"Hi everyone! A major React 19 Server Functions vulnerability has just been disclosed. Make sure to upgrade your React 19 or meta-framework ASAP! On the mobile side, we have more positive news: RNRepo should speed up our React Native builds even more, and Shared Elements Transitions are coming soon! (unlike React Native 1.0 😅) Don't forget to answer the State of React 2025 survey while it's still open! Don't miss the next email! As always, thanks for supporting us on your favorite platform:"
"A critical (10.0) security vulnerability affects React 19. It allows unauthenticated remote code execution vulnerability in React Server Components by crafting a malicious HTTP request sent to a Server Function endpoint. The React team recommends upgrading immediately. The vulnerability has been responsibly disclosed, and patches are already available for React 19 and the most popular frameworks that leverage RSCs: Next.js, Expo, React Router, Waku, Redwood, and more."
A critical (10.0) vulnerability impacts React 19 Server Components and enables unauthenticated remote code execution through crafted HTTP requests to Server Function endpoints. Patches are already available for React 19 and major frameworks that use RSCs, including Next.js, Expo, React Router, Waku, and Redwood. Hosting providers can mitigate the issue using Web Application Firewalls. Immediate upgrades or framework patching are recommended. On mobile, RNRepo aims to speed up React Native builds and Shared Elements Transitions are expected soon. The State of React 2025 survey remains open for responses.
Read at Thisweekinreact
Unable to calculate read time
Collection
[
|
...
]