/top/
/new/
/best/
/ask/
/show/
/job/
^
slacker news
login
about
←back to thread
Denial of service and source code exposure in React Server Components
(react.dev)
298 points
sangeeth96
| 2 comments |
11 Dec 25 20:46 UTC
|
HN request time: 0s
|
source
See also:
https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-...
,
https://nextjs.org/blog/security-update-2025-12-11
Show context
rikafurude21
◴[
11 Dec 25 21:23 UTC
]
No.
46237343
[source]
▶
>>46236924 (OP)
#
Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues
replies(3):
>>46237389
#
>>46238088
#
>>46238360
#
theogravity
◴[
11 Dec 25 22:43 UTC
]
No.
46238360
[source]
▶
>>46237343
#
You need to update again.
replies(2):
>>46238948
#
>>46241635
#
1.
cluckindan
◴[
11 Dec 25 23:41 UTC
]
No.
46238948
[source]
▶
>>46238360
#
This could be the Next.js motto.
replies(1):
>>46242456
#
ID:
GO
2.
kyleee
◴[
12 Dec 25 09:40 UTC
]
No.
46242456
[source]
▶
>>46238948 (TP)
#
You need to upgrade again, and no the docs aren’t finished (and they won’t be before the new new version).
↑