Industry News

We’ve increased included limits and reduced the price of Web Analytics event and the Web Analytics Plus add-on by up to 80%. Web Analytics is now billed: Per single event, instead of 100K increments At $0.00003 per event ($3 per 100K, a 79% decrease from $14 per 100K) At $10/month for the Plus add-on (an 80% decrease, from $50/month) Web Analytics Plus is an optional add-on that unlocks increased retention and UTM parameters. Included event limits have increased: Hobby: 50K events/month (20x increase, from 2.5K) Pro: 100K events/month (4x increase, from 25K) Learn more about Web Analytics pricing. Read more Continue reading...

Discover the new Netlify Cache API beta. Built on web standards, it lets developers cache fetch requests in serverless and edge functions. Works seamlessly with any framework (or without one) for faster, more resilient apps. Continue reading...

Model Context Protocol (MCP) is a way to build integrations for AI models. Vercel now supports deploying MCP servers (which AI models can connect to) as well as MCP clients (AI chatbot applications which call the servers). Get started with our Next.js MCP template today. How is MCP different than APIs? APIs allow different services to communicate together. MCP is slightly different. Rather than thinking about MCP like a REST API, you can instead think about it like a tailored toolkit that helps an AI achieve a particular task. There may be multiple APIs and other business logic used behind the scenes for a single MCP tool. If you are already familiar with tool-calling in AI, MCP is a way to invoke tools hosted on a different...

Vercel Observability now provides detailed breakdowns for individual bots and bot categories, including AI crawlers and search engines. Users across all plans can view this data in the Observability > Edge Requests dashboard. Additionally, Observability Plus users can: Filter traffic by bot category, such as AI View metrics for individual bots Break down traffic by bot or category in the query builder Inspect bot and crawler activity in your Observability dashboard now. Read more Continue reading...

Experimentation, A/B testing, and feature flags serve as essential tools for delivering better user experiences, ensuring smoother rollouts, and empowering teams to iterate quickly with confidence. We're making it easier to bring flags into your workflow with: Read more Continue reading...

The Flags Explorer lets you override feature flags for your own session, without affecting colleagues, and without signing into your flag provider. This enables you to test features in production before they go live and keeps you in the flow. This feature is now generally available for all customers. Hobby, Pro, and Enterprise plans include 150 overrides per month, with unlimited overrides available for $250 per month on Pro and Enterprise. Teams that used Flags Explorer during the beta have 30 days to activate the new unlimited option before the 150 overrides per month limit takes effect. This can be done in the Vercel dashboard or directly through the Vercel Toolbar. Additionally, The Flags SDK automatically respects overrides set...

Projects with on-demand concurrent builds can now use enhanced build machines to improve build performance. Available on all paid plans, these machines offer double the resources: 8 CPUs, 16 GB memory, and 58 GB disk. This reduces both build time and total build minutes used. Existing customers are already seeing up to 25% faster builds with no changes required. Enhanced builds can be enabled per project and are billed per minute. Enterprise customers can run all concurrent builds, including pre-allocated build slots and on-demand, on higher-spec machines. Enable on-demand enhanced builds and learn more in our documentation. Read more Continue reading...

The Vercel AI Accelerator is back. This year, we'll work with 40 teams building the future of AI. Over six weeks, participants get the tools, infrastructure, and support to create next-generation AI apps. Applications are open now until May 17. Read more Continue reading...

Session tracing is now available to all Vercel users, providing end-to-end visibility into the timing of each step in a request's lifecycle, from when it enters Vercel’s infrastructure to execution inside your Vercel Functions. With session tracing you can: Start tracing sessions on your deployments directly from the Vercel Toolbar, no setup required. View spans for Vercel's routing, caching, middleware, and function layers as well as those instrumented in your code. Share traces with teammates for faster debugging and optimization. Use tracing alongside logs and metrics to debug, optimize, and improve iteration speed. Session tracing is free to customers on all plans. To get started, find Tracing in the Vercel Toolbar...

Building for the web goes beyond speed and aesthetics, discoverability matters just as much. While AI can accelerate web development, it often skips over performance, accessibility, or SEO best practices that matter for discoverability. With v0, you don’t have to compromise. Every interface you generate is fast, accessible, and SEO-optimized by default. v0 integrates with Next.js and deploys to Vercel, giving you structured metadata, performance tuning, and Server Side Rendering (SSR). The result is better Core Web Vitals, pages that load quickly and return full HTML, making them easier for search engines to crawl and index. Read more Continue reading...

Vercel discovered and patched an information disclosure vulnerability in the Flags SDK, affecting versions: flags ≤ 3.2.0 @vercel/flags ≤ 3.1.1 This is being tracked as CVE-2025-46332. We have published an automatic mitigation for the default configuration of the Flags SDK on Vercel. We recommend upgrading to flags@4.0.0 (or migrating from @vercel/flags to flags) to remediate the issue. Further guidance can be found in the upgrade guide. Impact and Analysis A malicious actor could determine the following under specific conditions: Flag names Flag descriptions Available options and their labels (e.g. true, false) Default flag values Flags providers were not accessible. No write access nor additional customer...

Vercel now fully supports the HTTP Vary header, making it easier to cache personalized content across all plans with no configuration required. The Vary header tells caches which request headers to include when generating cache keys. This allows Vercel’s application delivery network to store and serve different versions of a page based on headers like X-Vercel-IP-Country or Accept-Language, so users get fast, localized content without recomputation. By returning the above headers your site caches and serves country-specific content. A visitor from the United States receives the US-specific cached version, and visitors from other countries receive the version for their locale, with no recomputation required. Learn more about caching...

Yesterday, a federal court made a decisive ruling in Epic Games v. Apple: Apple violated a 2021 injunction by continuing to restrict developers from linking to external payment methods, and by imposing a 27% fee when they did. The ruling represents a major shift for native app developers. Read more Continue reading...

You can now create custom WAF rules directly from the chart displayed on the Firewall tab of the Vercel dashboard. When viewing your traffic grouped by a parameter (like IP address, user agent, or request path), you can now select "Create Custom Rule" within the actions menu of any displayed time series. This automatically generates an editable draft of the custom WAF rule that matches the selected parameter. Once the WAF rule is saved and published, it's immediately propagated across our global network. This feature is available to all users across all plans at no additional cost. Learn more about the Vercel Firewall. Read more Continue reading...

You can now disable the deployment_status webhook event that Vercel sends to GitHub when Vercel is connected to your GitHub repository. When deployment_status events are enabled, GitHub's pull request activity will create a log with a status event for every deployment. While this can keep your team better informed, it can also create noisy event logs for repositories with many deployment events, especially in monorepos with many projects. Disabling these events prevents repeated messages from cluttering your GitHub PR's event history, giving you a cleaner, more focused view of your pull request activity. The Vercel Github comment containing links to your preview deployments will continue to be posted as before. The...

Providers building native integrations for the Vercel Marketplace can now use the Checks API to deliver deeper functionality for their users. With Vercel's Checks API, you can define and run custom tests and assertions after every deployment, then surface actionable results directly in the Vercel dashboard. As a testing provider, you can implement checks such as reliability tests (e.g. API availability, runtime errors), performance tests (e.g. response time thresholds, load simulation), or Web Vitals (e.g. layout shift). This helps developers catch real-world issues earlier in their workflow, powered by your integration. When building your integration, keep these best practices in mind: Offer minimal or no-configuration solutions...

The following versions of Node.js have reached their official end of life. Node.js v14 on February 16, 2023 Node.js v16 on August 9, 2023 It is also worth noting that the following version is also about to reach it’s end of life date. Node.js v18 on... Continue reading...

We’ve redesigned the Project Domains page with faster search, smoother navigation, and clearer visibility into your domain configurations. Faster Browsing and Cleaner Overviews Navigating and understanding your domain setup is now quicker and more direct: Live Search: Start typing in the search bar, and your domain list will filter as you type without needing an exact match. Infinite Scroll: We've replaced the "View More" button with smooth, infinite scrolling so you can browse without interruptions. Cleaner View: Key information like associated Redirects and Environments are now displayed inline within the domain list, giving you a comprehensive overview at a glance without needing to click into individual domain details...

Security researchers reviewing the Remix web framework have discovered two high-severity vulnerabilities in React Router. Vercel proactively deployed mitigation to the Vercel Firewall and Vercel customers are protected. CVE-2025-43864 and CVE-2025-43865 enable an external party to modify the response using certain request headers, which can lead to cache poisoning Denial of Service (DoS). CVE 43865 enables vulnerabilities such as stored Cross Site Scripting (XSS). Impact and analysis When we learned about the vulnerability, we started analyzing the impact to the Vercel platform. Here are our findings and recommendations: We were able to reproduce the vulnerability and demonstrate that cache poisoning is trivial, including stored...

We are aware of recently disclosed vulnerabilities affecting React Router and Remix: CVE 2025-31137 (React Router 7 and Remix): Spoof request path allowing certain access control bypasses CVE-2025-43864 (React Router 7 only): Cache poisoning leading to unusable responses CVE-2025-43865 (React Router 7 only): Cache poisoning with arbitrary data Impact on Netlify sites: CVE 2025-31137: Sites on Netlify are not vulnerable, because the Netlify CDN cache varies on the query string by default, and Remix and React Router sites on Netlify do not use the impacted Express package. CVE-2025-43864: Sites on Netlify using React Router 7.2.0 to 7.5.1 are vulnerable. However, exploitation requires all of the following conditions for a given URL to...