ai](/changelog/tag/ai/)
    -   [build](/changelog/tag/build/)
    
    ![](https://cdn.sanity.io/images/o0o2tn5x/marketing/9b492b7c487449ba93f40a203ef46533607d14cc-1862x1354.png)
    
    Our “Why did it fail?” feature now integrates better with your chosen AI-powered development workflows. When our AI shares its diagnosis and proposed solution, the “Copy analysis for use in AI tools” button will copy to clipboard:
    
    -   The relevant error log lines from your deploy
    -   Diagnosis of the problem
    -   The proposed solution
    
    This is ready to paste into your AI tool of choice, unlocking a closer feedback loop to speed up bug resolution and get your deploy up and running error-free!
    
    [Permalink to Improved diagnosis tools for failed deploys Permalink](/changelog/improved-diagnosis-tools-for-failed-deploys/)
    
-   [
    
    ## MCP Servers on Netlify
    
    ](https://developers.netlify.com/guides/write-mcps-on-netlify/)
    
    April 24, 2025
    
    -   [ax](/changelog/tag/ax/)
    
    Build, deploy, and host Model Context Protocol (MCP) servers on Netlify today. This emerging protocol lets you expose tools, resources, and prompts to AI agents via the open MCP standard. This helps streamline creating good agent experiences and bringing powerful context-aware capabilities to the AI applications your end users are relying upon.
    
    [Read the “Building MCPs with Netlify” developer guide by Sean Roberts](https://developers.netlify.com/guides/write-mcps-on-netlify/) to get started.
    
    [Permalink to MCP Servers on Netlify Permalink](/changelog/mcp-on-netlify/) [Learn more about MCP Servers on Netlify Learn More](https://developers.netlify.com/guides/write-mcps-on-netlify/)
    
-   [
    
    ## Partner Deploy API Now Supports Purpose-Driven Build Titles
    
    ](/changelog/partner-deploy-api-now-supports-purpose-driven-build-titles/)
    
    April 23, 2025
    
    -   [ax](/changelog/tag/ax/)
    
    Netlify now makes it even easier to deploy zipped site builds with improved support for multipart/form-data. The updated deploy flow encourages developers to include a title field — a descriptive message similar to a git commit — explaining the purpose of the deploy. This title appears in the Netlify UI, helping teams track changes, review builds faster, and maintain better deploy hygiene.
    
    Zip it, tag it, ship it 🚀 Get started with this [developer guide](https://developers.netlify.com/guides/deploy-zip-file-to-production-website/#trigger-a-new-production-build-and-deploy).
    
    [Permalink to Partner Deploy API Now Supports Purpose-Driven Build Titles Permalink](/changelog/partner-deploy-api-now-supports-purpose-driven-build-titles/)
    
-   [
    
    ## Smarter form security for AI-generated Netlify code
    
    ](/changelog/smarter-form-security-for-ai-generated-netlify-code/)
    
    April 18, 2025
    
    -   [ai](/changelog/tag/ai/)
    -   [ax](/changelog/tag/ax/)
    
    When using the Netlify context files in Cursor or Windsurf, whenever the agents generate code with Netlify Forms, they will add the [honeypot field](https://docs.netlify.com/forms/spam-filters/#honeypot-field) to make your forms more secure by default.
    
    [See context files](https://docs.netlify.com/welcome/build-with-ai/#netlify-context-files)
    
    [Permalink to Smarter form security for AI-generated Netlify code Permalink](/changelog/smarter-form-security-for-ai-generated-netlify-code/)
    

[Previous page](/changelog/page/13) [Next page](/changelog/page/15)