10 million developers. Launch into orbit →

Posts tagged "Framework"

Subscribe to feed

  • Security Update: Multiple vulnerabilities in SvelteKit

    January 15, 2026

    The Svelte team has disclosed five CVEs affecting the Svelte and SvelteKit ecosystem. Here’s what Netlify customers need to know.

    Vulnerabilities

    • CVE-2026-22775: Memory/CPU exhaustion in devalue (5.1.0–5.6.1)
    • CVE-2026-22774: Memory exhaustion in devalue (5.3.0–5.6.1)
    • CVE-2026-22803: Server crash in @sveltejs/kit (2.49.0–2.49.4)
    • CVE-2025-67647: Server crash and SSRF in @sveltejs/kit (2.44.0–2.49.4) and @sveltejs/adapter-node (2.19.0–2.49.4)
    • CVE-2025-15265: XSS in svelte (5.46.0–5.46.3)

    Impact on Netlify

    CVE-2026-22775, CVE-2026-22774, and CVE-2026-22803

    These are server-side denial-of-service (DoS) vulnerabilities. On Netlify, these have minimal impact: our autoscaling serverless architecture means that a malicious request resulting in a crashed or hung function does not affect other requests. However, active exploitation could increase your function costs.

    In addition, note that only sites using the experimental Remote Functions feature are affected.

    CVE-2025-67647

    As above, this DoS vulnerability involves intentionally “crashing” a server. On Netlify, this has minimal impact.

    The SSRF vulnerability affects a @sveltejs/adapter-node, which is not used by apps deployed to Netlify.

    CVE-2025-15265

    This is a client-side cross-site scripting (XSS) vulnerability. Regardless of hosting provider, all apps using the experimental hydratable with unsanitized user-controlled keys are vulnerable.

    What should I do?

    Although the impact to Netlify sites is limited in this case, we always strongly recommend upgrading as soon as possible to patched releases:

    • devalue 5.6.2 or later
    • @sveltejs/kit 2.49.5 or later
    • @sveltejs/adapter-node 5.5.1 or later
    • svelte 5.46.4 or later

    Resources

  • Angular v21 is now supported

    November 20, 2025

    Angular v21 was released today and it is supported on Netlify on day one.

    To upgrade, follow the Angular upgrade steps and update @netlify/angular-runtime to v3.0.1 or later.

    Learn more:

  • React Router 7 apps can now be deployed to Edge Functions

    November 10, 2025

    React Router 7 apps on Netlify are deployed to Serverless Functions by default. Now, you can choose to deploy your app to Edge Functions instead, bringing your page renders, data loaders, and actions closer to your users while lowering cold start times.

    How to use it

    1. Ensure you’re on version 7.9.0 or later of React Router:
    npm install react-router@latest @react-router/node@latest @react-router/dev@latest
    1. Update to the latest version of the Netlify React Router plugin:
    npm install @netlify/vite-plugin-react-router@latest
    1. Enable the new edge option in your vite.config.ts (or .js):
    export default defineConfig({
      plugins: [
        reactRouter(),
        netlifyReactRouter({ edge: true }), // <- deploy to Edge Functions
        netlify(),
      ],
    })
    1. Finally, create a file at app/entry.server.tsx (or .jsx) containing this single line:
    export { default } from 'virtual:netlify-server-entry'

    On your next deploy, page renders, loaders, and actions will all run in an edge function.

    When to use it

    Choose Edge Functions when:

    • You need minimal latency for your globally distributed users (edge functions run on the node closest to the user)
    • You need to optimize cold starts (initialization is faster with the slim Deno edge runtime)
    • Your data loaders and actions make requests to databases and APIs that are also globally distributed, or none at all
    • You need to support very large request or response bodies (Serverless Functions have a 6 MB limit)

    Choose Serverless Functions when:

    • Your data loaders and actions make requests to databases or APIs that are centrally located (canceling out much of the benefit of edge compute)
    • Your server-side code is CPU-intensive (Serverless Functions run on more powerful machines)
    • You need longer execution times (Functions allow up to 30s clock time, while Edge Functions are limited to 50ms CPU time)
    • You cannot use Edge Functions due to their runtime constraints or limitations

    Next steps

  • React Router 7 middleware now supported

    October 24, 2025

    React Router 7 recently launched its long-awaited middleware feature, stable since v7.9.0.

    Middleware is now fully supported on Netlify.

    How to use it

    Ensure you’re on version 7.9.0 or later of React Router:

    npm install react-router@latest @react-router/node@latest @react-router/dev@latest

    Upgrade to version 2 of the Netlify React Router plugin:

    npm install @netlify/vite-plugin-react-router@latest

    After that, middleware works out of the box.

    Next steps

  • Next.js 16 is ready to deploy on Netlify

    October 21, 2025

    The Next.js 16 release is here and Netlify is ready.

    Deploy the latest version, including Turbopack, React Compiler, and enhanced caching APIs, with zero configuration.

    • Turbopack (stable): Up to 10× faster Fast Refresh and 2-5× faster builds
    • React Compiler (stable): Automatic memoization for smoother re-renders
    • Improved caching APIs: revalidateTag with cacheLife profile argument for Stale-While-Revalidate behavior and Server Actions-only updateTag to immediately refresh cached data

    Template update

    We’ve updated the Next Platform Starter to v16, showcasing Turbopack and the new caching APIs in action. In our tests, the project saw a 2.8× faster next build with Turbopack.

    Upgrading to v16 on Netlify

    If you’re upgrading from v15, no Netlify configuration changes are required. Teams that have opted out of automatic updates for Netlify’s OpenNext adapter will need to manually upgrade, or simply opt back in to receive automatic updates.

    Resources

  • Angular 20 support

    May 28, 2025

    Angular 20 is now fully supported on Netlify with zero configuration required.

    What’s new

    • Full Angular 20 compatibility: Deploy Angular 20 projects with all the latest features including stable signals APIs, zoneless change detection in developer preview, and incremental hydration.

    • Updated Angular template: We’ve refreshed our Angular starter template to showcase Angular 20’s capabilities, including the new control flow syntax and simplified component naming conventions.

    • Optimized SSR support: Angular 20’s stable incremental hydration and route-level rendering modes work with Netlify’s edge network for faster, more efficient server-side rendering.

    How to get started

    Add your existing Angular 20 project by connecting your Git repository–or deploy our template–no configuration changes needed. For new projects, try our updated template with Angular 20’s latest features.

    If you’re planning to upgrade from version 18 or earlier, check out our guidance on the Angular runtime.