Security Updates
This release includes important security updates to address vulnerabilities in React Server Components (RSC) protocol.
React and Next.js Security Patches
We've updated Next.js and React to fix two additional vulnerabilities (CVE-2025-55183, CVE-2025-55184) that were discovered while security researchers examined the patches for React2Shell.
Important: Neither of these new issues allow for Remote Code Execution. The patch for React2Shell remains fully effective.
These vulnerabilities originate in the upstream React implementation. This release addresses the downstream impact on Next.js applications using the App Router.
For full details, see the React blog post.
Recommended Action
All users are strongly encouraged to update to v4.5.10 as soon as possible to ensure they are protected against these vulnerabilities.
Full Changelog: v4.5.9...v4.5.10