Link to heading Summary A vulnerability affecting Next.js has been addressed. It impacted versions >=15.1.0 <15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition. Link to heading Impact This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue required the below conditions to be exploitable: Using an affected version of Next.js, and; A route using cache revalidation with ISR ( next start or standalone mode); and A route using SSR, with a CDN configured to cache 204 responses. Link to heading Resolution The issue was resolved by removing the problematic code path that would have caused the 204 response to be set.…