Plane
Replies: 1 comment
-
|
This is not applicable to Plane as we are not using any server side actions using middleware. We have already upgraded to the patch version released by Vercel. Which will be available as part of the next release. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
There's recently been a critical security flaw in Next.js, allowing to bypass authentication. (CVE-2025-29927)
The depdendabot PR for Plane to address this problem has been merged 2025-03-24, but there's been no new Plane release since.
Is it safe to run Plane with the current release version? (In my organization, we're discussing whether this means that we need to take our self-hosted Plane instance offline till there's a new release. I'm lacking the knowledge to judge in how far the vulnerability affects Plane.)
Beta Was this translation helpful? Give feedback.
All reactions