stack.pulse
#stacks/fastify/framework

Fastify release notes, breaking changes, and upgrade notes.

Fast and low overhead web framework for Node.js StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.

source repo$track this stackplan upgraderss
releases
6
breaking
0
security
4
deprecated
1
migrations
0

Get source-linked upgrade notes and occasional sponsor recommendations. No GitHub login required.

what stackpulse tracks

Fastify releases from GitHub

StackPulse watches Fastify release notes and keeps the original source link close to every summary.

upgrade risk

Breaking changes and deprecations

Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.

migration notes

Source-backed next steps

Migration steps and recommended actions are only shown when the upstream release notes support them.

# latest_releases

source-backed
allbreakingdeprecationmigrationsecurity
v5.9.0highdeprecationfeaturesecurityJun 28, 2026

v5.9.0

This release introduces new features like request.mediaType and onMaxParamLength support, along with several bug fixes and performance improvements.

affected

Developers using Fastify for HTTP/2 streaming, media type handling, or parameter validation may need to update their code.

action

Update to v5.9.0 to benefit from new features and security fixes.

release_signals
!Secure fix: Do not trust forwarded host/proto when socket is missing
!Clear socket._meta after response to prevent keep-alive leaks
!Deprecated leveldb plugin has been removed from documentation
+Added request.mediaType for better media type handling
+Added support for onMaxParamLength for customizing parameter length validation
+Performance optimizations for ContentType parsing and schema serialization
view source on github->
v5.8.5criticalsecurityApr 14, 2026

v5.8.5

This release primarily addresses a security vulnerability (CVE-2026-33806) and includes minor dependency updates and bug fixes.

affected

Users affected by CVE-2026-33806 should upgrade immediately.

action

Upgrade to version 5.8.5 to mitigate the security vulnerability.

release_signals
!Fixed CVE-2026-33806 (GHSA-247c-9743-5963)
view source on github->
v5.8.3criticalsecurityMar 23, 2026

v5.8.3

This release primarily addresses a security vulnerability (CVE-2026-3635) and includes minor documentation updates and fixes.

affected

Users affected by CVE-2026-3635 should upgrade immediately.

action

Upgrade to v5.8.3 to mitigate the security vulnerability.

release_signals
!Fixed CVE-2026-3635 (GHSA-444r-cwp2-x5xf)
view source on github->
v5.8.1criticalsecurityMar 5, 2026

v5.8.1

This release addresses a security vulnerability in the Content-Type validation logic, preventing malformed content types from passing validation.

affected

Users relying on Content-Type validation in Fastify are affected.

action

Upgrade to v5.8.1 immediately to mitigate the security risk.

release_signals
!Fixes 'Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation' (CVE-2026-3419)
view source on github->