惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The GitHub Blog
The GitHub Blog
K
Kaspersky official blog
Stack Overflow Blog
Stack Overflow Blog
Blog — PlanetScale
Blog — PlanetScale
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
U
Unit 42
D
Docker
I
InfoQ
D
DataBreaches.Net
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
C
Check Point Blog
The Cloudflare Blog
美团技术团队
V
Vulnerabilities – Threatpost
博客园_首页
T
Threat Research - Cisco Blogs
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
A
Arctic Wolf
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
人人都是产品经理
人人都是产品经理
C
Cyber Attacks, Cyber Crime and Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
S
Schneier on Security
Apple Machine Learning Research
Apple Machine Learning Research
MyScale Blog
MyScale Blog
P
Privacy International News Feed
云风的 BLOG
云风的 BLOG
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
The Blog of Author Tim Ferriss
GbyAI
GbyAI
The Last Watchdog
The Last Watchdog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
aimingoo的专栏
aimingoo的专栏
P
Proofpoint News Feed
The Register - Security
The Register - Security
博客园 - 三生石上(FineUI控件)
Forbes - Security
Forbes - Security
NISL@THU
NISL@THU
Y
Y Combinator Blog
T
Threatpost
Microsoft Azure Blog
Microsoft Azure Blog
L
Lohrmann on Cybersecurity

Netlify Changelog

Gemini 3.5 Flash now available in Agent Runners 4 Nuxt CVEs: what Netlify users need to know Gemini 3.5 Flash now available in AI Gateway Agent Runners workflow improvements Next.js & React security release (May 2026): what to know Block project transfers out of your team Gemini 3.1 Flash-Lite now available in AI Gateway OpenAI GPT-5.5 Instant now available in AI Gateway New `netlify logs` CLI command Deploy to Netlify with Stripe Projects Netlify Database is now generally available OpenAI GPT-5.5 and GPT-5.5 Pro in AI Gateway & Agent Runners Rename an agent run GPT Image 2 now available in AI Gateway New frontend-design skill for Agent Runners Claude Opus 4.7 now available in AI Gateway and Agent Runners Pricing updates for Credit-based plans New sorting and filter controls on the Members page Netlify Database GA coming soon, no new databases for now Deploy logs streaming is now faster Netlify CLI adds prompt-based creation and anonymous deploys Deploy from Codex with the Netlify Plugin Hydrogen with React Router 7 now supported on Netlify Monitor credit usage by day Invoices for Enterprise Available on the Billing Page AI app development on production infrastructure with Netlify Introducing Prompt Templates OpenAI GPT-5.4 Nano and GPT-5.4 Mini in AI Gateway Change your pricing plan Internal Builder Role & Project Access Controls See your available credits at a glance Astro 6 just works on Netlify Limit AI feature usage OpenAI GPT-5.4 and GPT-5.4 Pro in AI Gateway & Agent Runners Deploy Preview screenshots in agent runs Gemini 3.1 Flash-Lite Preview now available in AI Gateway GPT-5.3 Instant now available in AI Gateway Use Netlify Agent Runners from Linear Automatic PHP bot scan blocking now live on all plans Support for stale-while-revalidate in Cache API Gemini 3.1 Flash Image Preview now available in AI Gateway GPT-5.3-Codex now available in AI Gateway Gemini 3.1 Pro Preview now available in AI Gateway Claude Sonnet 4.6 now available in AI Gateway and Agent Runners Sync changes with Agent Runners without Git Claude Opus 4.6 now available in AI Gateway and Agent Runners Agent Runners improvements recap 6 new React Router & Remix CVEs: what you need to know Vulnerability in Node.js: what Netlify users need to know 5 SvelteKit security vulnerabilities: what Netlify users need to know GPT-5.2-Codex Now Available in AI Gateway and Agent Runners Play Games While Agent Runners Do the Work Prerender.io support updated as new extension Gemini 3 Flash Preview now available in AI Gateway GPT-image-1.5 now available in AI Gateway AI Gateway now Generally Available Observability release is here Prerender extension now generally available Action required: React/Next.js CVE-2025-55184 and CVE-2025-55183 GPT-5.2 and GPT-5.2-Pro now available in AI Gateway and Agent Runners GPT-5.1-Codex-Max now available in AI Gateway and Agent Runners Netlify’s response to the critical React security vulnerability Netlify Vite Plugin now supports AI Gateway locally Claude Opus 4.5 now available in AI Gateway Projects deployed using a zip file via API now support branch deploys Day one support for Angular v21 on Netlify Gemini 3 now available in AI Gateway and Agent Runners DNS record management simplified for teams in Netlify organizations Skew protection for CLI workflows Support for more domain TLDs GPT-5.1 model now available in AI Gateway React Router 7 apps can now be deployed to Edge Functions | Netlify Changelog Git SHA exposed for triggered deploys | Netlify Changelog Test scheduled functions in Netlify dashboard | Netlify Changelog Revert agent run in a task | Netlify Changelog Deletion improvements with Netlify Blobs | Netlify Changelog Preview Server restart for cross-functional collaborators | Netlify Changelog AI inference usage graphs | Netlify Changelog Buy credit packs on demand | Netlify Changelog React Router 7 middleware now supported | Netlify Changelog Skew protection now available | Netlify Changelog Next.js 16 is ready to deploy on Netlify | Netlify Changelog Enforce Git-based workflows for production deploys | Netlify Changelog Claude Haiku 4.5 is now available in the AI Gateway | Netlify Changelog GPT 5 Pro now available in the AI Gateway | Netlify Changelog Updates to credit-based Personal and Pro plans | Netlify Changelog New AI workflows: Agent Runners and AI Gateway (beta) | Netlify Changelog Netlify pricing update: Introducing credit-based plans | Netlify Changelog ChatGPT deep link for failed deploy analysis | Netlify Changelog Equinix IP address expiring for 4-year old sites | Netlify Changelog Nuxt 4 support + new @netlify/nuxt module for local dev | Netlify Changelog Smart Secret Scanning for AI-Generated Code | Netlify Netlify DB: Serverless PostgreSQL Database | Netlify One-click install Netlify MCP on Cursor | Netlify Changelog Netlify MCP Server: AI Agents Can Now Deploy Code Directly | Netlify Netlify Becomes Official Vite Deployment Partner + New Plugin | Netlify Angular 20 support | Netlify Changelog Netlify CLI 21.4.1 UI and workflow enhancements | Netlify Changelog Security Update: Next.js sites on Netlify not vulnerable to CVE-2025-32421 | Netlify Changelog Introducing the Netlify Cache API
Security Update: Multiple vulnerabilities in Next.js | Netlify Changelog
2025-08-30 · via Netlify Changelog

We are aware of recently disclosed vulnerabilities affecting Next.js applications:

  1. CVE-2025-55173: Next.js Image Optimization – Arbitrary File Download
  2. CVE-2025-57822: Next.js Middleware – SSRF via Misuse of next()
  3. CVE-2025-57752: Next.js Image Optimization – Cache Poisoning / Unauthorized Disclosure

As a security precaution, we recommend upgrading to the latest versions of Next.js and enabling automatic updates of the OpenNext Netlify Next.js adapter.

The engineering team at Netlify has reviewed these and determined the following impact on Netlify sites: *

  1. CVE-2025-55173: Next.js Image Optimization – Arbitrary File Download

Sites on Netlify are not vulnerable.

Next.js sites on Netlify use Netlify’s Image CDN instead of the affected built-in Next.js Image Optimization feature. Furthermore, Netlify Image CDN strips Content-Disposition headers, which is required for successful exploitation of this vulnerability. With this header removed it is not possible to force a file download or override the filename, even in case of a mismatch between the requested image type and the source file type.

  1. CVE-2025-57822: Next.js Middleware – SSRF via Misuse of next()

Sites on Netlify are not vulnerable.

Our OpenNext adapter uses Edge Functions to run middleware and relies on the context.next() API as the underlying implementation of NextResponse.next() calls, passing the original request URL and preventing this attack vector.

  1. CVE-2025-57752: Next.js Image Optimization – Cache Poisoning / Unauthorized Disclosure

Next.js sites on Netlify are potentially vulnerable, if the sites use the next/image component to fetch images from a source that uses headers to conditionally serve images.

Next.js sites using the next/image component will automatically opt into Netlify’s Image CDN which, by design, will automatically cache the source assets on Netlify’s Edge Cache. This means that a source image that is served behind an authorization header will get cached on the Netlify Edge Cache in order to improve performance. Upgrading to the newest version of Next.js will not change this behavior.

If your Next.js site serves images from a protected source, we advise you to not use the next/image component so that you have full control over the caching and authorization strategies required for your use-case.

We are working continually with the Next.js team and are committed to making your sites secure on Netlify.