Features

• New serverless diff command for previewing changes against the deployed stack. Packages the service locally and renders a structured diff — resources, IAM grants, security groups, parameters, outputs — against the CloudFormation stack currently in AWS. A Function Code section reports per-function code changes by comparing local zip hashes against each Lambda's CodeSha256. Especially useful in CI and PR-review workflows. --json emits a machine-readable summary; --package <path> reuses an existing artifact directory to skip the auto-package step. Docs. (#13602)

  serverless diff
  serverless diff --json
  serverless diff --package .serverless

• TypeScript files supported in ${file()} variable references. The ${file(...)} variable resolver now loads .ts, .mts, and .cts modules in addition to JavaScript, with no separate build step required. All export shapes — default object, async default function, named export, named-export function with property selector, and injected resolveVariable / resolveConfigurationProperty callbacks — behave identically across JavaScript and TypeScript sources. Docs. (#13590)

  // scripts/secrets.ts
  export const getSecrets = async () => ({ apiKey: process.env.API_KEY })

  custom:
    secrets: ${file(./scripts/secrets.ts):getSecrets}

• Custom .env file locations and explicit opt-out via useDotenv. Previously a boolean. Now accepts a path or array of paths to load additional .env files alongside the local .env / .env.${stage} already loaded automatically — useful for monorepos sharing variables across services. useDotenv: false is now honored as the documented opt-out. Debug logging at core:resolver:env surfaces which files loaded and which keys came from each (visible with SLS_DEBUG=*; keys only, never values). Docs. Closes #10641. (#13597)

  useDotenv: ../shared           # load files from a sibling directory
  # useDotenv:                   # …or a list — earlier entries win
  #   - ./overrides.env
  #   - ../
  # useDotenv: false             # disable all .env loading

• CloudWatch Logs Infrequent Access log class. Opt-in logs.logGroupClass: infrequent_access at provider or function level provisions an Infrequent Access log group alongside the standard one, wires Lambda's LoggingConfig.LogGroup to write to it, and applies DeletionPolicy: Retain so its history survives stack updates and removals. The standard sibling is always created so pre-existing logs at the default path are preserved during migration. Services that do not opt in produce an identical CloudFormation template. Docs. Closes #12278. (#13601)

  provider:
    logs:
      lambda:
        logGroupClass: infrequent_access   # service-wide default
  
  functions:
    realTimeReports:
      handler: handler.reports
      logs:
        logGroupClass: standard            # override per function

  Note: AWS does not allow the class of an existing log group to be changed in place. serverless logs -f <function> cannot read Infrequent Access groups — use CloudWatch Logs Insights instead. Once an IA log group has been retained out of the stack, re-enabling infrequent_access later for the same function will fail with ResourceAlreadyExistsException unless the orphaned group is first deleted or imported back into the stack.

• Cognito User Pool PreTokenGeneration V2_0 and V3_0 triggers. New opt-in lambdaVersion property on the cognitoUserPool event for the PreTokenGeneration trigger. Accepted values: V1_0 (ID token customization — historic behavior), V2_0 (ID and access token customization), and V3_0 (V2 capabilities plus machine-to-machine client-credentials grants). When omitted, the emitted CloudFormation is byte-identical to before; existing services see no template diff on upgrade. Docs. Closes #12336. (#13588)

  functions:
    preTokenGeneration:
      handler: preToken.handler
      events:
        - cognitoUserPool:
            pool: MyUserPool
            trigger: PreTokenGeneration
            lambdaVersion: V2_0

  Note: V2_0 and V3_0 require the Cognito Essentials or Plus feature plan.

• Opt-in Lambda recursive loop detection via recursiveLoop. Maps 1:1 to the AWS Lambda function property of the same name. Accepts allow or terminate (default; case-insensitive). By default AWS terminates a function that invokes itself in a loop — set recursiveLoop: allow for designs that intentionally rely on this pattern. Docs. Closes #12938. (#13583)

  functions:
    hello:
      handler: handler.hello
      recursiveLoop: allow

• ECR image retention via provider.ecr.maxImages. Services that deploy Lambda from container images can now bound how much their ECR repository grows. When set, the framework attaches a lifecycle policy that expires the oldest untagged image versions beyond the configured count. Currently-tagged digests are unconditionally safe — only superseded versions can ever be expired. Default behavior (maxImages unset) is unchanged. Docs. Closes #12279. (#13584)

  provider:
    ecr:
      scanOnPush: true
      maxImages: 10

• Reconcile command works against large organizations. serverless reconcile previously failed with a Request Entity Too Large error against organizations with thousands of instances (e.g. 5000+). Reconciliation now batches the request and parallelizes CloudFormation stack fetching while respecting API rate limits. Docs. (#13596)

Bug Fixes

• Durable Lambda functions can now be invoked through event sources that wire an unqualified ARN. AWS rejects unqualified invocations of durable functions with InvalidParameterValueException: You cannot invoke a durable function using an unqualified ARN. The framework now publishes a stable alias and points event sources at it. Closes #13587. (#13589)

• MCP SSE server now binds to loopback only. The MCP server's SSE transport was binding to all network interfaces; it now binds to 127.0.0.1 only and installs Host-header validation. Default port (3001) is unchanged. (#13595)

Maintenance

• Bumped the AWS SDK group across one directory with 34 updates (#13605)
• Upgraded @smithy/util-retry (#13607)
• Upgraded qs (#13604)
• Upgraded protobufjs (#13594)
• Upgraded golang.org/x/mod dependency (#13598)
• Bumped the uv group across 5 directories (#13593)
• Upgraded brace-expansion and ws (#13591)

Bug Fixes

• Fixed framework hang during TypeScript configuration loading. Services with multi-file TypeScript configurations (a serverless.ts that imports other .ts files via relative imports) could deadlock during command startup, most reliably reproduced in AWS CodeBuild. The framework now handles nested TypeScript imports without the deadlock. (#13574, #13581)

• Fixed esbuild version conflicts with the serverless-esbuild plugin. Projects that pinned an esbuild version different from the framework's hit Cannot start service: Host version "X.Y.Z" does not match binary version "A.B.C" errors when running commands like serverless invoke local. Each esbuild instance now resolves its own platform binary independently, so both versions can coexist in the same project. (#13580, #13581)

Maintenance

• Bumped the AWS SDK group with 30 updates (#13575)
• Upgraded protobufjs from 7.5.5 to 7.5.7 (#13573)
• Bumped langsmith across bedrock-agentcore JavaScript examples (#13579)

Features

• Faster, more reliable installs. The Serverless Framework installer no longer needs to download dependencies from the npm registry at install time — everything required is pulled in a single download. Fresh installs also use less disk space (~42 MB saved per framework version). Existing projects work without changes. (#13514)

  Note: Existing users on an older installer will automatically pick up this faster install path the next time they update or fetch a new framework version. To also get the disk-space savings, update the installer with serverless update, or reinstall the serverless npm package.

Bug Fixes

• Patched urllib3 decompression-bomb vulnerability in Python test fixtures. Bumped urllib3 from 2.6.3 to 2.7.0 across all Python lockfiles (poetry, pipenv, pip, uv variants) to resolve GHSA-mf9v-mfxr-j63j. Affects only the test-suite Python environments — no impact on user deployments. (#13568)

• Patched a net/http infinite-loop CVE in the installer runtime. Picks up the upstream fix for CVE-2026-33814 (HTTP/2 CONTINUATION-frame infinite loop when SETTINGS_MAX_FRAME_SIZE=0). All released installers are rebuilt against the patched toolchain. (#13560)

Maintenance

• Patched additional moderate-severity dependency vulnerabilities:
  • Upgraded hono 4.12.14 → 4.12.18, fast-uri 3.0.6 → 3.1.2, fast-xml-builder 1.1.5 → 1.2.0, ip-address 10.1.0 → 10.2.0, and express-rate-limit 8.3.1 → 8.5.1 (#13564)
  • Bumped fast-uri across all 13 bedrock-agentcore JavaScript examples (#13561)
  • Bumped fast-xml-builder (along with two transitives) across all 13 bedrock-agentcore JavaScript examples (#13559)
• Bumped the AWS SDK group with 31 updates from 3.1035.0 to 3.1041.0 (#13565)
• Upgraded mongodb from 7.1.1 to 7.2.0 — adds support for MongoDB's Intelligent Workload Management (#13553)
• Upgraded simple-git from 3.33.0 to 3.36.0 (#13555)
• Bumped the patch-updates group: @slack/web-api 7.15.1 → 7.15.2, fs-extra, and uuid (#13567)
• Bumped dev-dependencies group: eslint 10.2.1 → 10.3.0 and globals (#13566)
• Bumped Jackson Java dependencies in invoke-local runtime wrappers: jackson-core, jackson-databind, jackson-datatype-joda (#13548, #13549, #13550)
• Bumped aws-actions/configure-aws-credentials from v6.1.0 to v6.1.1 in CI workflows (#13563)
• Added toml v4+ to the Dependabot ignore list to preserve Node.js 18 support (#13562)

Bug Fixes

• AppSync: @canonical, @hidden, and @renamed now work on field definitions. The bundled Merged API directive stubs only declared the OBJECT location, so applying these directives to fields failed packaging with errors like Directive "@canonical" may not be used on FIELD_DEFINITION.. They're now declared as OBJECT | FIELD_DEFINITION to match AWS's documented surface. (#13533, #13542). Thanks @PatrykMilewski!

type Query {
  getMessage(id: ID!): Message @renamed(to: "getChatMessage")
  internalField: String @hidden
}

• Python: lambda layer is now built for layer-only services. Services that declared custom.pythonRequirements.layer with no functions: block silently produced an empty CloudFormation stack. The runtime guard now also activates when pythonRequirements.layer is set and the provider runtime starts with python, restoring parity with the standalone serverless-python-requirements plugin. Heads up: services that previously hit this bug will now actually invoke pip on serverless package, so set pythonBin or use dockerizePip if the matching pythonX.Y binary isn't available locally. (#13541)

provider:
  runtime: python3.13
custom:
  pythonRequirements:
    layer: true

• Python: zip entry paths are now normalized to forward slashes on Windows. globSync was preserving Windows backslashes in ZIP archive entries, which broke the ZIP spec and caused import mismatches at runtime. Entries are now written with POSIX-style / separators on every platform, and ci-python.yml also runs Python tests on Windows when Python paths change. (#13307, #13383, #13546). Thanks @Tsingis!

Maintenance

• Patched GHSA-w5hq-g745-h8pq (uuid v3/v5/v6 missing buffer bounds check) in the langgraph-* JavaScript example lockfiles under bedrock-agentcore/examples/javascript/ by bumping nested uuid from 13.0.0 to 13.0.2. Lockfile-only, and these examples aren't shipped in the published package. (#13545)
• Bumped axios from 1.15.0 to 1.15.2 (transitive, lockfile-only) for upstream security-hardening patches. (#13544)

Features

• Added uv dependency-group and optional-dependency controls for Python packaging. Four new custom.pythonRequirements options let you control which extras and groups are included in the deployment package, mirroring the existing Poetry group support. --no-dev is always passed to keep dev dependencies out of Lambda packages by default; opt in via uvWithGroups: [dev] if needed. Read more in the docs. (#13499, #13500) — Thanks @jax-b!

custom:
  pythonRequirements:
    uvOptionalDependencies: # → uv export --extra <name>
      - heavy
    uvWithGroups: # → uv export --group <name>
      - prod
    uvWithoutGroups: # → uv export --no-group <name>
      - test
    uvOnlyGroups: # → uv export --only-group <name>
      - lambda

Bug Fixes

• Fixed sls deploy --package failure with the esbuild builder. Esbuild zip artifacts are now written to .serverless/<name>.zip instead of .serverless/build/<name>.zip, matching the path that extended-validate.js reconstructs. The two-process sls package + sls deploy --package .serverless flow no longer fails with MISSING_ARTIFACT_FILE. The .serverless/build/ directory remains the staging area for intermediate build artifacts (compiled JS, package.json, lockfiles, node_modules) — only the final zip moves up. (#12964, #13507)

• Fixed duplicate PATH entries from the binary installer script. The installer used $(grep -q ...) command substitution to detect whether .serverless/bin was already in the shell config; because -q suppresses output, the substitution always returned an empty string and the condition was always true, so a new line was appended on every install. The script now checks the exit status directly and properly quotes $SHELL_CONFIG. (#13394, #13410) — Thanks @gaurav0909-max!

Maintenance

• Patched moderate-severity security vulnerabilities:
  • Upgraded fast-xml-parser from 5.5.8 to 5.7.1 to patch GHSA-gh4j-gqv2-49f6 (XMLBuilder XML comment and CDATA injection via unescaped delimiters) (#13521)
  • Patched GHSA-w5hq-g745-h8pq (uuid v3/v5/v6 missing buffer bounds check) by bumping nested uuid versions and replacing dockerode 4.0.10 with 5.0.0, which drops the uuid dependency entirely (#13530)
  • Upgraded follow-redirects from 1.15.11 to 1.16.0, hono from 4.12.12 to 4.12.14, and protobufjs from 7.5.3 to 7.5.5 to pick up upstream vulnerability patches (#13516)
  • Upgraded fastify to 5.8.5 to patch GHSA-247c-9743-5963 (CVE-2026-33806) and bumped langsmith from 0.5.6 to 0.5.18 across the bedrock-agentcore JS examples (#13496, #13513)
• Bumped the AWS SDK group with 33 updates from 3.1017.0 to 3.1035.0 (#13526) and an additional 3 updates in packages/framework-dist (#13510)
• Upgraded https-proxy-agent from 7.0.6 to 8.0.0 (major version bump — CJS to ESM conversion only, no API or behavior changes; transparent for the workspace which is already ESM) (#13535)
• Upgraded undici from 6.24.1 to 6.25.0 in packages/util (#13536) and packages/sf-core-installer (#13519)
• Upgraded ws from 8.19.0 to 8.20.0 (#13537)
• Upgraded @slack/web-api from 7.14.1 to 7.15.1 (#13538)
• Upgraded @graphql-tools/merge from 9.1.7 to 9.1.9 and bumped grouped patch updates including adm-zip, eventsource-parser, and filesize (#13532)
• Upgraded pytest from 8.4.2 to 9.0.3 in the uv test fixtures (#13503)
• Upgraded golang.org/x/mod from 0.34.0 to 0.35.0 in binary-installer (#13518)

Features

Serverless Framework

• Added S3 Files support for Lambda file system configuration. Lambda functions can now mount Amazon S3 Files in addition to EFS via fileSystemConfig. The file system type is auto-detected from literal ARNs; for CloudFormation references, specify type: s3files explicitly. The framework automatically generates the correct IAM permissions (s3files:ClientMount/s3files:ClientWrite) and validates VPC configuration. Fully backward compatible — existing EFS configurations work unchanged. Read more in the docs. (#13493)

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: arn:aws:s3files:us-east-1:111111111111:file-system/fs-abc123/access-point/fsap-abc123
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

When using CloudFormation references, set the type explicitly:

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: !GetAtt MyS3FilesAccessPoint.AccessPointArn
      type: s3files
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

Bug Fixes

Serverless Framework

• Fixed min-release-age not being applied during framework distribution builds. The root .npmrc was silently ignored by npm because it reads project config from the nearest package.json directory. Added per-package .npmrc files to packages/framework-dist and packages/sf-core-installer to enforce a 3-day cooldown on newly published dependencies. Also added check-latest: true to CI setup-node steps to ensure consistent npm versions across runners. (#13476)

Maintenance

• Upgraded Go from 1.26.1 to 1.26.2 in binary-installer to fix 5 vulnerabilities in std/crypto/tls, std/crypto/x509, and std/archive/tar (#13492)
• Upgraded hono to 4.12.12 and @hono/node-server to 1.19.13 to fix 6 security vulnerabilities including middleware bypass via repeated slashes (GHSA-wmmm-f939-6g9c, GHSA-92pp-h63x-v22m), path traversal in toSSG() (GHSA-xf4j-xp2r-rqqx), incorrect IP matching (GHSA-xpcf-pg52-r92g), and cookie handling bypasses (GHSA-26pp-8wgv-hjvm, GHSA-r5rp-j6wh-rvv4). Upgraded Pygments to 2.20.0 to fix a ReDoS vulnerability (#13489)
• Upgraded eslint to v10 and @eslint/js to v10 (#13477)

Bug Fixes

Serverless Framework

• Locked transitive dependencies in distributed packages to harden against supply chain attacks. Previously, the framework tarball and npm installer package shipped without a lockfile, allowing transitive dependencies to resolve fresh from the registry on each install. Both packages now include npm-shrinkwrap.json files that pin the entire dependency tree to exact versions. (#13453, #13458)

Maintenance

• Upgraded lodash to v4.18.1 with security fixes for prototype pollution via _.unset/_.omit (GHSA-f23m-r3pf-42rh) and code injection via _.template imports (GHSA-r5fr-rjxr-66jc, CVE-2026-4800) (#13469)
• Upgraded simple-git to v3.33.0 with enhanced input sanitization for git.clone/git.mirror and stricter git -c checks in the unsafe plugin (#13467)
• Upgraded @modelcontextprotocol/sdk to v1.28.0 (#13474)
• Bumped the AWS SDK group with multiple updates (#13462, #13463, #13471, #13473)
• Bumped the patch-updates group with 3 updates (#13464)
• Bumped github.com/fatih/color to v1.19.0 in the binary installer (#13459)
• Bumped actions/setup-go to v6.4.0 (#13460)

Bug Fixes

Serverless Framework

• Pinned axios in the Framework runtime package. (#13453, #13454)

Bug Fixes

Serverless Framework

• Hardened installer against supply chain attacks. Replaced axios, axios-proxy-builder, and tunnel with Node.js built-in fetch() and undici.ProxyAgent for binary downloads. Removed unused xml2js dependency. Pinned remaining dependencies to exact versions and added min-release-age=3 to .npmrc to prevent npm from resolving to very recently published packages. Proxy support now works correctly for both postInstall and run entry points. (#13450)

• Fixed fast-xml-parser XML entity expansion vulnerability (GHSA-8gc5-j5rx-235r). Updated @aws-sdk/xml-builder to resolve fast-xml-parser from 5.4.1 to 5.5.8, patching a numeric entity expansion bypass that could circumvent all entity expansion limits. (#13412, #13421)

• Fixed Jackson vulnerability in Java invoke-local runtime. Bumped jackson-core, jackson-databind, and jackson-datatype-joda from 2.21.0 to 2.21.1 to fix an allocation of resources without limits vulnerability. Also corrected jackson-annotations version from 2.21.0 to 2.21 to match Maven Central's new versioning scheme starting from Jackson 2.20. (#13379, #13382)

• Patched vulnerable transitive dependencies. Refreshed lockfile resolutions across examples and the root workspace to fix express-rate-limit IPv4-mapped IPv6 bypass, fastify Content-Type validation bypass, and hono static file access and cookie injection vulnerabilities. (#13397)

Serverless Container Framework

• Fixed zlib vulnerabilities in dev-mode-proxy container. Upgraded Alpine packages and bumped the base image from node:20-alpine to node:24-alpine to patch critical zlib out-of-bounds write (CVE-2026-22184) and medium-severity input validation (CVE-2026-27171) vulnerabilities. (#13395, #13396)

Maintenance

• Updated multiple dependencies:
  • Bumped the AWS SDK group with 4 batch updates (#13387, #13405, #13414, #13446)
  • Updated the npm_and_yarn group across multiple directories (#13392, #13401, #13420, #13431, #13444)
  • Upgraded the dev-dependencies group (#13372, #13406, #13415, #13428, #13432, #13442)
  • Updated the patch-updates group (#13388, #13407, #13416, #13429)
  • Bumped the pip group across 14 directories (#13369)
  • Updated the uv group across 14 directories (#13435)
  • Updated actions/setup-node and actions/setup-go in the actions group (#13386, #13403)
  • Upgraded Go to 1.26.1 in binary installer (#13402)
  • Updated path-to-regexp (#13445)
  • Upgraded undici to 6.24.0 (#13411)
  • Upgraded simple-git from 3.30.0 to 3.32.3 (#13375, #13391, #13400)
  • Upgraded @modelcontextprotocol/sdk to 1.27.0 (#13374)
  • Upgraded dotenv to 17.3.1 (#13376)
  • Upgraded graphql to 16.13.0 (#13389)
  • Upgraded strip-ansi to 7.2.0 (#13408)
  • Upgraded dockerode (#13429)
  • Upgraded flatted to 3.4.2 (#13419)
  • Upgraded picomatch to 2.3.2 (#13432)
  • Upgraded @slack/web-api (#13373)
  • Updated various Maven plugins and Java dependencies (#13341, #13404, #13424, #13425, #13426)
  • Updated flask to 3.1.3 in pipenv test fixture (#13378)
  • Updated dependencies in examples (#13377, #13380)
• Removed misleading "Installing Serverless in an existing service" documentation section (#13449)

Features

Serverless Framework

• Added AWS Bedrock AgentCore integration for deploying and managing AI agents. Define agents, tools, memory, browsers, and code interpreters via a new ai top-level block in serverless.yml. The Framework compiles agent resources to CloudFormation with least-privilege IAM roles, builds and uploads Docker images to ECR, and supports both JavaScript and Python runtimes. New CLI commands include sls invoke -a <agent> (with JSON and SSE streaming), sls logs -a <agent>, and sls dev mode for agents with hot-reload. Includes 20+ example agents covering LangGraph, MCP servers, browser automation, code interpreters, and more. Read more in the AI Agents documentation. (#13353)

functions:
  calculatorFunction:
    handler: handlers/calculator.handler

ai:
  tools:
    calculator:
      function: calculatorFunction
      toolSchema:
        - name: calculate
          inputSchema:
            type: object
            properties:
              expression:
                type: string
            required:
              - expression

  agents:
    assistant:
      memory:
        expiration: 30

# Deploy the agent
sls deploy

# Invoke with streaming
sls invoke -a assistant -d "What is 2+2?"

# Tail agent logs
sls logs -a assistant --tail

• Dev mode now matches the shim runtime to your local Node.js version. Previously, dev mode always used nodejs20.x for the remote shim regardless of your local Node.js version. The Framework now automatically selects the matching AWS Lambda runtime (e.g., local Node.js 22 -> nodejs22.x), and falls back to nodejs20.x with a warning when the local version isn't supported by Lambda. (#13355, #13362)

• Added JSDoc descriptions to the configuration schema for TypeScript type generation. All JSON Schema properties across 30+ config schema files now include description, @see, @example, @default, @deprecated, and @since annotations. This enables auto-generated TypeScript type definitions (via serverless/typescript) with rich inline documentation, hover tooltips, and link-to-docs support in IDEs. (#13345)

Bug Fixes

Serverless Framework

• Fixed Python packaging with uv failing when the root project is included in requirements. Without --no-emit-project, uv export included the root project as an editable dependency (-e .) in the generated requirements.txt, causing uv pip install to fail inside Docker containers where pyproject.toml is not present. The Framework now passes --no-emit-project to exclude it. Read more in the Python support guide. (#13346, #13348)

Maintenance

• Upgraded minimatch from 5.1.6/9.0.5 to 10.2.1 to resolve a high-severity ReDoS vulnerability (GHSA-3ppc-4f35-3m26) in production dependencies (#13363)
• Upgraded @aws-sdk/* from 3.982.0 to 3.993.0 (#13357)
• Upgraded ajv from 8.17.1 to 8.18.0 (#13352)
• Upgraded @slack/web-api from 7.13.0 to 7.14.0 (#13359)
• Upgraded is-wsl from 3.1.0 to 3.1.1 (#13358)
• Upgraded golang.org/x/mod from 0.32.0 to 0.33.0 in binary-installer (#13356)