Changelog

Netlify is now listed in the Cursor marketplace, so you can connect your AI-assisted coding environment directly to Netlify without leaving your editor.

Whether you’re spinning up a new project or iterating on an existing site, having Netlify available from within Cursor means fewer context switches between building and deploying.

Find it at cursor.com/marketplace/netlify.

Anthropic’s Claude Fable 5 model is now available through Netlify’s AI Gateway with zero configuration required.

Use the Anthropic SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Claude Fable 5 model:

import Anthropic from '@anthropic-ai/sdk';

export default async () => {
    const anthropic = new Anthropic();

    const response = await anthropic.messages.create({
        model: 'claude-fable-5',
        max_tokens: 4096,
        messages: [
            {
                role: 'user',
                content: 'How can AI improve my cybersecurity?'
            }
        ]
    });

    return new Response(JSON.stringify(response), {
        headers: { 'Content-Type': 'application/json' }
    });
};

Claude Fable 5 is available for all Function types. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation.

Angular v22 was released today and it is supported on Netlify on day one.

To upgrade, follow the Angular upgrade steps and update @netlify/angular-runtime to v4.0.0 or later.

Notable changes

• Minimum Node.js version: Angular v22 requires Node.js 22.12.0 or later. Make sure your Netlify site is configured to use a supported Node.js version.
• allowedHosts config: Angular v21.x (specifically, @angular/ssr) introduced an allowedHosts option in the AngularAppEngine configuration, giving you explicit control over which hosts are permitted to connect. Angular 22 started returning a HTTP 400 for requests with other host headers. @netlify/angular-runtime handles adding the most common URLs for a Netlify deploy to the allowedHosts config automatically allowing developers to use Netlify’s branch and deploy previews without the HTTP 400 error.
• Forwarded headers support withtrustProxyHeaders: A new trustProxyHeaders option lets Angular applications behind a reverse proxy correctly read forwarded headers such as X-Forwarded-For and X-Forwarded-Proto. @netlify/angular-runtime handles adding the required headers automatically.

Learn more:

• Angular v22 Release
• Angular on Netlify
• Angular Runtime

The React Router team has disclosed seven security vulnerabilities. Here’s what Netlify customers need to know.

Vulnerabilities

Impact on Netlify

GHSA-8x6r-g9mw-2r78 and GHSA-rxv8-25v2-qmq8 (denial of service)

These are server-side denial-of-service (DoS) vulnerabilities. On Netlify, these have minimal impact: our autoscaling serverless architecture means that a malicious request resulting in a crashed or hung function does not affect other requests. However, active exploitation could increase your function costs.

GHSA-8646-j5j9-6r62 (XSS in unstable RSC)

This vulnerability affects apps using the experimental unstable_* RSC APIs where an attacker can control a redirect target. Only apps using these unstable APIs are affected.

Regardless of hosting provider, affected apps passing untrusted input into RSC redirect calls may be vulnerable.

GHSA-49rj-9fvp-4h2h (RCE when chained)

This vulnerability is not directly exploitable against React Router alone. Reaching the vulnerable code path requires the application to first be independently vulnerable to a prototype pollution attack.

GHSA-2j2x-hqr9-3h42 (open redirect)

Apps that redirect users to attacker-supplied URLs with the intent to restrict them to the same origin may inadvertently allow protocol-relative redirects to external origins.

Regardless of hosting provider, all affected apps passing untrusted input to redirect() may be vulnerable.

GHSA-f22v-gfqf-p8f3 (stored XSS in prerendering)

This vulnerability affects apps using the prerendering feature (prerender: [...] in react-router.config.ts). If any redirect target baked into a prerendered build originates from external or attacker-controlled data, the static artifact remains affected until a fresh build is run with a patched version.

Regardless of hosting provider, all affected apps using prerendering with externally sourced redirect targets may be vulnerable.

GHSA-84g9-w2xq-vcv6 (CSRF bypass for PUT/PATCH/DELETE)

The CSRF origin check introduced in React Router 7.12.0 only applied to POST requests on the document-request path, leaving PUT, PATCH, and DELETE unchecked. In practice, exploitation additionally requires the app to have explicitly opened CORS for those methods and to be issuing session cookies with SameSite=None.

Regardless of hosting provider, this only poses a meaningful risk in apps with permissive cross-origin configurations.

What should I do?

We strongly recommend upgrading as soon as possible to patched releases:

• react-router 7.15.1 or later
• @react-router/dev 7.13.2 or later (if using prerendering)

If your app uses prerendering, trigger a fresh build after upgrading to regenerate any affected static assets.

Note that any publicly available deploy previews and branch deploys may remain vulnerable until they are automatically deleted. Consider deleting these deploys manually.

Anthropic’s Claude Opus 4.8 model is now available through Netlify’s AI Gateway and Agent Runners with zero configuration required.

Use the Anthropic SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Claude Opus 4.8 model:

import Anthropic from '@anthropic-ai/sdk';

export default async () => {
    const anthropic = new Anthropic();

    const response = await anthropic.messages.create({
        model: 'claude-opus-4-8',
        max_tokens: 4096,
        messages: [
            {
                role: 'user',
                content: 'How can AI improve my coding?'
            }
        ]
    });

    return new Response(JSON.stringify(response), {
        headers: { 'Content-Type': 'application/json' }
    });
};

Claude Opus 4.8 is available for all Function types and Agent Runners. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation and Agent Runners documentation.

The following versions of Node.js have reached their official end of life: Node.js v18 on April 30, 2025 Node.js v20 on April 30, 2026 Now it’s time to say goodbye to Node.js versions 18 and 20 in our build plugins. This change will allow us to use…

Google’s Gemini 3.5 Flash model is now available through Netlify’s Agent Runners with zero configuration required.

Learn more in the Agent Runners documentation.

The Nuxt team has disclosed four security vulnerabilities. Here’s what Netlify customers need to know.

Vulnerabilities

• CVE-2026-47200: Route middleware bypass via island page endpoints (nuxt 3.11.0–3.21.5, 4.0.0-alpha.1–4.4.5)
• CVE-2026-46342: Island response not validated against request props (nuxt 3.1.0–3.21.5, 4.0.0-alpha.1–4.4.5)
• CVE-2026-45670: Dev server exposes built source over LAN (nuxt 3.15.4–3.21.5, 4.0.0-alpha.1–4.4.5)
• CVE-2026-45669: Reflected XSS via navigateTo with external: true (nuxt 3.4.3–3.21.5, 4.0.0-alpha.1–4.4.5)

Impact on Netlify

CVE-2026-47200 (route middleware bypass)

When component islands are enabled — the default in Nuxt 4, and available via an opt-in flag in Nuxt 3 — .server.vue page files are accessible via /__nuxt_island/page_* endpoints that render pages without invoking Vue Router, bypassing route middleware entirely. An unauthenticated attacker can request these endpoints directly to access pages that rely solely on middleware for access control.

Regardless of hosting provider, all affected Nuxt apps using .server.vue pages with route-middleware-only authentication are vulnerable.

CVE-2026-46342 (island cache poisoning)

The /__nuxt_island/* endpoint accepts props via query parameters without server-side hash validation, allowing the same path to return different content depending on query parameters. If an upstream cache keys on path only, an attacker can inject crafted props into cached responses — enabling XSS if the application renders those props through unsafe HTML sinks.

On Netlify, cached function responses vary by query string. This vulnerability requires overriding Netlify’s default Netlify-Vary behavior and is not exploitable in standard Netlify deployments.

CVE-2026-45670 (dev server source exposure)

Running nuxt dev --host binds the development server to a non-loopback address; with the rspack or webpack builder (not the default Vite builder), malicious sites on the same network can access the application’s source code. This only affects local development environments.

Netlify production deployments are not affected. Developers should avoid using --host with rspack or webpack builders, or upgrade to patch the issue.

CVE-2026-45669 (reflected XSS via navigateTo)

When navigateTo() is called with external: true, Nuxt generates a server-side HTML meta-refresh redirect. The destination URL is insufficiently sanitized — HTML-significant characters are not encoded, so an attacker who controls the URL parameter can inject arbitrary scripts that execute before the redirect occurs.

Regardless of hosting provider, all apps passing untrusted user input to navigateTo() with external: true are vulnerable.

What should I do?

We strongly recommend upgrading as soon as possible to patched releases:

• nuxt 3.21.6 or later (for Nuxt 3.x), or 4.4.6 or later (for Nuxt 4.x)
• @nuxt/rspack-builder and @nuxt/webpack-builder 3.21.6 or later, or 4.4.6 or later (if applicable)

Note that any publicly available deploy previews and branch deploys may remain vulnerable until they are automatically deleted. Consider deleting these deploys manually.

Resources

• Nuxt security advisories

Google’s Gemini 3.5 Flash model is now available through Netlify’s AI Gateway with zero configuration required.

Use the Google GenAI SDK directly in your Netlify Functions without managing API keys or authentication. The AI Gateway handles everything automatically. Here’s an example using the Gemini 3.5 Flash model:

import { GoogleGenAI } from '@google/genai';

export default async () => {
    const ai = new GoogleGenAI({});

    const response = await ai.models.generateContent({
        model: 'gemini-3.5-flash',
        contents: 'How can AI improve my coding?'
    });

    return Response.json(response);
};

Gemini 3.5 Flash is available for all Function types. You get automatic access to Netlify’s caching, rate limiting, and authentication infrastructure.

Learn more in the AI Gateway documentation.