编译 | Tina、冬梅上周刚追完 10 级补丁,以为能喘口气了?还不行。12 月 12 日,React 官方确认,研究人员在验证上周补丁时,竟又在 React Server Components(RSC)里发现了两处新漏洞。过去一周,React2Shell 漏洞的余威仍在:服务器被劫持挖矿、云厂商紧急封禁、甚至引发 Cloudflare ...
InfoQ中国 on MSN
Next.js 16 上线,有人 3 天升级成功,也有人生产环境翻车
Next.js 16 引入了多项新特性,包括需要显式开启的 Cache Components、通过 Model Context Protocol 集成的 AI 辅助调试能力,以及作为默认构建工具正式转正的 Turbopack。此外,新版本还对路由系统进行了增强,加入了布局去重(layout deduplication)和增量式预取(incremental ...
新型恶意软件PCPcat通过针对性利用Next.js和React框架中的关键漏洞,在48小时内成功入侵了超过5.9万台服务器。该恶意软件利用两个关键漏洞(CVE-2025-29927和CVE-2025-66478)攻击Next.js部署环境,这些漏洞允许未经身份验证的远程代码执行。
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
These four reactive frameworks are all popular options for building dynamic, scalable web apps in JavaScript. Here's help choosing the right one for you. The last time I compared the leading reactive ...
The outstanding winner of the new study is n8n, a project for workflow automation using AI. It received over 100,000 GitHub ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果
反馈