Skip to content

Security: Fix critical React Server Components vulnerability #943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dennishenry wants to merge 1 commit into from
Closed

Security: Fix critical React Server Components vulnerability #943

dennishenry wants to merge 1 commit into from

Conversation

@dennishenry
Copy link

@dennishenry dennishenry commented Dec 4, 2025

Security Update: Fix Critical React Server Components Vulnerability

This PR addresses a critical security vulnerability in React Server Components disclosed on December 3, 2025.

Reference: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Packages Updated

  • react: 19.1.0 → 19.1.2
  • react-dom: updated to 19.1.2 (to maintain compatibility)

What Changed

This update patches a critical security vulnerability affecting React Server Components. All teams should prioritize reviewing and merging this PR.

Testing

  • Package installation completed successfully
  • All vulnerable versions have been updated to patched versions
  • No breaking changes expected in patch versions

This PR was automatically generated by the React vulnerability scanner.

@dennishenry
fix: update React/Next.js to patch critical security vulnerability
c50e226 
Updates vulnerable versions of React and/or Next.js to address critical
security vulnerability in React Server Components.

See: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Packages updated:
- react: 19.1.0 → 19.1.2
- react-dom: updated to 19.1.2 (compatibility)
@dennishenry dennishenry requested a review from a team as a code owner December 4, 2025 13:27
@dennishenry dennishenry closed this Dec 4, 2025
@dennishenry dennishenry deleted the security/fix-react-vulnerability branch December 4, 2025 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dennishenry