Sourced from serverless's releases.

4.14.4

Bug Fixes

• Serverless Framework
  • Skip AWS credentials check on the package command if a deployment bucket name is explicitly set via provider.deploymentBucket
  • Fix support for the -s shortcut in certain cases
  • Fix handling of the service name when service is provided as an object with a name property
• Serverless Container Framework
  • Fix wildcard domain detection in ACM and Route 53

4.14.3

Security Fixes

• Update Go version to address CVE-2025-22871, related to net/http in the Golang stdlib: We’ve reviewed the recent CVE, which generally affects the Go standard library in web servers and web-related functionalities. Since the Serverless Framework is a CLI tool does not rely on running a web server or handling web requests, users are not affected by this vulnerability. The CLI uses a small amount of Go to handle updating to the version set in frameworkCore in serverless.yml. Our update process uses HTTPS with SSL/TLS to securely check for and install new versions, ensuring no risk of exploitation or malicious code injection. All dependencies have been audited, and no vulnerabilities were found. However, upgrading is always a best practice and, we recommend users upgrade to the latest version to ensure they’re on the most secure release. This can be done via the serverless upgrade command, which will update the installer.

4.14.2

Bug Fixes

• Serverless Framework
  • Fixed an issue with proxy support (serverless/serverless#13062)

4.14.1

Bug Fixes

• Serverless Container Framework
  • Pinned the Docker image builder version

4.14.0

Features

• Serverless Framework
  • Support for Doppler secrets in Serverless Variables (docs)

service: my-service
provider:
  environment:
    DB_PASSWORD: ${doppler:my-project/DB_PASSWORD}

4.13.0

Features

• Serverless MCP Server

  • Intelligent Error Analysis

    • Introduces the errors-info tool for advanced error pattern detection across AWS services.
    • Automatically discovers and scans log groups from Lambda, API Gateway (REST & HTTP), and other CloudWatch log groups defined in the CFN Stack.
    • Groups similar logs using CloudWatch Logs Insights pattern command.
    • Extracts metadata including regex strings, pattern IDs, frequency ratios, and severity levels.
    • Displays representative examples of each pattern group to reduce noise and improve diagnostics.

  • Confirmation Handling for Queries

    • Adds robust safeguards against accidentally triggering large historical queries.
    • Requires explicit confirmation for:
      • Date ranges older than 1 month
      • Timeframes longer than 3 hours

... (truncated)

• e2681bd chore: update readme to include serverless MCP and container framework
• 1003a32 docs: update SECURITY.md (#13026)
• ec4957f chore: automate CLA signing (#13019)
• c4cebae chore: automate CLA signing
• 87b4f5b docs: read license key from aws ssm (#12986)
• 3f37cba docs(dev-mode): added note regarding vpc (#12977)
• d262ac3 feat: add support for ap-southeast-5 and ca-west-1 (#12981)
• 2aea99d fix: correctly resolve layer package artifact and docker image paths (#12972)
• 3704754 fix(esbuild): track files added to the zip file (#12966)
• c9d519e feat: add support for provenance option in docker build (#12958)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)