Sourced from serverless's releases.

4.15.1

Bug Fixes

• Serverless Framework
  • Fixes an error when using dashboards with alerts plugin.
  • Logs a warning instead of an error if the user is using the external alerts plugin.

4.15.0

Features

• Serverless Framework
  • Update and add the cloudwatch alerts plugin into the core.

Bug Fixes

• Serverless Framework

  • Default to dev stage if user specified the stage option without a value

• Serverless Container Framework

  • Handle when containers are not running during rebuild

4.14.4

Bug Fixes

• Serverless Framework
  • Skip AWS credentials check on the package command if a deployment bucket name is explicitly set via provider.deploymentBucket
  • Fix support for the -s shortcut in certain cases
  • Fix handling of the service name when service is provided as an object with a name property
• Serverless Container Framework
  • Fix wildcard domain detection in ACM and Route 53

4.14.3

Security Fixes

• Update Go version to address CVE-2025-22871, related to net/http in the Golang stdlib: We’ve reviewed the recent CVE, which generally affects the Go standard library in web servers and web-related functionalities. Since the Serverless Framework is a CLI tool does not rely on running a web server or handling web requests, users are not affected by this vulnerability. The CLI uses a small amount of Go to handle updating to the version set in frameworkCore in serverless.yml. Our update process uses HTTPS with SSL/TLS to securely check for and install new versions, ensuring no risk of exploitation or malicious code injection. All dependencies have been audited, and no vulnerabilities were found. However, upgrading is always a best practice and, we recommend users upgrade to the latest version to ensure they’re on the most secure release. This can be done via the serverless upgrade command, which will update the installer.

4.14.2

Bug Fixes

• Serverless Framework
  • Fixed an issue with proxy support (serverless/serverless#13062)

4.14.1

Bug Fixes

• Serverless Container Framework
  • Pinned the Docker image builder version

4.14.0

Features

• Serverless Framework
  • Support for Doppler secrets in Serverless Variables (docs)

service: my-service
provider:
  environment:
</tr></table> 

... (truncated)

• e2681bd chore: update readme to include serverless MCP and container framework
• 1003a32 docs: update SECURITY.md (#13026)
• ec4957f chore: automate CLA signing (#13019)
• c4cebae chore: automate CLA signing
• 87b4f5b docs: read license key from aws ssm (#12986)
• 3f37cba docs(dev-mode): added note regarding vpc (#12977)
• d262ac3 feat: add support for ap-southeast-5 and ca-west-1 (#12981)
• 2aea99d fix: correctly resolve layer package artifact and docker image paths (#12972)
• 3704754 fix(esbuild): track files added to the zip file (#12966)
• c9d519e feat: add support for provenance option in docker build (#12958)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)