Skip to content

docs: add changelog entry for React/Next.js security update (CVE-2025-66478) #2515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chdeskur merged 1 commit into from
Dec 4, 2025
Merged

docs: add changelog entry for React/Next.js security update (CVE-2025-66478) #2515

chdeskur merged 1 commit into from
Dec 4, 2025

Conversation

@devin-ai-integration
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot commented Dec 4, 2025
edited
Loading

Summary

Adds a changelog entry documenting the security update from fern-platform PR #5629, which patched CVE-2025-66478 (React Server Components vulnerability).

The changelog entry explains:

  • The nature of the vulnerability (CVSS 10.0, RCE risk)
  • The dependency updates made (Next.js 15.5.4→15.5.7, React 19.0.0→19.0.1)
  • Impact on Fern users (no action required for hosted users, self-hosted should update)

Review & Testing Checklist for Human

  • Verify the external links work correctly (Next.js security advisory, release notes)
  • Confirm the version numbers match what was actually updated in fern-platform PR #5629
  • Review the customer-facing messaging for tone and accuracy

Notes

@devin-ai-integration @chdeskur
docs: add changelog entry for React/Next.js security update
0f23b67 
Co-Authored-By: Catherine Deskur <catherine@buildwithfern.com>
@devin-ai-integration
Copy link
Contributor Author

devin-ai-integration bot commented Dec 4, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@github-actions
Copy link
Contributor

github-actions bot commented Dec 4, 2025

🌿 Preview your docs: https://fern-preview-36ae882e-4a36-4e7f-8b00-8e2493255497.docs.buildwithfern.com/learn

@chdeskur chdeskur merged commit 9eb7bb4 into main Dec 4, 2025
1 check passed
@chdeskur chdeskur deleted the devin/1764864644-security-update-docs branch December 4, 2025 16:28
thesandlord
thesandlord reviewed Dec 4, 2025
View reviewed changes
fern/products/docs/pages/changelog/2025-12-04.mdx

We upgraded our platform dependencies to the patched versions:

- **Next.js**: Updated from 15.5.4 to 15.5.7
Copy link
Contributor

@thesandlord thesandlord Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chdeskur imo we dont need to be this explicit in the exact versions we are using

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thesandlord thesandlord thesandlord left review comments

@coltondotio coltondotio coltondotio approved these changes

@chdeskur chdeskur chdeskur approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thesandlord @coltondotio @chdeskur