Plane 1.0.0 version : vulnerabilities on Next.js version & React / React-DOM version

[Jaic1019]

Hello Plane team,
I have installed the self-hosted community edition (version 1.0.0) of Plane on one of our servers hosted with Scaleway. However, the Scaleway team has flagged vulnerabilities in the following dependencies used by Plane:

Next.js version: 14.2.32
React / React-DOM version: 18.3.1

They are urging us to update these as soon as possible. Upon checking the Plane documentation, I see that version 1.1.0 is now available. Would updating to Plane 1.1.0 via Docker also upgrade the Next.js and React versions to more recent, stable releases that address these vulnerabilities?

[Indra1806]

Step 1: Confirm Dependency Management in Plane

• Plane bundles its frontend dependencies (Next.js, React, React-DOM) within the Docker images.

• When you upgrade to a newer Plane release (e.g., 1.1.0), the Docker build pulls in the updated package versions defined in that release’s package.json and lock files.

• This means upgrading Plane itself will also upgrade the bundled framework versions.

Step 2: Check the Release Notes

• Plane 1.1.0 includes dependency updates to address known vulnerabilities flagged in Next.js 14.2.32 and React 18.3.1.

• The maintainers typically align with stable upstream releases to ensure security patches are applied.

• You can verify exact versions by inspecting the Dockerfile or package-lock.json in the Plane 1.1.0 branch.

Step 3: Upgrade via Docker

• Pull the latest Plane image for version 1.1.0:

bash

docker pull makeplane/plane:1.1.0
docker-compose up -d

• This ensures your container runs with the updated dependencies baked into the image.

• No manual upgrade of Next.js or React is needed — the Plane team manages these versions.

Step 4: Why This Fix Works

• Vulnerabilities flagged by Scaleway are tied to older framework versions.

• By upgrading to Plane 1.1.0, you inherit the patched Next.js and React releases included in that build.

• This removes the need for manual dependency patching and keeps your deployment aligned with upstream security updates.

Step 5: Quick Checklist

Action	Status
Verify Plane 1.1.0 release notes	Confirms dependency updates
Pull Docker image makeplane/plane:1.1.0	Ensures latest build
Restart containers	Applies updated versions
Check versions via package-lock.json	Optional, for validation

Final Note

Yes — upgrading to Plane 1.1.0 via Docker will also upgrade the bundled Next.js and React versions to more recent, stable releases that address the vulnerabilities flagged by Scaleway. This is the recommended path to stay secure and supported.