Next.js has released version 15.2.3 to address a security vulnerability. Due to this CVE in previous versions, we recommend that developers upgrade to the latest version based on the guidance in Next.js’s official blog post here.

As Catalyst is based on Next.js, this CVE affects all versions of Catalyst. We have released new versions of Catalyst with the latest version of Next.js to address the issue, but you can also trivially upgrade Next.js in your own Catalyst application by following the directions in the blog post.