Workflow run log filtering is now supported on Vercel, making it easy to view all logs associated with a workflow run in one place instead of piecing them together across individual requests.

You can use the “View Logs” button from the workflow run details page to jump directly into the Logs tab. From there, filter logs using the Workflow Run ID and Workflow Step ID to quickly find logs for specific runs or steps.

Workflow runs on Vercel already provide run-level observability, including step progression, payloads, outputs, and performance metrics. With this addition, you can now also access all related logs directly from the familiar Vercel Logs dashboard. Learn more about the Workflow SDK.

Elastic build machines, released in beta on March 24, are now generally available for all Pro and Enterprise customers, and are now the default for all new Pro teams.

Rather than a one-size-fits-all approach, Vercel evaluates each project individually and assigns the right machine for its actual needs balancing speed and cost. Over 400 teams and 6000 projects have enabled Elastic as their default build machine.

During the beta, approximately 80% of projects have reduced their costs by switching to smaller build machine while maintaining their build speeds. The remaining 20% of projects have been auto upgraded to machines with more CPUs and memory improving their build speed.

Enable elastic builds in your team settings or project settings, or read the builds documentation.

The feature flags details page now includes copy-to-prompt instructions in the instructions pane.

You or your agent can install the Flags SDK, link the project using the Vercel CLI, and add the required flag definitions to the code base.

Teams that prefer manual configuration can still copy the exact flag definitions directly from the instructions pane.

Learn more about Vercel Flags.

Anomaly alerts are now generally available.

Teams using Observability Plus receive alerts when anomalies are detected in their applications to help quickly identify, investigate, and resolve unexpected behavior.

Alerts help monitor your app in real-time by surfacing unexpected changes in usage or error patterns:

• Usage anomalies: unusual patterns in your application metrics, such as edge requests or function duration.

• Error anomalies: abnormal error patterns, such as sudden spikes in 5XX responses on a specific route.

Once an anomaly is detected, Vercel Agent can automatically investigate the issue, identify the likely root cause, analyze the impact, and suggest next steps for remediation.

View alerts directly in your dashboard, or subscribe via email, Slack, or webhooks to get notified wherever your team works. You can also customize what alerts you receive using alert rules.

This feature is available for all teams with Observability Plus at no additional cost.

Try it out or learn more about Alerts.

You can now granularly configure anomaly alerts to define exactly which unexpected spikes and errors matter to your application. Alert rules give you detection-level control, allowing you to customize which projects, alert types, metrics, HTTP status codes, and specific routes you monitor for anomalies.

For the anomalies you choose to track, Vercel automatically investigates your logs and metrics to identify the root cause, routing those findings to distinct destinations like dedicated Slack channels or individual emails.

When you configure a rule to silence a specific pattern, anomaly detection skips that traffic entirely, preventing anomalies from appearing in your dashboard and stopping notifications before they trigger.

This feature is available for teams using Observability Plus at no additional cost.

Try it out or learn more about alert rules.

Django, one of the most popular high-level Python web frameworks, for rapid development, is now supported with zero-configuration. You can now instantly deploy Django full-stack apps or APIs on Vercel.

Vercel now recognizes and deeply understands the specifications of Django applications, removing the need for redirects in vercel.json or using the /api folder.

All applications on Vercel use Fluid compute with Active CPU pricing by default. Static files will be served by the Vercel CDN.

Deploy Django on Vercel or visit the Django on Vercel documentation

Link to headingExample Django app

CLI entry point

1
import os
2
import sys
3

4
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
5

6
from django.core.management import execute_from_command_line
7

8
execute_from_command_line(sys.argv)

Project settings

1
SECRET_KEY = "my-secret-key"
2
DEBUG = False
3
ALLOWED_HOSTS = ["localhost", "127.0.0.1", ".vercel.app"]
4
ROOT_URLCONF = "app.urls"
5
WSGI_APPLICATION = "app.wsgi.application"
6
INSTALLED_APPS = ["app"]

URL routing table

1
from django.urls import path
2
from app.views import index
3

4
urlpatterns = [
5
    path("", index),
6
]

Request handlers

1
from django.http import HttpResponse
2

3

4
def index(request):
5
    return HttpResponse("<html><body>hello, world!</body></html>")

WSGI entry point

1
import os
2
from django.core.wsgi import get_wsgi_application
3

4
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
5

6
application = get_wsgi_application()

Vercel Sandboxes can now be used and managed directly from the Vercel CLI, through the vercel sandbox subcommand.

This eliminates the need to install and maintain a separate command-line tool, and removes the friction of switching contexts. Your entire Sandbox workflow now lives exactly where you already work, keeping your development experience unified and fast.

Run pnpm i -g vercel@latest to update to the latest Vercel CLI (at least v50.42.0).

Link to headingSummary

A high-severity vulnerability (CVSS 7.5) in React Server Components can lead to Denial of Service.

We created new rules to address these vulnerabilities and deployed them to the Vercel WAF to automatically protect all projects hosted on Vercel at no cost. However, do not rely on the WAF for full protection. Immediate upgrades to a patched version are required.

Link to headingImpact

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.

These vulnerabilities are present in Next.js 13.x, 14.x, 15.x, 16.x and affected packages using the App Router. The issue is tracked upstream as CVE-2026-23869

Link to headingResolution

After creating mitigations to address this vulnerability, we deployed them across our globally-distributed platform to protect our customers. We still recommend upgrading to the latest patched version.

Updated releases of React and affected downstream frameworks include fixes to prevent this issue. All users should upgrade to a patched version as soon as possible.

Link to headingFixed In

• = 15.0.0 to be fixed in 15.5.15

• = 16.0.0 to be fixed in 16.2.3