Security researchers reviewing the Remix web framework have recently discovered a high-severity vulnerability in React Router that allows URL manipulation through the Host/ X-Forwarded-Host header.

Our investigation determined that Vercel and our customers are unaffected:

• We use query parameters as part of the cache key, which protects against cache poisoning driven by the _data query praram.

• The @vercel/remix adapter uses X-Forwarded-Host similarly to the Express adapter, but it is not possible for an end user to send X-Forwarded-Host to a Function hosted on Vercel.

A patch has been issued and released in Remix 2.16.3 / React Router 7.4.1. We recommend customers update to the latest version.

Read more about CVE-2025-31137.

Today we are lowering the price of Fast Data Transfer (FDT) for Vercel regions in Asia Pacific, Latin America, and Africa by up to 50%.

The new FDT regional pricing is rolling out for all Pro and Enterprise plans:

• All new Pro and Enterprise users will be charged the new price moving forward.

• For existing Pro users, the new pricing applies starting today.

• For existing Enterprise users, it will apply at the start of the next billing cycle (typically monthly).

Learn more about Fast Data Transfer or review your FDT usage on the Usage page.

Enhanced Builds now offer double the compute capacity, further improving performance for large codebases and CPU-intensive builds.

Available to Enterprise customers, Enhanced Builds are designed for teams working with monorepos or frameworks that run tasks in parallel—like dependency resolution, transpilation, or static generation.

Customers already using Enhanced Builds are seeing, with no action required, up to 25% reductions in build times.

Learn more in our documentation or speak to your Vercel account team to enable Enhanced Builds.