Typebot v3.15.2 ships with Next.js 15.5.9, which contains the
incomplete fix for CVE-2025-55184. The complete fix (CVE-2025-67779)
requires Next.js 15.5.10.
Reference: https://nextjs.org/blog/security-update-2025-12-11
The initial fix was incomplete — users must upgrade to 15.5.10
for full protection against this DoS vulnerability (CVSS 7.5).
Could you bump Next.js to 15.5.10 in the next release?
Typebot v3.15.2 ships with Next.js 15.5.9, which contains the
incomplete fix for CVE-2025-55184. The complete fix (CVE-2025-67779)
requires Next.js 15.5.10.
Reference: https://nextjs.org/blog/security-update-2025-12-11
The initial fix was incomplete — users must upgrade to 15.5.10
for full protection against this DoS vulnerability (CVSS 7.5).
Could you bump Next.js to 15.5.10 in the next release?