Changelog

The Next.js 16 release is here and Netlify is ready.

Deploy the latest version, including Turbopack, React Compiler, and enhanced caching APIs, with zero configuration.

• Turbopack (stable): Up to 10× faster Fast Refresh and 2-5× faster builds
• React Compiler (stable): Automatic memoization for smoother re-renders
• Improved caching APIs: revalidateTag with cacheLife profile argument for Stale-While-Revalidate behavior and Server Actions-only updateTag to immediately refresh cached data

Template update

We’ve updated the Next Platform Starter to v16, showcasing Turbopack and the new caching APIs in action. In our tests, the project saw a 2.8× faster next build with Turbopack.

Upgrading to v16 on Netlify

If you’re upgrading from v15, no Netlify configuration changes are required. Teams that have opted out of automatic updates for Netlify’s OpenNext adapter will need to manually upgrade, or simply opt back in to receive automatic updates.

Resources

• Deploy the demo
• Read the Next.js 16 release
• View Next.js on Netlify docs

Now you can require all production deploys to go through a Git-based workflow.

When enabled in your project settings, this setting prevents:

• Accidental production publishes from the Netlify CLI, MCP server, or API
• Promoting Deploy Previews or branch deploys to production through the Netlify UI

This ensures that both team members and AI agents follow your preferred Git-based workflow before your project’s code reaches production.

Learn more in our Git workflow docs.

Claude Haiku 4.5 is now available through Netlify’s AI Gateway — no extra setup required.

You can use the native Anthropic SDK without managing API keys or external accounts.

Here’s how to use it today in a Netlify Function with the Anthropic SDK:

import Anthropic from "@anthropic-ai/sdk";

export default async () => {
  const anthropic = new Anthropic();

  const response = await anthropic.messages.create({
    model: "claude-haiku-4-5-20251001",
    messages: [
      {
        role: "user",
        content: "Give me pros and cons of using claude-haiku-4-5-20251001 over other models."
      },
    ],
  });
}

This is supported across Edge, Background, and Scheduled Functions and includes features like Rate-Limiting, access to Netlify’s advanced caching primitives, and many others.

Learn more in the AI Gateway docs.

GPT-5 Pro is now available through Netlify’s AI Gateway — no extra setup required. You can use the OpenAI SDK directly, without needing to manage API keys or external accounts.

Here’s how you can use it today in Netlify Functions:

import { OpenAI } from "openai";

export default async () => {
  const openai = new OpenAI();
  const response = await openai.responses.create({
    model: "gpt-5-pro",
    input: "Give pros and cons of using GPT-5 Pro over open models.",
  });
};

This is supported across Edge, Background, and Scheduled Functions and includes features like Rate-Limiting, access to Netlify’s advanced caching primitives, and many others.

See more in the AI Gateway docs.

To support new AI workflows and our AI inference usage meter we’re rebalancing our credit-based pricing plans:

Add-on credit rates (effective immediately)

• Personal: 200 credits for $5 → 500 credits for $5
• Pro: 1,000 credits for $20 → 1,500 credits for $10

These new rates apply to all credit-based plans when you auto-recharge credits.

Pro plan monthly credits (effective next billing cycle)

• Before: 5,000 credits/month
• After: 3,000 credits/month

To smooth the transition, anyone who signed up for a Pro credit-based plan prior to October 1st will receive a 2,000 credit bonus in their October billing cycle.

View plans or estimate costs with our pricing calculator.

Today we’re releasing new AI workflows that bring powerful coding agents directly into your Netlify projects, with zero setup.

• Agent Runners: Run Claude Code, Codex, or Gemini directly from the Netlify Dashboard, with full production context. Available today for projects using GitHub-connected repositories or manual deploys.

• AI Gateway (beta): Connect to any AI model without managing API keys, with usage tracked against your Netlify credits.

These features are available on all credit-based plans. If you’re on a legacy plan, you can update to a credit-based plan to start using them.

Learn more:

• Agent Runners announcement blog
• Agent Runners docs
• AI Gateway docs

Accounts on legacy pricing can continue using their existing plan with no required changes. If you’d like, you can now switch to our new credit-based plans.

About our new plans

• Review our updated pricing
• Understand our change to credit-based plans
• Estimate your pricing with our pricing calculator
• Understand how credits work

For additional questions, see our legacy plans FAQ or get in touch with support.

We’ve simplified our pricing to make it more transparent and predictable.

Our new credit-based plans are now available for new accounts.

Current customers: You can stay on your legacy plan with no action required. The ability to optionally update to new plans will be available soon.

What’s new

Credit-based billing replaces complex metrics. Instead of tracking 15+ separate metrics, add-on packages, and usage tiers, you now have a single credit balance to monitor. Check your credit usage at a glance and dive into Account usage insights for details.

Three plans

New Personal plan benefits

• Purchase additional credits as needed
• 7-day project analytics and Real User Metrics
• Priority email support
• Smart secret detection to prevent credential leaks
• Option to add concurrent build capacity

Controlling costs

While the free plan is still always free, our paid credit-based plans also offer you control over what happens when your site or app runs out of credits.

You can keep costs predictable by waiting till your monthly credits refresh at the start of your billing cycle or you can set up auto recharge, which allows you to buy more credits in smaller increments as your web project needs them. Auto recharge is turned off by default and as a Team Owner you can turn on or off at any time.

Paid plans have the option to purchase additional credits in these increments:

• Personal plans: 200 credits for $5 USD
• Pro plans: 1000 credits for $20 USD

Simplified metered billing Here is how credit usage is calculated by Netlify’s metered billing at a high-level. For more detailed and technical explanations, check out our docs on How credits work.

You can also explore pricing estimates with our Pricing estimation calculator.

How credits work

When can I update to a new plan? The ability to for existing legacy plan customers to update to new plans will be available soon. We’ll notify you when you can optionally switch to the new plans.

We are aware of recently disclosed vulnerabilities affecting Next.js applications:

1. CVE-2025-55173: Next.js Image Optimization – Arbitrary File Download
2. CVE-2025-57822: Next.js Middleware – SSRF via Misuse of next()
3. CVE-2025-57752: Next.js Image Optimization – Cache Poisoning / Unauthorized Disclosure

As a security precaution, we recommend upgrading to the latest versions of Next.js and enabling automatic updates of the OpenNext Netlify Next.js adapter.

The engineering team at Netlify has reviewed these and determined the following impact on Netlify sites: *

1. CVE-2025-55173: Next.js Image Optimization – Arbitrary File Download

Sites on Netlify are not vulnerable.

Next.js sites on Netlify use Netlify’s Image CDN instead of the affected built-in Next.js Image Optimization feature. Furthermore, Netlify Image CDN strips Content-Disposition headers, which is required for successful exploitation of this vulnerability. With this header removed it is not possible to force a file download or override the filename, even in case of a mismatch between the requested image type and the source file type.

2. CVE-2025-57822: Next.js Middleware – SSRF via Misuse of next()

Sites on Netlify are not vulnerable.

Our OpenNext adapter uses Edge Functions to run middleware and relies on the context.next() API as the underlying implementation of NextResponse.next() calls, passing the original request URL and preventing this attack vector.

3. CVE-2025-57752: Next.js Image Optimization – Cache Poisoning / Unauthorized Disclosure

Next.js sites on Netlify are potentially vulnerable, if the sites use the next/image component to fetch images from a source that uses headers to conditionally serve images.

Next.js sites using the next/image component will automatically opt into Netlify’s Image CDN which, by design, will automatically cache the source assets on Netlify’s Edge Cache. This means that a source image that is served behind an authorization header will get cached on the Netlify Edge Cache in order to improve performance. Upgrading to the newest version of Next.js will not change this behavior.

If your Next.js site serves images from a protected source, we advise you to not use the next/image component so that you have full control over the caching and authorization strategies required for your use-case.

We are working continually with the Next.js team and are committed to making your sites secure on Netlify.