---
title: "Changelog | Netlify"
description: "Stay updated with the latest features, fixes, and improvements. Realize the speed, agility and performance of a scalable, composable web architecture with Netlify. Explore the composable web platform now!"
source: "https://www.netlify.com/changelog/page/9/"
last_updated: "2026-07-02T20:29:59.000Z"
---
# Changelog

All Tags Agent-runners AI Ai-gateway Angular Astro AX Build CLI Database Design Devtools Domains E-commerce Extensions Forms Framework Functions Logs Next.js Nuxt.js Remix SDK Security Updates Workflow  [Subscribe to feed](https://www.netlify.com/changelog/feed.xml)

-   [
    
    ## GPT-image-1.5 now available in AI Gateway
    
    ](/changelog/gpt-image-1-5-ai-gateway/)
    
    December 17, 2025
    
    -   [ai gateway](/changelog/tag/ai-gateway/)
    
    OpenAI’s GPT-image-1.5 is now available through AI Gateway. You can call this model from Netlify Functions without configuring API keys; the AI Gateway provides the connection to OpenAI for you.
    
    Example usage in a Function:
    
    ```
    import OpenAI from 'openai';const ai = new OpenAI();
    export default async (req, context) => {    const response = await ai.images.generate({        model: 'gpt-image-1.5',        prompt: 'Generate a realistic image of a golden retriever working in an office',        n: 1,        size: '1024x1024',        quality: 'low',        output_format: 'jpeg',        output_compression: 80    });
        const imageBase64 = response.data[0].b64_json;    const imageBuffer = Uint8Array.from(atob(imageBase64), c => c.charCodeAt(0));
        return new Response(imageBuffer, {        status: 200,        headers: {            'content-type': 'image/jpeg',            'cache-control': 'no-store'        }    });}
    ```
    
    This model works across any function type and is compatible with other Netlify primitives such as caching and rate limiting, giving you control over request behavior across your site.
    
    See the [AI Gateway documentation](https://docs.netlify.com/build/ai-gateway/overview/) for details.
    
    [Permalink to GPT-image-1.5 now available in AI Gateway Permalink](/changelog/gpt-image-1-5-ai-gateway/)
    
-   [
    
    ## AI Gateway now Generally Available
    
    ](/changelog/2025-12-16-ai-gateway-ga/)
    
    December 16, 2025
    
    -   [ai gateway](/changelog/tag/ai-gateway/)
    -   [ai](/changelog/tag/ai/)
    
    [AI Gateway](https://docs.netlify.com/build/ai-gateway/overview/) is now generally available (GA) for all Netlify users. Build AI-powered apps with confidence using our fully managed gateway that handles AI model keys, setup, and monitoring automatically.
    
    For a deeper dive into AI Gateway capabilities, check out our [latest blog post](https://www.netlify.com/blog/ai-gateway-is-now-generally-available/).
    
    For a video overview of how the AI Gateway works with a fun demo project, check out our [AI Gateway gameshow demo](https://www.youtube.com/watch?v=9CqxH7IFbds).
    
    For other AI Gateway example projects, check out these videos:
    
    -   [AI agent generates blog post images](https://www.youtube.com/watch?v=R7J-pSkdh0o)
    -   [AI agent summarizes form submissions](https://www.youtube.com/watch?v=Fe33sf-pHm8)
    
    Learn more in our [AI Gateway documentation](https://docs.netlify.com/build/ai-gateway/overview/).
    
    ## Availability
    
    To use AI Gateway, you must have a Credit-based plan or an enabled Enterprise plan.
    
    Learn more about [pricing for AI features](https://docs.netlify.com/manage/accounts-and-billing/billing/billing-for-credit-based-plans/pricing-for-ai-features/#pricing-for-ai-gateway) and [monitoring their usage](https://docs.netlify.com/manage/accounts-and-billing/billing/billing-for-credit-based-plans/monitor-usage-for-credit-based-plans/#ai-inference-usage).
    
    To request access to the AI Gateway for an Enterprise plan, reach out to your Netlify account manager.
    
    [Permalink to AI Gateway now Generally Available Permalink](/changelog/2025-12-16-ai-gateway-ga/)
    
-   [
    
    ## Observability is here
    
    ](/changelog/2025-12-16-observability/)
    
    December 16, 2025
    
    -   [logs](/changelog/tag/logs/)
    -   [functions](/changelog/tag/functions/)
    
    Netlify Observability offers real-time visibility into your project’s production performance and resource usage.
    
    Monitor requests, bandwidth, runtime behavior, functions, and Edge Functions to understand how your web project operates in production, fix errors, and optimize web performance.
    
    Get a deep feature tour from our [Observability blog post](https://www.netlify.com/blog/introducing-observability-stop-guessing-what-s-happening/).
    
    ## Try Observability
    
    From your project overview, select **Logs & metrics** > **Observability**. To expand details for a request, select a request.
    
    ![Observability dashboard](/images/changelog/observability-dashboard.png)
    
    ## Availability
    
    Observability is available for Credit-based plans and Enterprise plans. If you have a Legacy pricing plan, you can get a sneak peek at your observability data by checking out the widget from your Project Overview.
    
    ![Observability widget on project overview showing past hour of request data](/images/changelog/observability-widget-past-hour.png)
    
    Credit-based plan
    
    Time filter available
    
    Free
    
    Past 24 hours
    
    Personal
    
    Past 7 days
    
    Pro
    
    Past 30 days
    
    Enterprise plan
    
    Time filter available
    
    Any opted-in Enterprise plan
    
    Past 30 days
    
    Note that if you have a Credit-based plan or have Observability enabled for an Enterprise plan, then Function Metrics will no longer be available to you as it is replaced by Observability.
    
    If you do not have Observability, then Function Metrics will continue to be available to you.
    
    Learn more in our [Function metrics](https://docs.netlify.com/manage/monitoring/function-metrics/) docs.
    
    ## Other monitoring updates
    
    As part of monitoring updates, we have also updated the names of some of our monitoring features.
    
    Old name
    
    New name
    
    Real User Metrics
    
    Real User Monitoring
    
    Project analytics (formerly site analytics)
    
    Web analytics
    
    ## Further info
    
    To learn more, check out [Observability docs](https://docs.netlify.com/manage/monitoring/observability/overview).
    
    [Permalink to Observability is here Permalink](/changelog/2025-12-16-observability/)
    
-   [
    
    ## New Prerender extension
    
    ](/changelog/2025-12-16-prerender-extension-ga/)
    
    December 16, 2025
    
    -   [extensions](/changelog/tag/extensions/)
    
    The [Prerender extension](https://docs.netlify.com/build/post-processing/prerendering/#prerender-extension) is now generally available (GA) for all Netlify users. The legacy prerendering feature is now deprecated with [limited support](#deprecating-the-legacy-prerendering-feature).
    
    Once set up, this extension automatically serves pre-rendered HTML to crawlers, agents, and preview services, while regular site visitors continue to receive your standard JavaScript application.
    
    Prerendering ensures your app’s content is discoverable to AI agents, SEO crawlers, and preview services, such as for social media previews.
    
    Prerendering is designed for apps that use JavaScript to generate page content instead of serving most or all content in HTML, such as for single-page applications (SPAs) built with frameworks like React, Vue, or Angular.
    
    For a deeper dive on prerendering and the new extension, check out our [latest blog post](https://www.netlify.com/blog/prerendering-an-old-trick-new-again/).
    
    ## Does my project need prerendering?
    
    Not sure if your web project needs prerendering?
    
    Find out using our [prerendering checker tool](https://do-you-need-prerender.netlify.app/) and your project URL.
    
    ## Set up the Prerender extension
    
    To try out the Prerender extension, install it from the [Netlify extensions library](https://app.netlify.com/extensions/prerender).
    
    If you have the legacy prerendering feature enabled, disable it in your site’s settings.
    
    Learn more about setting up this extension from our [Prerender extension documentation](https://docs.netlify.com/build/post-processing/prerendering/).
    
    ## Deprecating the legacy prerendering feature
    
    The legacy built-in prerendering feature is now deprecated and will gradually shut down and stop working.
    
    Here is the deprecation timeline:
    
    Date
    
    Impacted plans
    
    January 20, 2026
    
    The feature will be disabled for customers on Free plans (either legacy or credit-based) or the legacy Starter plan.
    
    February 17, 2026
    
    The feature will be disabled for customers on the Personal plan or the Pro plans (legacy or credit-based)
    
    March 17, 2026
    
    The feature will be disabled for Enterprise and all other specialized plans.
    
    Note: Some customers on paid plans have a customized setup in which the legacy feature acted as a [proxy to external prerendering vendors](https://docs.netlify.com/build/post-processing/prerendering/#external-services). Please reach out to [Netlify Support](https://www.netlify.com/support/) for help on your next options.
    
    [Permalink to New Prerender extension Permalink](/changelog/2025-12-16-prerender-extension-ga/)
    
-   [
    
    ## Action required: React/Next.js CVE-2025-55184 and CVE-2025-55183
    
    ](/changelog/2025-12-11-action-required-two-more-react-nextjs-vulns/)
    
    December 11, 2025
    
    -   [security](/changelog/tag/security/)
    -   [next.js](/changelog/tag/next-js/)
    
    **Update (2025-12-12 00:41 UTC):** The React and Next.js patches initially published on Dec. 11 at 21:10 incompletely addressed the vulnerabilities. A [follow-up CVE was issued](https://www.cve.org/CVERecord?id=CVE-2025-67779) and follow-up patches have been released by the React and Next.js teams. All versions below have been updated accordingly. If you upgraded during this 3.5-hour window, please upgrade again.
    
    * * *
    
    Following [last week’s critical vulnerability in React and Next.js](https://www.netlify.com/changelog/2025-12-03-react-security-vulnerability-response/), two additional vulnerabilities are being publicly disclosed today:
    
    -   [**CVE-2025-55184:** Denial of Service (CVSS 7.5/10, high severity)](https://www.cve.org/CVERecord?id=CVE-2025-55184)
        -   A malicious actor can send a request that makes the Next.js server hang.
        -   On Netlify, this type of request gets interrupted by a timeout after 30–40 seconds. As Next.js on Netlify runs on automatically scaled serverless functions, there is no risk of impact to legitimate requests. However, this can have impacts to your monthly bill due to increased bandwidth and function CPU usage.
    -   [**CVE-2025-55183:** Leaking Server Functions (CVSS 5.3/10, medium severity)](https://www.cve.org/CVERecord?id=CVE-2025-55184)
        -   A malicious actor can send a request that leaks the compiled body of a given Server Function/Action.
    
    ## Impact
    
    In both cases, [all Next.js sites using App Router are vulnerable](https://nextjs.org/blog/security-update-2025-12-11). This includes all v14 releases up to and including 14.2.33, all v15 releases up to and including 15.5.7, all v16 releases up to and including 16.0.8, and v13.4+ if opted into the `experimental.serverActions` flag. (In the case of CVE-2025-55183, only sites actually _using_ any Server Actions are vulnerable.)
    
    We have collaborated with the React and Next.js teams to roll out mitigations to the Netlify network in advance of public disclosure.
    
    However, as we’ve seen in the past week, malicious actors around the world are constantly working to quickly identify novel ways to exploit newly published vulnerabilities. The best protection is to upgrade.
    
    ## What should I do?
    
    **Upgrade as soon as possible**. Both vulnerabilities are patched in all these releases:
    
    -   Next.js 14.2.35
    -   Next.js 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, or 15.5.9
    -   Next.js 16.0.10
    
    As [Next.js 13 has been unsupported for over a year](https://nextjs.org/support-policy), the Next.js team has chosen not to patch it. If your site uses Next.js 13.4+ and has opted in to the `experimental.serverActions` flag, we strongly recommend upgrading to 14.2.34 or later as soon as possible (note: v14 is also technically unsupported).
    
    To be abundantly clear: if you have upgraded to address last week’s CVE, **you must upgrade once again**.
    
    ## Other RSC frameworks
    
    [These are React vulnerabilities](https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components), in the [React Server Functions protocol](https://react.dev/reference/rsc/server-functions) present in all versions of React 19 up to and including 19.2.1.
    
    The following RSC implementations are therefore vulnerable: `waku`, `@parcel/rsc`, `@vitejs/plugin-rsc`, `react-server-dom-parcel`, `react-server-dom-webpack`, `react-server-dom-turbopack`, and the React Router 7 RSC preview.
    
    If you are using any of these, upgrade it to the latest version and upgrade `react` to 19.0.3, 19.1.4, or 19.2.3 as soon as possible.
    
    ## Resources
    
    -   [React disclosures](https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components)
    -   [Next.js disclosures](https://nextjs.org/blog/security-update-2025-12-11)
    
    * * *
    
    We are working continually with the React and Next.js teams and are committed to keeping your sites secure on Netlify.
    
    _This post was last updated on 2025-12-11 at 21:15 UTC_
    
    [Permalink to Action required: React/Next.js CVE-2025-55184 and CVE-2025-55183 Permalink](/changelog/2025-12-11-action-required-two-more-react-nextjs-vulns/)
    
-   [
    
    ## GPT-5.2 and GPT-5.2-Pro now available in AI Gateway and Agent Runners
    
    ](/changelog/gpt-5-2-ai-gateway/)
    
    December 11, 2025
    
    -   [ai gateway](/changelog/tag/ai-gateway/)
    -   [agent runners](/changelog/tag/agent-runners/)
    
    OpenAI’s GPT-5.2 and GPT-5.2-Pro are now available through AI Gateway and Agent Runners. You can call these models from Netlify Functions without configuring API keys; the AI Gateway provides the connection to OpenAI for you.
    
    Example usage in a Function:
    
    ```
    import { OpenAI } from "openai";
    export default async () => {  const openai = new OpenAI();
      const response = await openai.chat.completions.create({    model: "gpt-5.2",    messages: [      { role: "user", content: "What are the key improvements in GPT-5.2?" }    ]  });
      return new Response(JSON.stringify(response), {    headers: { "Content-Type": "application/json" }  });};
    ```
    
    These models work across any function type and are compatible with other Netlify primitives such as caching and rate limiting, giving you control over request behavior across your site.
    
    See the [AI Gateway documentation](https://docs.netlify.com/build/ai-gateway/overview/) for details.
    
    Agent Runners support the same models, enabling AI to complete long-running coding tasks. You can learn more in the [Agent Runners documentation](https://docs.netlify.com/build/build-with-ai/agent-runners/overview/).
    
    [Permalink to GPT-5.2 and GPT-5.2-Pro now available in AI Gateway and Agent Runners Permalink](/changelog/gpt-5-2-ai-gateway/)
    
-   [
    
    ## GPT-5.1-Codex-Max now available in AI Gateway and Agent Runners
    
    ](/changelog/gpt-5-1-codex-max-ai-gateway-agent-runners/)
    
    December 4, 2025
    
    -   [ai gateway](/changelog/tag/ai-gateway/)
    -   [agent runners](/changelog/tag/agent-runners/)
    
    OpenAI’s GPT-5.1-Codex-Max model is now available through Netlify’s AI Gateway and Agent Runners with zero configuration required.
    
    Use the OpenAI SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the GPT-5.1-Codex-Max model:
    
    ```
    import OpenAI from 'openai';
    export default async () => {    const openai = new OpenAI();
        const response = await openai.responses.create({        model: 'gpt-5.1-codex-max',        input: 'What improvements are in GPT‑5.1-Codex-Max?'    });
        return new Response(JSON.stringify(response), {        headers: { 'Content-Type': 'application/json' }    });};
    ```
    
    GPT-5.1-Codex-Max is available across Background Functions, Scheduled Functions, and Edge Functions. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.
    
    Learn more in the [AI Gateway documentation](https://docs.netlify.com/build/ai-gateway/overview/).
    
    You can also leverage GPT-5.1-Codex-Max with Agent Runners to build powerful AI-powered workflows, including expanded tool use and support for long-running agent tasks. Learn more in the [Agent Runners documentation](https://docs.netlify.com/build/build-with-ai/agent-runners/overview/).
    
    [Permalink to GPT-5.1-Codex-Max now available in AI Gateway and Agent Runners Permalink](/changelog/gpt-5-1-codex-max-ai-gateway-agent-runners/)
    
-   [
    
    ## Netlify’s response to the critical React & Next.js security vulnerability
    
    ](/changelog/2025-12-03-react-security-vulnerability-response/)
    
    December 3, 2025
    
    -   [security](/changelog/tag/security/)
    -   [next.js](/changelog/tag/next-js/)
    
    **Update (2025-12-08 22:45 UTC):** Sites that have not yet upgraded to a patched version of Next.js (or other affected framework) must upgrade immediately. Following upgrade, we also recommend rotating all credentials that are [scoped for access within Netlify Functions](https://docs.netlify.com/build/functions/environment-variables/#declare-variables), if you have been running a vulnerable version on or after December 4th, 2025 at 1:00 PM PT.
    
    Over the last many days, several variants of the original React2Shell exploit have emerged. Netlify is working alongside others in a coordinated industry effort to monitor for exploit variants and has been adjusting our blocking mechanisms accordingly.
    
    In addition to these attack blocking mechanisms, we are now blocking all further deploys for sites using versions of software affected by [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182) and [CVE-2025-66478](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp).
    
    **Update (2025-12-06 19:15 UTC):** An official npm package has been released to update affected Next.js apps. Use `npx fix-react2shell-next` to update now. For more information, check the [github repository for `react2shell`](https://github.com/vercel-labs/fix-react2shell-next).
    
    **Update (2025-12-06 15:42 UTC):** As this threat landscape is still evolving in real time, **we advise all customers to immediately upgrade all React and Next.js projects to a patched version**.
    
    **Update (2025-12-06 09:24 UTC):** We have deployed further mitigations for newly discovered exploit vectors.
    
    A critical vulnerability ([CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182)) was recently disclosed in React’s [Server Functions](https://react.dev/reference/rsc/server-functions) protocol, a feature of React Server Components (RSC). React 19.0, 19.1, and 19.2 are affected.
    
    Working closely with the React and Next.js teams, we received early notice and immediately took action to protect our customers.
    
    The vulnerability can be exploited using all RSC implementations, including:
    
    -   Next.js versions 15 and 16, up to and including 15.0.4, 15.1.8, 15.2.5, 15.3.5, 15.4.7, 15.5.6, 16.0.6 ([CVE-2025-66478](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp))
    -   [React Router RSC Preview](https://reactrouter.com/how-to/react-server-components)
    -   [Vite RSC plugin](https://www.npmjs.com/package/@vitejs/plugin-rsc)
    
    In affected configurations, an attacker could craft a request that allows them to **execute arbitrary code within the context of the victim’s app**.
    
    On December 3, at 14:00 UTC, the Netlify team rolled out a patch that prevents this vulnerability from being exploited on our customers’ sites. Since that time, **all Netlify customers are not vulnerable** to the exploit. We have found **no evidence of exploitation** on any Netlify sites.
    
    **Please upgrade all React and Next.js projects to a patched version immediately**, and, in the case of Next.js, [**allow automatic updates of the OpenNext Netlify Next.js adapter**](https://docs.netlify.com/build/frameworks/framework-setup-guides/nextjs/overview/#nextjs-support-on-netlify).
    
    We are working continually with the React and Next.js teams and are committed to keeping your sites secure on Netlify.
    
    * * *
    
    _This post was last updated on 2025-12-08 at 22:45 UTC_
    
    [Permalink to Netlify’s response to the critical React & Next.js security vulnerability Permalink](/changelog/2025-12-03-react-security-vulnerability-response/)
    
-   [
    
    ## Netlify Vite Plugin now supports AI Gateway locally
    
    ](/changelog/2025-12-01-vite-plugin-ai-gateway-support/)
    
    December 1, 2025
    
    -   [ai gateway](/changelog/tag/ai-gateway/)
    -   [astro](/changelog/tag/astro/)
    -   [devtools](/changelog/tag/devtools/)
    
    You can now use [AI Gateway](https://docs.netlify.com/build/ai-gateway/overview/) in local development with just `npm run dev` when using the [Netlify Vite Plugin](https://docs.netlify.com/frameworks/vite/#netlify-vite-plugin). Previously, AI Gateway’s auto-configured environment variables only worked when running `netlify dev`, which added friction for developers using Vite-powered frameworks like Astro.
    
    With this update, AI Gateway environment variables are automatically populated when running your Vite development server directly. This means you can run standard framework commands without extra steps:
    
    ```
    # Works with any Vite-based frameworknpm run dev
    ```
    
    This is part of our ongoing effort to streamline the developer experience for Vite frameworks. Modern frameworks like Astro let you specify Netlify as your deployment target and handle everything automatically—now AI Gateway works the same way.
    
    This change also improves compatibility with AI coding agents and other automated workflows that expect standard development commands to work without additional configuration.
    
    Learn more about the [Netlify Vite Plugin](https://docs.netlify.com/frameworks/vite/#netlify-vite-plugin) and [AI Gateway](https://docs.netlify.com/build/ai-gateway/overview/) in the documentation.
    
    [Permalink to Netlify Vite Plugin now supports AI Gateway locally Permalink](/changelog/2025-12-01-vite-plugin-ai-gateway-support/)
    

[Previous page](/changelog/page/8) [Next page](/changelog/page/10)