Im confused, did the update from last week for the RCE bug also include fixes fo...

billywhizz · 2025-12-11T21:27:40 1765488460

is it not obvious?

> These issues are present in the patches published last week.

> The patches published last week are vulnerable.

> If you already updated for the Critical Security Vulnerability, you will need to update again.

rickhanlonii · 2025-12-11T22:22:47 1765491767

GitHub has to review the advisories and publish it for it to show in `npm audit`, so it's delayed.

theogravity · 2025-12-11T22:43:28 1765493008

You need to update again.

cluckindan · 2025-12-11T23:41:38 1765496498

This could be the Next.js motto.

kyleee · 2025-12-12T09:40:03 1765532403

You need to upgrade again, and no the docs aren’t finished (and they won’t be before the new new version).

qingcharles · 2025-12-12T07:12:12 1765523532

My Umami stats box got "pwned" about 15 mins after the last CVE was published and I spent an hour or so cleaning up that mess and upgrading everything. Not looking forward to doing it again today.