Is Umami Affected by CVE-2025-29927? #3326
bufferbandit
started this conversation in
General
Replies: 1 comment 2 replies
-
|
No, Umami does not do anything authentication in middleware. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Thanks for the response. Glad to hear. |
Beta Was this translation helpful? Give feedback.
-
|
++glad to hear as well. @mikecao when is umami planning to upgrade to 15.2+? While users can suppress this vulnerability, it can also naturally go away with a minor Next upgrade. Thanks! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I came across CVE-2025-29927, which affects Next.js authentication and authorization middleware. I’m not too familiar with Umami, but does this project use Next.js in a way that makes it vulnerable?
Would appreciate any insights. Thanks!
Beta Was this translation helpful? Give feedback.
All reactions