Vercel Sandbox now supports Node.js version 24.

To run a Sandbox with Node.js 24, upgrade @vercel/sandbox to version 1.1.0 or above and set the runtime property to node24:

1
import { Sandbox } from "@vercel/sandbox";
2

3
async function main() {
4
  const sandbox = await Sandbox.create({
5
    runtime: "node24",
6
  });
7

8
  const version = await sandbox.runCommand("node", ["-v"]);
9
  console.log(`Node.js version: ${await version.stdout()}`);
10
}
11

12
main().catch(console.error);

Read our Sandbox documentation to learn more.

Vercel now supports lifespan events for FastAPI apps. This allows you to define logic that can execute on startup and graceful shutdown—such as managing database connections or flushing external logs.

1
from contextlib import asynccontextmanager
2
from fastapi import FastAPI
3

4
@asynccontextmanager
5
async def lifespan(app: FastAPI):
6
    # Startup logic
7
    print("Starting up...")
8
    await startup_tasks()
9
    yield
10
    # Shutdown logic
11
    await cleanup_tasks()
12

13
app = FastAPI(lifespan=lifespan)

Deploy FastAPI on Vercel or visit the FastAPI on Vercel documentation.

Vercel now provides a unified dashboard that surfaces any security issues requiring action from your team. When a critical vulnerability or security-related task is detected, the dashboard automatically groups your affected projects and guides you through the steps needed to secure them.

This view appears as a banner whenever action is required, and can be accessed anytime through the dashboard search.

Most CVEs are handled automatically through WAF rules and other protections, but when user action is needed, they will appear here.

• Automatic detection of security vulnerabilities that require user intervention - When the platform identifies a vulnerability or configuration that cannot be fully mitigated by Vercel’s autonomous protections, it’s surfaced here with clear instructions.

• Project grouping based on required actions - Current categories include unpatched dependencies, manual fix required, unprotected preview deployments. Additional groups will appear over time as new protections and checks are added.

• Support for both automated remediation - When possible, Vercel Agent offers one-click automated upgrades and PRs.

• Support for manual remediation - For cases requiring manual updates or where GitHub access isn’t available, we provide direct instructions such as: npx fix-react2shell-next

Link to headingStay secure with less effort

The unified dashboard helps teams act quickly during critical moments, consolidate required fixes in one place, and maintain a stronger security posture across all projects.

Explore the dashboard to view any required updates.

Vercel Agent now detects vulnerable packages in your project, and automatically generates pull requests with fixes to upgrade them to patched versions.

Powered by Vercel's self-driving infrastructure, these auto-fix upgrades are available at no cost and help teams stay secure with minimal manual effort.

• Automatic detection of vulnerable React, Next.js, and related RSC packages

• Automatic PR creation

• Full execution and verification of updates inside isolated Sandbox environments

• Preview links generated with PR, to manually validate updates

About React2Shell
React2Shell (CVE-2025-55182) is a critical remote code execution vulnerability in React Server Components that affects React 19 and frameworks that use it like Next.js. Specially crafted requests can trigger unintended code execution if your application is running a vulnerable version. Immediate upgrades are required for all projects using affected React and Next.js releases.

Get the latest updates on React2Shell or view the new dashboard here.

Today, we are launching first-class support for the Rust runtime beta.

This new release of native support, as an evolution of the community Rust runtime, brings the full benefits of Vercel Functions, including Fluid compute (with HTTP response streaming and Active CPU pricing) and an increased environment variable limit from 6KB to 64KB.

Rust deployments automatically integrate with Vercel's existing logging, observability, and monitoring systems.

To get started, create a Cargo.toml file and a handler function like in the example below:

1
[package]
2
name = "rust-hello-world"
3
version = "0.1.0"
4
edition = "2024"
5

6
[dependencies]
7
tokio = { version = "1", features = ["full"] }
8
vercel_runtime = { version = "2" }
9
serde = { version = "1.0", features = ["derive"] }
10
serde_json = "1.0"
11

12
[[bin]]
13
name = "hello"
14
path = "api/hello.rs"

1
use serde_json::{Value, json};
2
use vercel_runtime::{Error, Request, run, service_fn};
3

4
#[tokio::main]
5
async fn main() -> Result<(), Error> {
6
    let service = service_fn(handler);
7
    run(service).await
8
}
9

10
async fn handler(_req: Request) -> Result<Value, Error> {
11
    Ok(json!({
12
        "message": "Hello, world!",
13
    }))
14
}

Deploy to Vercel today with one of our starter templates Rust Hello World and Rust Axum, or read more in the Function docs.

Vercel users can now view requests that make rewrites or redirects directly in the Vercel dashboard in runtime logs.

By default, these requests are filtered out on the Runtime Logs page. To view these requests on the Logs page, you can filter for Rewrites or Redirects in the Resource dropdown.

• Rewrites: shows the destination of the rewrite

• Redirects: shows the redirect status code and location

This feature is available to all users. Try it out or learn more about runtime logs.

Any new deployment containing a version of Next.js that is vulnerable to CVE-2025-66478 will now automatically fail to deploy on Vercel.

We strongly recommend upgrading to a patched version regardless of your hosting provider. Learn more

This automatic protection can be disabled by setting the DANGEROUSLY_DEPLOY_VULNERABLE_CVE_2025_66478=1 environment variable on your Vercel project. Learn more

As part of the new Vercel for Platforms product, you can now use a set of prebuilt UI blocks and actions to add functionality directly to your application.

An all-new library of production-ready shadcn/ui components and actions help you launch (and upgrade) quickly.

Blocks:

• custom-domain: Domain configuration with DNS validation and real-time verification

• deploy-popover: Deployment interface with status and history

• dns-table: DNS records in a copyable format

• claim-deployment: Ownership verification flow

• report-abuse: Abuse reporting form

Actions:

• add-custom-domain: Add and verify domains programmatically

• deploy-files: Deploy files to any project

You can install Platforms components with the Vercel Platforms CLI. For example:

1
npx @vercel/platforms add claim-deployment

Start building with Platform Elements using our Quickstart for Multi-Tenant or Multi-Project platforms.