[GHSA-5f7q-jpqc-wp7h] Next.js has Unbounded Memory Consumption via PPR Resume Endpoint #6742
Conversation
|
Hi there @andresriancho! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
|
Already reported in #6741 |
github-actions
bot
changed the base branch from
main
to
cylewaitforit/advisory-improvement-6742
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Security Advisory (GHSA-5f7q-jpqc-wp7h) for Next.js to reflect that a stable release (v15.5.11) was published with backported security fixes for unbounded memory consumption via PPR Resume Endpoint.
Changes:
- Updated the fixed version from canary release to stable release v15.5.11
- Added database-specific metadata tracking the last known affected canary version
- Updated the modification timestamp
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I closed this thinking #6741 was a duplicate but it includes v15.5.10 which I don’t believe resolves this. Which makes me believe this would be a preferable change to make. |
2 participants
Updates
Comments
v15.5.11 was released with back ported fixes.
https://github.com/vercel/next.js/releases/tag/v15.5.11