This release focuses on security hardening for the web app by addressing multiple newly disclosed vulnerabilities in core dependencies.
Security updates
We applied critical security patches to reduce the risk of remote code execution, denial of service, and potential source code exposure in the web app.
- Next.js security fixes: Addresses multiple CVEs, including React2Shell (critical RCE), a high-severity Server Components DoS, medium-severity source code exposure, and a follow-up for an incomplete DoS fix.
- happy-dom security fixes: Addresses a critical VM context escape vulnerability (RCE).
For more details, see the upstream advisories: Next.js security update and React Server Components advisory.