编译 | Tina、冬梅上周刚追完 10 级补丁，以为能喘口气了？还不行。12 月 12 日，React 官方确认，研究人员在验证上周补丁时，竟又在 React Server Components（RSC）里发现了两处新漏洞。过去一周，React2Shell 漏洞的余威仍在：服务器被劫持挖矿、云厂商紧急封禁、甚至引发 Cloudflare ...

作者 | Daniel Curtis译者 | 田橙Vercel 旗下的 React 框架 Next.js 近日发布了 Next.js 16。这一版本带来了多项架构层面的改进与性能优化，同时也对缓存机制进行了根本性的调整。Next.js 16 引入了多项新特性，包括需要显式开启的 Cache Components、通过 Model Context Protocol 集成的 AI 辅助调试能力，以及作 ...

When considering React, Angular, and Vue, the first thing to note is that they carry the same notion at their cores: data binding. The idea here is that the framework assumes the work of tying the ...

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...

Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.

HOUSTON--(BUSINESS WIRE)--Sencha, (a division of Idera, Inc.), a leading provider of cross-platform application developer productivity tools, today announced the release of Ext JS 7.0 featuring ...