Features

• Serverless Framework
  • Adds support for deploying custom domain names for your HTTP, Rest & WebSocket APIs. Please see the docs for more info.

Bug Fixes

• Serverless Container Framework
  • Fixes an issue with the AWS CRT not always being found when creating Cloudfront resources

Features

• Serverless Framework
  • Add support for ENABLE_LEGACY_DEPLOYMENT_BUCKET env var.
  • Enable packaging without AWS credentials if using legacy deployment buckets.

Bug Fixes

• Serverless Framework
  • Add better validation if deploying to multiple regions and/or stages at the same time.

Features

• Serverless Framework
  • Add support for NO_PROXY (#6048)

Features

• Serverless Container Framework
  • A new AWS DeploymentType with faster and more reliable routing

Bug Fixes

• Serverless Framework
  • Fixes an error when using dashboards with alerts plugin.
  • Logs a warning instead of an error if the user is using the external alerts plugin.

Features

• Serverless Framework
  • Update and add the cloudwatch alerts plugin into the core.

Bug Fixes

• Serverless Framework

  • Default to dev stage if user specified the stage option without a value

• Serverless Container Framework

  • Handle when containers are not running during rebuild

Bug Fixes

• Serverless Framework
  • Skip AWS credentials check on the package command if a deployment bucket name is explicitly set via provider.deploymentBucket
  • Fix support for the -s shortcut in certain cases
  • Fix handling of the service name when service is provided as an object with a name property
• Serverless Container Framework
  • Fix wildcard domain detection in ACM and Route 53

Security Fixes

• Update Go version to address CVE-2025-22871, related to net/http in the Golang stdlib: We’ve reviewed the recent CVE, which generally affects the Go standard library in web servers and web-related functionalities. Since the Serverless Framework is a CLI tool does not rely on running a web server or handling web requests, users are not affected by this vulnerability. The CLI uses a small amount of Go to handle updating to the version set in frameworkCore in serverless.yml. Our update process uses HTTPS with SSL/TLS to securely check for and install new versions, ensuring no risk of exploitation or malicious code injection. All dependencies have been audited, and no vulnerabilities were found. However, upgrading is always a best practice and, we recommend users upgrade to the latest version to ensure they’re on the most secure release. This can be done via the serverless upgrade command, which will update the installer.

Bug Fixes

• Serverless Framework
  • Fixed an issue with proxy support (#13062)