Vercel Products
All Vercel Release Notes
- Dec 5, 2025
- Parsed from source:Dec 5, 2025
- Detected by Releasebot:Dec 6, 2025
GPT 5.1 Codex Max now available on Vercel AI Gateway
OpenAI debuts GPT-5.1 Codex Max with Vercel AI Gateway, enabling multi-context long-running coding tasks and faster, token-efficient performance. The AI Gateway offers unified API, observability, BYOK, retry and routing for higher uptime.
GPT-5.1 Codex Max with OpenAI AI Gateway
You can now access OpenAI's latest Codex models, GPT-5.1 Codex Max with Vercel's AI Gateway and no other provider accounts required.
Using a process called compaction, GPT-5.1 Codex Max has been trained to operate across multiple context windows and on real-world software engineering tasks. GPT-5.1 Codex Max is faster and more token efficient compared to previous Codex models, optimized for long-running coding tasks, and can maintain context and reasoning over long periods without needing to start new sessions.
To use GPT-5.1 Codex Max with the AI SDK, set the model to openai/gpt-5.1-codex-max.
AI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimizations for higher-than-provider uptime. It includes built-in observability, Bring Your Own Key support, and intelligent provider routing with automatic retries.
Learn more about AI Gateway, view the AI Gateway model leaderboard or try it in our model playground.
Original source Report a problemset the model to openai/gpt-5.1-codex-max - Dec 5, 2025
- Parsed from source:Dec 5, 2025
- Detected by Releasebot:Dec 6, 2025
Rewrites and redirects now available in runtime logs
Runtime Logs
Vercel users can now view requests that make rewrites or redirects directly in the Vercel dashboard in runtime logs.
By default, these requests are filtered out on the Runtime Logs page. To view these requests on the Logs page, you can filter for Rewrites or Redirects in the Resource dropdown.
- Rewrites: shows the destination of the rewrite
- Redirects: shows the redirect status code and location
This feature is available to all users. Try it out or learn more about runtime logs.
Original source Report a problem - Dec 5, 2025
- Parsed from source:Dec 5, 2025
- Detected by Releasebot:Dec 6, 2025
Introducing Platform Elements
Vercel unveils Platforms with prebuilt UI blocks and shadcn/ui components to accelerate app development. New blocks and actions cover domain setup, deployment, DNS, ownership verification, and abuse reporting, installable via the Platforms CLI.
Blocks
- custom-domain: Domain configuration with DNS validation and real-time verification
- deploy-popover: Deployment interface with status and history
- dns-table: DNS records in a copyable format
- claim-deployment: Ownership verification flow
- report-abuse: Abuse reporting form
Actions
- add-custom-domain: Add and verify domains programmatically
- deploy-files: Deploy files to any project
You can install Platforms components with the Vercel Platforms CLI. For example:
npx @vercel/platforms add claim-deploymentStart building with Platform Elements using our Quickstart for Multi-Tenant or Multi-Project platforms.
Original source Report a problem - Dec 5, 2025
- Parsed from source:Dec 5, 2025
- Detected by Releasebot:Dec 6, 2025
- Modified by Releasebot:Dec 6, 2025
Introducing Vercel for Platforms
Vercel launches Vercel for Platforms with Multi-Tenant and Multi-Project modes to build and run customer apps at scale. It supports single codebase or per-customer projects, wildcard and custom domains, edge routing, and SDK domain management, plus Platform Elements and Quickstart.
You can now build platforms with the new Vercel for Platforms product announced today, making it easy to create and run customer projects on behalf of your users.
Two platform modes are available: Multi-Tenant and Multi-Project, allowing you to deploy with a single codebase or many, across any number of domains.Multi-Tenant Platforms
Run a single codebase that serves many customers with:
- Wildcard domains (*.yourapp.com) with automatic routing and SSL.
- Custom domain support via SDK, including DNS verification and certificate management.
- Routing Middleware for hostname parsing and customer resolution at the edge.
- Single deployment model: deploy once, changes apply to all tenants.
Add custom domains to your app in seconds:
import { addDomain, getDomainStatus, } from "@/components/vercel-platform/src/actions/add-custom-domain"; const added = await addDomain("test.com"); if (added.status === "Valid Configuration") { // do something } const config = await getDomainStatus("test.com"); config.dnsRecordsToSet; // show this in a tableMulti-Project Platforms
Create a separate Vercel project per customer with:
- Programmatic project creation with the Vercel SDK.
- Isolation of builds, functions, environment variables, and settings per customer.
- Support for different frameworks per project.
Deploy your customer's code into isolated projects in seconds:
import { deployFiles } from "@/components/vercel-platform/actions/deploy-files"; // automatically detects the framework & build commands await deployFiles([], { // optionally assign a custom domian domain: "site.myapp.com", });Today we are also introducing Platform Elements, a new library to make building on platforms easier.
Original source Report a problem
Start building with our Quickstart for Multi-Tenant or Multi-Project platform. - Dec 5, 2025
- Parsed from source:Dec 5, 2025
- Detected by Releasebot:Dec 6, 2025
New deployments of vulnerable Next.js applications are now blocked by default
Any new deployment containing a version of Next.js that is vulnerable to CVE-2025-66478 will now automatically fail to deploy on Vercel.
We strongly recommend upgrading to a patched version regardless of your hosting provider. Learn more
This automatic protection can be disabled by setting the
Original source Report a problemDANGEROUSLY_DEPLOY_VULNERABLE_CVE_2025_66478=1environment variable on your Vercel project. Learn more - Dec 4, 2025
- Parsed from source:Dec 4, 2025
- Detected by Releasebot:Dec 5, 2025
Domains must now be managed at the team level
Managing domains at the account level
Managing domains at the account level is no longer supported. Domains must now be managed at the team level, which simplifies access control, collaboration, and unified billing.
Domains that are currently linked to accounts will continue to resolve, serve traffic, and renew as usual, but any changes will require moving the domain to a team.
When viewing an account-level domain, you'll now be prompted to select a destination team to transfer your domain and all project domains, DNS records, and aliases will move to that team and continue to work after the move.
Original source Report a problem - Dec 3, 2025
- Parsed from source:Dec 3, 2025
- Detected by Releasebot:Dec 4, 2025
v15.1.9
Please see CVE-2025-66478 for additional details about this release.
Original source Report a problem - Dec 3, 2025
- Parsed from source:Dec 3, 2025
- Detected by Releasebot:Dec 3, 2025
Security Advisory: CVE-2025-66478
A critical vulnerability (CVSS 10.0) has been identified in the React Server Components protocol that can allow remote code execution. All Next.js 15.x and 16.x users should upgrade immediately.
Original source Report a problem - Dec 3, 2025
- Parsed from source:Dec 3, 2025
- Detected by Releasebot:Dec 4, 2025
Summary of CVE-2025-55182
A critical vulnerability in React Server Components may allow remote code execution. Vercel deployed automatic protections and partners issued mitigations; users should upgrade to patched versions. Updated React and Next.js releases include fixes across affected packages.
Summary
A critical-severity vulnerability in React Server Components (CVE-2025-55182) affects React 19 and frameworks that use it, including Next.js (CVE-2025-66478). Under certain conditions, specially crafted requests could lead to unintended remote code execution.
We created new rules to address this vulnerability and quickly deployed to the Vercel WAF to automatically protect all projects hosted on Vercel at no cost. We also worked with the React team to deliver recommendations to the largest WAF and CDN providers.
We still strongly recommend upgrading to a patched version regardless of your hosting provider.
Impact
Applications using affected versions of the React Server Components implementation may process untrusted input in a way that allows an attacker to perform remote code execution. The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following packages: :
- react-server-dom-parcel (19.0.0, 19.1.0, 19.1.1, and 19.2.0)
- react-server-dom-webpack (19.0.0, 19.1.0, 19.1.1, and 19.2.0)
- react-server-dom-turbopack (19.0.0, 19.1.0, 19.1.1, and 19.2.0)
These packages are included in the following frameworks and bundlers:
- Next.js with versions 6430.3.0-canary.77, 6415 and 6416
- Other frameworks and plugins that embed or depend on React Server Components implementation (e.g., Vite, Parcel, React Router, RedwoodSDK, Waku)
Resolution
After creating mitigations to address this vulnerability, we deployed them across our globally-distributed platform to quickly protect our customers. We still recommend upgrading to the latest patched version.
Updated releases of React and affected downstream frameworks include hardened handling of user inputs to prevent unintended behavior. All users should upgrade to a patched version as soon as possible. If you are on Next.js 14.3.0-canary.77 or a later canary release, downgrade to the latest stable 14.x release.
- Fixed in:
- React: 19.0.1, 19.1.2, 19.2.1
- Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
Frameworks and bundlers using the aforementioned packages should install the latest versions provided by their respective maintainers.
Credit
Thanks to Lachlan Davidson for identifying and responsibly reporting the vulnerability, and the Meta Security and React team for their partnership.
References
- Next.js GHSA
- React GHSA
- Dec 3, 2025
- Parsed from source:Dec 3, 2025
- Detected by Releasebot:Dec 3, 2025
Vercel Agent can now install Web Analytics and Speed insights for you
Vercel Agent now automatically updates your codebase and submits a PR to wire in Web Analytics and Speed Insights. It analyzes project config, installs the package, and adds code snippets, creating a PR you review and merge. Public Beta invites all teams.
Vercel Agent updates
Vercel Agent can now automatically update your codebase and submit a PR to add Web Analytics and Speed Insights to your project.
Vercel Agent analyzes your project configuration and connected GitHub repository, installs the relevant package, adds the relevant code snippet, and creates a pull request with the proposed changes.
Install Web Analytics or Speed Insights
- Go to the Analytics or Speed Insights page of the dashboard.
- Enable the feature.
- Click Implement to start Vercel Agent.
- Review the pull request and merge when ready.
Once the pull request is merged and deployed, tracking starts automatically.
Vercel Agent installations are now available in Public Beta for all teams. Try it out for Web Analytics or Speed Insights.
Original source Report a problem