Features

• Serverless Framework

  • Added native AWS AppSync support directly in the Serverless Framework. This integration brings the functionality of the popular serverless-appsync-plugin into core, providing first-class support for deploying GraphQL APIs with AWS AppSync. Read more in our docs. (#13217)

    appSync:
      name: my-api
      schema: schema.graphql
      authentication:
        type: API_KEY
      dataSources:
        myTable:
          type: AMAZON_DYNAMODB
          config:
            tableName: !Ref MyTable
      resolvers:
        Query.getUser:
          dataSource: myTable

  • Added sls login aws sso command to authenticate with AWS using IAM Identity Center (SSO). Read more in our docs. (#13221)

    sls login aws sso --sso-session my-session

  • Added support for Ruby 3.4 runtime (ruby3.4). (#13215) - Thanks @dakatsuka!

Bug Fixes

• Serverless Framework

  • Fixed custom domain deployment failing when using --aws-profile credentials by migrating the domain plugin to AWS SDK v3 (#13109, #13178).
  • Fixed sls deploy failing with "Cannot find 'serverless-compose.yml|yaml'" for deeply nested service paths when using the esbuild plugin (#13201).
  • Fixed stale code deployment when using uv as the Python package installer by auto-reinstalling local packages based on their pyproject.toml name (#13169).
  • Fixed unhelpful "Stack with id does not exist" error when stack creation fails due to invalid Fn::ImportValue references. The framework now properly detects and reports the underlying CloudFormation error. Also fixed serverless deploy --verbose hanging when disableRollback: true is set (#13181).
  • Fixed regression in TypeScript type definitions where Resources only accepted Fn::Transform keys instead of arbitrary resource names (#13183).

• Serverless Container Framework

  • Fixed handling of multiple DNS validation records for ACM certificates in multi-domain configurations (#13206).

Maintenance

• Updated multiple dependencies including AWS SDK packages and upgraded @modelcontextprotocol/sdk to v1.25.2 which includes a security fix (#13216, CVE-2026-0621).

Bux Fixes

• Serverless MCP
  • Added validation for docs path in docs tool

Maintenance

• Updated multiple dependencies

Bux Fixes

• Serverless MCP
  • Added validation for workspaceDir in theproject-finder tool

Maintenance

• Updated multiple dependencies

Features

• Serverless Framework
  • Added sls login aws command. Learn more in the docs.

Bux Fixes

• Serverless Framework
  • Avoid adding unnecessary duplicate managed policies for durable functions

Maintenance

• Serverless Framework
  • Updated Java local invoke bridge dependencies

Features

• Serverless Framework
  • Added support for AWS Lambda Managed Instances. Learn more in the docs.
  • Added support for AWS Lambda durable functions. Learn more in the docs. (#13180)

Maintenance

• Upgrade aws-sdk-js-v3 to 3.943.0

Bux Fixes

• Serverless Framework
  • Added an option to pass the tenant ID in sls invoke
  • Fixed a regression affecting integration request parameters in AWS REST API

Features

• Serverless Framework
  • Added support for ap-southeast-6 AWS region (#13174)
  • Added support for IPv6 outbound connections for Lambda functions running in dual-stack subnets (ipv6AllowedForDualStack). Learn more in the docs (#12253)

Bux Fixes

• Serverless Framework
  • Fixed AWS error handling in Axiom integration (#13173)
  • Enabled support for nodejs24.x runtime in dev mode (#13172)

Bug Fixes

• Serverless Framework
  • Fixed AWS SDK error handling

Features

• Serverless Framework
  • Added support for Lambda tenant isolation mode so multi-tenant services can run each tenant in its own isolated execution environment (see AWS announcement and read more in our docs).

    functions:
      multiTenantFunction:
        handler: handler.handler
        tenancy:
          mode: per_tenant

  • Added configuration options for API Gateway security policy and endpoint access mode in serverless.yml (see AWS announcement and read more in our docs).

    provider:
      name: aws
      apiGateway:
        endpoint:
          securityPolicy: SecurityPolicy_TLS13_2025_EDGE
          accessMode: strict

  • Added an AWS CLI–based login flow in the onboarding experience and updated the credentials guides to simplify first-time setup (see AWS announcement and read more in our docs).

    serverless  # Run onboarding wizard
    ...
    ✔ AWS Credentials Set-Up Method: · Sign in with AWS CLI (Recommended)
    ...
    Your new Service "my-new-service" is ready. Here are next steps:
    
    • Open Service Directory: cd my-new-service
    • Install Dependencies: npm install (or use another package manager)
    • Deploy Your Service: serverless deploy

  • Added support for a perFunction IAM role mode where the shared service-wide execution role is not created and each function gets its own role. Read more in our docs. (#13141)

    provider:
     name: aws
     iam:
       role:
         mode: perFunction
    
    functions:
     ddbConsumer:
       handler: handler.ddbConsumer
       events:
         - stream:
             type: dynamodb
             arn: arn:aws:dynamodb:${aws:region}:${aws:accountId}:table/Orders/stream/2025-11-30T12:00:00.000
       # Gets its own role with CloudWatch Logs permissions and
       # DynamoDB Streams permissions (GetRecords, GetShardIterator, etc.)
       # scoped to the configured stream ARN.
    
     queueWorker:
       handler: handler.queueWorker
       events:
         - sqs:
             arn: arn:aws:sqs:${aws:region}:${aws:accountId}:user-events-queue
       # Gets a separate role with CloudWatch Logs permissions and
       # SQS permissions to receive messages, delete them, and read
       # queue attributes from the configured queue.

  • Added support for MFA in the AWS credentials provider, enabling stronger authentication flows when accessing AWS accounts (#12559).

    serverless deploy --aws-profile my-mfa-profile

  • Added support for the CloudFormation Fn::ForEach intrinsic function, enabling more expressive and reusable templates (#12402).

    resources:
      Transform: AWS::LanguageExtensions
      Resources:
        Fn::ForEach::TenantBucket:
          - TenantName
          - - tenant-a
            - tenant-b
          - ${TenantName}Bucket:
              Type: AWS::S3::Bucket
              Properties:
                BucketName: !Sub '${TenantName}-${self:service}-${sls:stage}'

Bug Fixes

• Serverless Framework
  • Fixed handling of multi-value CLI options for the invoke local command by normalizing values consistently before passing them to the runtime (#13166).
  • Fixed esbuild externals handling to use Compose-managed dependencies when available, avoiding missing or duplicated modules in bundled artifacts (#12840).
  • Enhanced the AWS credential provider and related runners to support automatic credential refresh during long-running operations, reducing failures due to expired credentials.
  • Removed the deprecated glob-all dependency and refreshed related dependencies across core packages to improve security.

Features

• Serverless Framework
  • Added support for nodejs24.x AWS Lambda runtime
  • Added support for python3.14 AWS Lambda runtime
  • Added support for Amazon API Gateway response streaming. Enable it by setting response.transferMode: stream on your http event to stream responses back to clients. See the docs for a quick how-to.

  streamer:
    handler: src/handler.handler
    events:
      - http:
          path: stream
          method: get
          response:
            transferMode: stream