Same procedure as last time

eps1lon · eps1lon · commit 9ad80111cf0b · 2026-04-08T21:28:25.000+02:00
diff --git a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md
@@ -62,45 +62,27 @@ An unauthenticated attacker could craft a malicious HTTP request to any Server F
 
 These instructions have been updated to include the new vulnerabilities:
 
-- **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) and [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779) (CVSS 7.5)
+- **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184), [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779), and [CVE-2026-23869](https://www.cve.org/CVERecord?id=CVE-2026-23869) (CVSS 7.5)
 - **Source Code Exposure - Medium Severity**: [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) (CVSS 5.3)
 - **Denial of Service - High Severity**: January 26, 2026 [CVE-2026-23864](https://www.cve.org/CVERecord?id=CVE-2026-23864) (CVSS 7.5)
 
 See the [follow-up blog post](/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components) for more info.
 
 -----
 
-_Updated January 26, 2026._
+_Updated April 8th, 2026._
 </Note>
 
 ### Next.js {/*update-next-js*/}
 
 All users should upgrade to the latest patched version in their release line:
 
 ```bash
-npm install next@14.2.35  // for 13.3.x, 13.4.x, 13.5.x, 14.x
-npm install next@15.0.8   // for 15.0.x
-npm install next@15.1.12  // for 15.1.x
-npm install next@15.2.9   // for 15.2.x
-npm install next@15.3.9   // for 15.3.x
-npm install next@15.4.11  // for 15.4.x
-npm install next@15.5.10  // for 15.5.x
-npm install next@16.0.11  // for 16.0.x
-npm install next@16.1.5   // for 16.1.x
-
-npm install next@15.6.0-canary.60   // for 15.x canary releases
-npm install next@16.1.0-canary.19   // for 16.x canary releases
+npm install next@15.5.15  // for 15.x
+npm install next@16.2.3   // for 16.x
 ```
 
-15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.10, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5
-
-If you are on version `13.3` or later version of Next.js 13 (`13.3.x`, `13.4.x`, or `13.5.x`) please upgrade to version `14.2.35`.
-
-If you are on `next@14.3.0-canary.77` or a later canary release, downgrade to the latest stable 14.x release:
-
-```bash
-npm install next@14
-```
+If you are on version `13.3` or later version of Next.js 13 (`13.3.x`, `13.4.x`, or `13.5.x`) or on any Next.js 14, please upgrade to version `15.5.15`.
 
 See the [Next.js blog](https://nextjs.org/blog/security-update-2025-12-11) for the latest update instructions and the [previous changelog](https://nextjs.org/blog/CVE-2025-66478) for more info.
 
diff --git a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md
@@ -2,7 +2,7 @@
 title: "Denial of Service and Source Code Exposure in React Server Components"
 author: The React Team
 date: 2025/12/11
-description: Security researchers have found and disclosed three additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. High vulnerability Denial of Service (CVE-2025-55184), high vulnerability Denial of Service (CVE-2026-23869), and medium vulnerability Source Code Exposure (CVE-2025-55183)
+description: Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. High vulnerability Denial of Service (CVE-2025-55184), and medium vulnerability Source Code Exposure (CVE-2025-55183)
 
 
 ---
@@ -15,7 +15,7 @@ _Updated April 8th, 2026._
 
 <Intro>
 
-Security researchers have found and disclosed three additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability.
+Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability.
 
 **These new vulnerabilities do not allow for Remote Code Execution.** The patch for React2Shell remains effective at mitigating the Remote Code Execution exploit.
 
@@ -118,7 +118,7 @@ The patches published January 26th mitigate these DoS vulnerabilities.
 
 #### Additional fixes published {/*additional-fix-published*/}
 
-The original fix addressing the DoS in [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) and [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779) were incomplete.
+The original fix addressing the DoS in [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) was incomplete.
 
 This left previous versions vulnerable. Versions 19.0.5, 19.1.6, 19.2.5 are safe.
 
