From 0f23b679c2a7a1cc6b058b30a80b2ddb3ac83572 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 16:11:19 +0000 Subject: [PATCH] docs: add changelog entry for React/Next.js security update Co-Authored-By: Catherine Deskur --- .../docs/pages/changelog/2025-12-04.mdx | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 fern/products/docs/pages/changelog/2025-12-04.mdx diff --git a/fern/products/docs/pages/changelog/2025-12-04.mdx b/fern/products/docs/pages/changelog/2025-12-04.mdx new file mode 100644 index 000000000..0b55f7b7f --- /dev/null +++ b/fern/products/docs/pages/changelog/2025-12-04.mdx @@ -0,0 +1,27 @@ +## Security update: React Server Components vulnerability patched + +We've updated our platform to address a critical security vulnerability (CVE-2025-66478) in React Server Components. This vulnerability, rated CVSS 10.0, could allow remote code execution when processing attacker-controlled requests in unpatched environments. + +The vulnerability originates in the upstream React implementation (CVE-2025-55182) and affects Next.js applications using the App Router with React Server Components. + +### What we did + +We upgraded our platform dependencies to the patched versions: + +- **Next.js**: Updated from 15.5.4 to 15.5.7 +- **React**: Updated from 19.0.0 to 19.0.1 +- **React-DOM**: Updated from 19.0.0 to 19.0.1 + +These versions include the hardened React Server Components implementation that resolves the vulnerability. + +### Impact on Fern users + +No action is required from Fern Docs users. The security patch has been applied to all Fern-hosted documentation sites automatically. + +For self-hosted deployments, we recommend updating to the latest Fern platform version to ensure you have the security fix. + +### References + +- [Next.js Security Advisory: CVE-2025-66478](https://nextjs.org/blog/CVE-2025-66478) +- [Next.js 15.5.7 Release](https://github.com/vercel/next.js/releases/tag/v15.5.7) +- [React 19.0.1 Release](https://github.com/facebook/react/releases/tag/v19.0.1)