New deployments of vulnerable Next.js applications are now blocked by default - Vercel
Tom KnickmanSoftware EngineerLuke Phillips-SheardEngineering Man
·
2025-12-05
·
via Vercel News
Any new deployment containing a version of Next.js that is vulnerable to CVE-2025-66478 will now automatically fail to deploy on Vercel.
We strongly recommend upgrading to a patched version regardless of your hosting provider. Learn more
This automatic protection can be disabled by setting the DANGEROUSLY_DEPLOY_VULNERABLE_CVE_2025_66478=1 environment variable on your Vercel project. Learn more
Ready to deploy? Start building with a free account. Speak to an expert for your Pro or Enterprise needs.
Explore Vercel Enterprise with an interactive product tour, trial, or a personalized demo.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。