chore: update react to apply patch for CVE-2025-55182 (#21084) #21176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

david-fraley merged 1 commit into release/2.27 from react-upgrade-CVE-2025-55182-2.27

Dec 9, 2025

Contributor

jdomeracki-coder commented Dec 8, 2025

Reference:
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Please note that coder deployments aren't vulnerable since React Server Components aren't in use


          chore: update react to apply patch for CVE-2025-55182 (#21084)

2757ef8

Reference:

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

jdomeracki-coder requested a review from aslilac as a code owner

December 8, 2025 21:08

github-actions bot assigned jdomeracki-coder

jdomeracki-coder added the cherry-pick/v2.27 label

aslilac approved these changes

View reviewed changes

Member

aslilac left a comment •

edited

Loading

I just wanna note for posterity that since we do not host a server components backend this codebase is not at all vulnerable to this CVE. There's no server to get RCE on.

but upgrading anyway is fine

david-fraley approved these changes

View reviewed changes

david-fraley merged commit 1276135 into release/2.27

35 checks passed

david-fraley deleted the react-upgrade-CVE-2025-55182-2.27 branch

December 9, 2025 14:44

github-actions bot locked and limited conversation to collaborators

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

cherry-pick/v2.27