The Astro and Next.js starter kits now come with a private DatoCMS plugin already wired up, giving you a ready-made foundation to start building custom editor experiences from day one, with no separate repo, and no manual installation.
Because the Plugin SDK and datocms-react-ui component library are built on React, this feature is available in the React-based starters (Astro and Next.js) but not in the SvelteKit or Nuxt starters.
Build custom plugins right inside your project
The plugin lives alongside your site code and is served as a regular page (/private-datocms-plugin). On your first deploy it installs itself automatically via the post-deploy hook — zero manual setup in the dashboard. The source mirrors the structure of official DatoCMS plugins.
The included config screen links straight to the docs to help you get started:
The Astro starter has also been upgraded to Astro 6 along with all official integrations (@astrojs/node, @astrojs/react, @astrojs/check) and @datocms/cli v4. The minimum Node version is now 22.
Every file uploaded to the DatoCMS Media Area is now automatically scanned for viruses and malware. No configuration, no opt-in or workflow changes required from your side.
How it works
The moment a file is uploaded, a background scan is queued automatically. Editors can continue working since there's no blocking step or wait time. Within seconds, each file is assigned one of four statuses:
Clean: no threats detected and file is served normally
Infected: a threat was detected and the file is automatically quarantined
Skipped: the file exceeds the scanner's size or type limits and could not be assessed. Treat these files with appropriate caution
Failed: an error occurred during scanning, and will be retried automatically up to 6 times with exponential backoff. If it still cannot be scanned, then the file remains in a failed state
ℹ️ If an asset is replaced with a new version, the antivirus scan runs again automatically on the new file.
Quarantined files
When a threat is detected, infected files are automatically quarantined and DatoCMS will:
Remove the file from public storage
Purge it from the CDN cache, and
Keep the upload record visible in the Media Area so editors can see it was flagged, but the file URL will no longer serve any content
Editors should replace the asset to restore functionality.
For projects using a custom storage bucket, DatoCMS does not have permission to delete or move files from your storage. In this case, the file will still be accessible from your own bucket even after being flagged, and the upload record will be marked as infected, and editors will see the file path so they can remove it manually. The warning UI in the Media Area will reflect this.
Dashboard Changes
Infected files are surfaced throughout the Media Area:
A "Threat detected" badge appears on the upload card in grid, masonry, and table views. On smaller cards, this collapses to an icon with a tooltip
Opening an infected file replaces the normal preview with a warning screen that explains the situation, shows the specific threat name (useful for investigation), and prompts the editor to replace the asset
For custom storage projects, the warning is adjusted to show the file path and advise manual removal from the bucket
Editors can filter uploads by antivirus status (clean, infected, skipped, failed, pending) directly in the Media Area search. This filter is not available in the Content Delivery API.
Scan results are delivered in real time with the antivirus status in the dashboard updating live without requiring a page refresh, and Webhooks are fired on status changes, so you can build integrations that react to scan results, for example, getting a Slack alert when an infected file is detected in your project.
API Access
The antivirus status is also available on every upload object via the CMA, under a new meta.antivirus field:
"meta": {
"antivirus":{
"status":"infected",
"scanned_at":"2026-03-27T18:51:00Z",
"threat_name":"Trojan.GenericKD.12345"
}
}
The object includes the scan status, the timestamp of the last scan, and the threat name when applicable. It's worth knowing that antivirus scan results are preserved when forking environments, with no rescanning needed, and when duplicating a project, infected files are automatically excluded from the copy to prevent propagation.
When using the Visual Editing feature, the overlay color used to highlight editable areas can now be customized via a hue property (accepts values 0–359) in the configuration.
Previously, editable regions were always indicated with an orange highlight, which could create a usability problem for sites with orange-heavy designs, where the overlay could blend into the page.
All the SDKs now have a configurable hue property to allow the highlight to stand out regardless of your brand palette.
Building up on our earlier release for Asset Collections, you can now assign specific permissions for users to assets within Collections, including read, write, and a new dedicated move permission that controls whether users can move assets from one collection to another.
Permissions assigned to a collection are automatically inherited by its sub-collections, with inheritance rules clearly displayed in the UI.
To enable or change access for collections, go to settings and select Asset Permissions > Collections when editing User Roles.
If you've ever had editors accidentally linking the wrong records because the list was too broad, this one's for you. When linking records, the list of available items can get overwhelming, especially when it includes outdated or irrelevant records that editors shouldn't pick (like records still in drafts).
To address this, we've introduced a way to pre-filter linked records with saved filters, letting you control exactly which records appear when editors browse items to link.
What's new?
The standard editors for Single and Multiple Link fields (compact and expanded) now include a newsettings section. Here, you can pair each linked model with one of your saved shared filters, so editors only see the records that they should.
How do I enable it?
Head to the Presentation tab in your Link field settings. You'll see the new Applied Filters section right away: just pick a model, choose a filter, and you're done. If you need more filters, create more saved filters in the Content Area to configure another.
The only prerequisite is that you need at least one shared saved filter for the models you want to filter. Private filters aren't available here.
We've rolled out considerable changes and updates to the media editor inside the CMS's Media Area. The new update brings changes to editing images, and introduces in-CMS video editing.
If you need to edit an uploaded image, you can use the built-in editor to crop, rotate, apply predefined color filters, tweak colors, and resize images:
Similarly, if you need to edit an uploaded video, you can also do this in the CMS now, with options to trim, add filters, and other similar edits.
After you're done editing your asset, you can choose to save it as a duplicate (available under a new URL), or replace the original asset and retain the URL.
We've rolled out big changes to how editors and content creators can interact with content in DatoCMS. Instead of navigating through forms and fields in the CMS interface, editors can now see their content exactly as it appears on the live site, click directly on any element to edit it, and watch changes appear instantly.
Visual Editing lets your content editors click directly on any element of your website and edit it in DatoCMS — no more hunting through record forms, switching tabs, or guessing which field maps to which headline. Available on every plan, including Free.
Visual Editing supports two workflows. Use either one, or both depending on which approach suits your content editors best.
Click-to-edit: Content Link on your website
This is the simplest setup. Editors visit your website in draft mode, hover over content to see what's editable, and click to open DatoCMS in a new tab. It works entirely on your frontend.
This also works entirely on your website, no DatoCMS plugin required. It's a great starting point that already provides significant value to editors.
Visual Mode: Side-by-side editing in the CMS
We made major updates to the Web Preview plugin to give editors the ideal setup: preview on the left, edit panel on the right, click anything, edit immediately, see it update live.
When they click on content, the edit panel opens instantly in the same view with no tab switching required.
This plugin also enables you to have preview links in the CMS sidebar, have bidirectional navigation (scroll either panel, the other panel will keep up with context), and give you full-screen Visual Editing mode.
Getting started
We're making it as easy as possible for you to get started with Visual Editing.
We have dedicated SDKs and in-depth integration guides for React/Next.js, Astro, Svelte/SvelteKit, and Vue/Nuxt. Each provides its own <ContentLink /> component (or equivalent) that handles detection, overlay rendering, and keyboard shortcuts. Drop it into your layout, and you're done.
Want to see them in action first? Clone one of our starter kits — they come pre-configured with Draft Mode, Real-time Updates, Content Link, and Web Previews already wired together!
You can now choose whether editors can link to records, embed them inline, or both, independently controlling each option in your Structured Text fields.
The problem
Structured Text fields let editors reference other records in two ways: as clickable links or as embedded inline content. Until now, these were bundled together. If you enabled record references, editors got both options in the menu, even if you only wanted one. This meant developers had to handle two different content structures in their code when they only needed one.
What's new?
The Presentation tab in your field settings now includes separate toggles for Link to record and Inline record, alongside other editor features like Blockquote and Heading.
This gives you cleaner content structures. If you only want editors to link to products without embedding them inline, just disable Inline record. Your GraphQL queries and rendering logic only need to handle the shape you actually use.
Compatibility
All existing Structured Text fields will have both options enabled by default, so everything continues working exactly as before. To change the behavior for a field, open its settings and adjust the toggles in the Presentation tab.
We've added an opt-in configuration option to include milliseconds in date serialization across both the Content Delivery API (CDA) and Content Management API (CMA).
The problem
Until now, DatoCMS APIs serialized dates without milliseconds (e.g., 2025-12-05T00:01:00-05:00), even though the underlying data stores full millisecond precision.
When customers sort records by date, items with the same timestamp (when rounded to seconds) appear out of order. This looks like a sorting bug, but it's actually correct behavior—the records have different millisecond values that simply aren't visible in the API response.
What's new
You can now opt-in to include milliseconds in date serialization. Once enabled, both APIs return full precision:
This allows you to see the full precision of date fields, makes sorting behavior transparent and predictable, and ensures consistent date formats across both APIs.
How to enable it
The change is opt-in at the project level to ensure backward compatibility. Navigate to Configuration / Available Updates and enable the "Include milliseconds in date serialization" option.
This has been one of our most requested features, and it’s finally here: you can now replace assets in your DatoCMS project while keeping the original URL.
When replacing an asset, you now have two options:
Create new URL (existing behavior): The new asset is available immediately, but with a fresh URL. The old URL will be purged from cache and will disappear after complete propagation. Use this when you need immediate availability of the new file.
Keep the original URL (new!): Existing links will continue to work automatically, but changes may take 5-10 minutes to appear everywhere due to CDN and browser cache propagation. Some users may temporarily see the old version. Use this when you have many existing references and want to avoid updating URLs.
Limitations
Assets can only be replaced keeping the original URL if:
The new asset has the same file format as the original (for example, JPEG → JPEG).
You are using DatoCMS’s default asset manager. This feature is not supported when using custom Enterprise asset storage (S3/GCP).
For full details on the related API changes, see the CMA documentation.
