 on Render now enforce the following additional restrictions:

 team members can view the values of environment variables and secret files for resources in the environment.

 team members can view connection URLs and passwords for PostgreSQL databases and Redis instances in the environment.

 of an organization's resources (not just resources in a protected environment).

 for any paid web service in the Render Dashboard:

While in maintenance mode, a web service is not reachable from the public internet (but it remains up and running).

Enable maintenance mode to prevent incoming client requests while rolling out major changes to your infrastructure.

Enable maintenance mode to temporarily disable incoming service traffic

All individual and team accounts on Render are now 

. This unified account model simplifies upgrading from an individual to a team. There are no changes to 

Each team account is now a workspace with its existing plan, seats, and features.

 workspaces gain the ability to create one 

 workspace can add a maximum of two total custom domains.

This limit does not apply to individual accounts created before this date.

You can upgrade or downgrade your workspace's plan at any time.

For details about each workspace plan, see the 

Render accounts are now workspaces

When you update a service's environment variables in the 

, you can now specify whether this triggers a new deploy.

Render triggers a new build for your service and deploys it with the new environment variables.

 build with the new environment variables.

Render saves the new environment variables 

 triggering a deploy. Your service will not use the new variables until its next deploy.

Learn more about environment variables in the 

Specify deploy behavior when modifying environment variables

As part of creating a pull request preview, Render now creates a GitHub deploy on the associated pull request. This matches the behavior for 

 to open the preview instance in your browser.

Before this change, Render instead added a comment with preview details to your pull request. Render continues to use comments for GitLab and Bitbucket repositories.

Pull request previews now create GitHub deploys

 can now override their default log stream settings for individual services:

All teams can disable log streaming for an individual service.

Teams with an Organization plan or higher can stream an individual service's logs to a non-default destination.

 accounts can now configure whether logs from preview instances (service previews and preview environments) are included in their log stream.

Customize log streaming for individual services

You can now opt to create preview instances only for particular pull requests that you specify. This new 

 preview mode is provided alongside the original 

 mode, where Render creates a preview for 

In manual mode, you trigger a preview for a pull request by including the string 

You can enable manual previews for any combination of pull request previews and preview environments. See the documentation for each:

Create preview instances only for specific pull requests

Added restrictions and audit tracking for viewing secret values

Teams on Render can now configure a project environment to block all private network traffic from entering or leaving that environment. This helps prevent your staging services from inadvertently accessing a production resource (or vice versa).

Toggle this setting from an environment's Settings page in the 

Block private network traffic across environment boundaries

Render's Virginia (US East) region has graduated from early access to general availability.

Select a service's region as part of the creation flow in the 

Render supports deploying services to the following regions:

Virginia region (US East) now generally available

The Render Dashboard now provides a dark display theme:

Additionally, you can toggle a high contrast mode to more prominently highlight certain interactive elements.

Quickly set your theme from the account menu in the top-right corner of the dashboard:

To also toggle high contrast, open your account settings and scroll down to the 

Added dark display theme to the Render Dashboard

 has added over 50 new endpoints to support much more extensive integration with the Render platform.

Endpoints are now available for the following resources that were previously unsupported by the API:

Datastores (PostgreSQL, Redis, and persistent disks)

New endpoints are also available for certain resources that are already supported by the API, such as redirect/rewrite rules for static sites.

With these additions, the API supports almost all functionality available in the Render Dashboard. There are no breaking changes to existing API endpoints.

The OpenAPI spec for the Render API is available in JSON format at 

. You can use this spec to create your own custom clients and other tooling.

API endpoints for datastores, logs, environments, Blueprints, and more

 now emit service logs. As with logs for other service types, Redis logs are available in the 

Redis instances now emit service logs

Newly created Node.js services now use Node.js 20.15.1 by default. You can always 

 Node.js services keep their original default version to prevent breaking changes.

Default Node.js version updated to 20.15.1

Teams with an Organization or Enterprise plan can now export audit logs of material events that occurred in the account over a given time frame. This includes events related to:

Team admins can export audit log data in the 

For a list of all audit log event types, see the 

Note the following about data availability:

 Organization and Enterprise accounts, audit log data is available starting from 

 Organization or Enterprise account, audit log data is available starting from the date of account creation.

 an account to Organization or Enterprise, audit log data is available starting from the date of the upgrade.

Audit logs for Organization and Enterprise plans

You can now pull and deploy your private Docker images from Google Artifact Registry. Add your credentials in the Render Dashboard during service creation:

With this addition, Render now supports pulling private images from the following registries:

Pull and deploy private images from Google Artifact Registry

Render now provides simplified deployment for popular PostgreSQL admin apps in the 

With a few clicks, you can deploy each app as a standalone web service that's automatically configured to connect to your database.

The following apps are currently supported:

Quickly deploy PostgreSQL admin apps from the Render Dashboard

 is now available in early access. You can use this provider to manage your Render services alongside other systems in your organization's infrastructure.

The provider and its documentation are available in the 

Note that breaking changes might be introduced during the early access period.

 Any such changes will be noted in accompanying release notes.

Official Render Terraform provider now available in early access

You can now change the native runtime for an existing service in any of the following ways:

Changing a service's runtime in the Render Dashboard is not currently supported.

Change an existing service's runtime via API or Blueprint

, newly created Free Render PostgreSQL databases expire after 30 days (previously 90 days). Free databases created prior to this date retain their original expiration date.

The following Free database policies remain unchanged:

Each individual and team account is limited to one Free database at a time.

After your Free database expires, you have an additional 14 days to upgrade it to a paid instance type before your data is deleted.

After your Free database expires, you can create a new Free database.

Learn more about Free PostgreSQL limitations in the 

Free PostgreSQL instances now expire after 30 days (previously 90)

Teams can now require all members to log in to Render via their Google account (instead of using another supported login method, such as username and password).

Admins can enable this feature from their Team Settings page in the 

If a team member does log in to Render using a different method, they cannot access the team's resources or settings.

Teams can now require login via Google account

You can now deploy Render services to the Virginia region (US East).

Note that this region is currently in early access. 

It's available to all users, and it's feature-complete with our other regions. Early access provides us an opportunity to address any one-off issues that might arise with spinning up a new region. We'll announce when this early access period completes.

Added Virginia region (US East) in early access

Powerful new application metrics are available for paid instances in the 

CPU and memory usage over time, segmented by instance for scaled services

HTTP request volume and response latency, segmented by status code, path, and more

Response latency metrics require a team account.

Metrics from the past 7 days are available for individual accounts. Teams can view metrics from the past 14 or 30 days, depending on their plan.

Enhanced service metrics in the Render Dashboard and API

 file from your existing services in the 

Use this file to create a Render Blueprint that manages those existing services, or to replicate your architecture with a completely new set of services.

Create a Blueprint from existing services

Many popular IDEs now provide schema-backed validation and autocompletion for the 

IDE validation for render.yaml files

You can now connect your Bitbucket account to Render and deploy from any Bitbucket repo you have access to.

. After you authorize Render, your Bitbucket repos appear in the selection list:

You can also now sign in to Render using your Bitbucket identity.

Added support for Bitbucket

Teams on Render can now designate individual project environments as 

. Doing so prevents non-Admin team members from performing potentially destructive actions on that environment or its resources, including:

Deleting any of the environment's resources (services, environment groups, etc.), or deleting the environment itself

Modifying environment variables or secret files for any service or environment group that belongs to the environment

Moving resources into or out of the environment

Modifying access control IPs for any PostgreSQL database or Redis instance that belongs to the environment

Accessing the shell for a service that belongs to the environment

Designate environments as protected to prevent destructive actions

 and persists their assets in the same region where you deployed your 

 non-static Render service. Previously, all static site assets were stored in the Oregon region.

Static sites are still cached and served to users by a global CDN, regardless of their region.

 This change primarily improves latency for any 

 that point to a Render web service in the same region.

Static site assets now built and persisted in the same region as other services

You can update your service's build and start commands to use Bun:

With this initial release, native runtimes use Bun version 

 by default. You can use a different version by setting the 

Added native support for Bun

Newly created Ruby services now use Ruby 3.3.0 by default. You can always 

 Ruby services keep their original default version to prevent breaking changes.

Default Ruby version updated to 3.3.0

Added gettext to all native runtimes

As of 2024-03-11, all newly created Redis instances on Render use Redis version 

Instances created before this date used version 

. Render will upgrade these instances to 6.2.14 as part of their next scheduled maintenance.

New Redis instances use version 6.2.14

Newly created Elixir services now use Elixir 1.16.1 and Erlang/OTP 26.2.2 by default. You can always 

 Elixir services keep their original default versions to prevent breaking changes.

Default Elixir version updated to 1.16.1

Now in early access, you can scale Render services that have an attached 

. Enable this capability from your Account Settings or Team Settings page in the 

If you scale a disk-backed service, Render attaches a

 This can result in data fragmentation for services that act as a centralized, non-distributed database.

Scaling is well suited for disk-backed services that use their disk as a standalone cache, where different instances can process independent jobs in parallel.

Scalable disk-backed services now in early access

Newly created Node.js services now use Node.js 20.11.1 by default. You can always 

Default Node.js version updated to 20.11.1

Newly created Python services now use Python 3.11.8 by default. You can always 

 Python services keep their original default version to prevent breaking changes.

Default Python version updated to 3.11.8

Render now supports PostgreSQL version 16 for newly created databases. You select your database's version during the creation flow in the 

If you have an existing database that you want to move to PostgreSQL 16, see 

PostgreSQL 16 now available for new Render PostgreSQL databases

 instance type or higher can enable high availability (HA) for that database from the 

 instance of your database and automatically fails over to it if your primary instance encounters an issue.

Enable high availability for large PostgreSQL databases

You can now bulk-add environment variables from your local 

 file while creating or modifying a service or 

Below any environment variable list in the 

Add environment variables in bulk from a .env file

 was disclosed to the public. We have patched all of our affected systems following the recommendations included in the disclosure.

These patches are transparent to applications running on the platform. Render users should see no changes to their experience and do not need to take any corrective actions.

After a thorough audit of potential exploit vectors, we found no evidence that this impacted Render's internal systems or users' apps and data. We will continue to monitor our systems for irregularities or unexpected activity.

If you have any questions, please get in touch with our Support team at support@render.com.

Patched Leaky Vessels container breakout vulnerabilities

All disks attached to Render services (including 

 for other service types) have been migrated to new hardware. Almost all services will observe improved read/write performance compared to previous hardware (especially for disks under 1 TB in size).

Persistent disks migrated to new hardware

 (a shared collection of environment variables and/or secret files) to a single 

. This helps protect against accidentally connecting a staging service to a production database (or vice versa).

Restrict shared config to a single environment

Which service events trigger notifications (such as deploy failures)

Where those notifications go (email and/or Slack)

Which services you receive notifications for

These settings help you stay informed about exactly the events that you care about most.

To start configuring your notifications, head to your Account Settings or Team Settings page in the 

Customize your service notifications

We've added support for regex and wildcard search to Render's 

 - Find lines that mention at least one of 

 - Find lines that mention a path that includes 

Search your logs with regex and wildcards

We've updated the default language versions for several of our native runtimes. Here are the changes:

 services keep their original defaults to prevent breaking changes.

Updates to default language versions

There's a powerful new tool for searching and filtering service logs right from your dashboard:

Use the explorer to search your logs for an arbitrary string, filter by log level, and click to view any result in its original context.

With a team account, you can also view logs for every incoming HTTP request to your web services.

New log explorer + HTTP logs

Teams on Render now support two member roles: 

 members can perform organizational tasks like billing management, enforcement of 2FA, and inviting other team members.

Assign access roles to team members

 for your service to run tasks (such as database migrations or asset uploads) right before a new version of your service goes live.

Changelog

Added restrictions and audit tracking for viewing secret values