1 min read
A security vulnerability in the @clerk/nextjs SDK was identified by the Clerk team recently, which allows malicious actors to act-on-behalf-of other users.
The Clerk team has already released a patch with the latest version. Please check the public announcement by the Clerk team for more details.
While we still recommend updating to the latest version of the Clerk SDK, Vercel has taken proactive measures on our Firewall to protect our customers on all plans.
We will continue efforts to proactively protect Clerk + Next.js deployments on Vercel through the Vercel Firewall, regardless of Clerk's Next.js SDK version running.