Skip to content
← Back to Changelog

Friday, January 12th 2024

Vercel Firewall proactively protects against vulnerability in the Clerk SDK

Posted by

Avatar for smaeda-ks

Shohei Maeda

Software Engineer

Avatar for aaronbrown

Aaron Brown

Head of Security

A security vulnerability in the @clerk/nextjs SDK was identified by the Clerk team recently, which allows malicious actors to act-on-behalf-of other users.

The Clerk team has already released a patch with the latest version. Please check the public announcement by the Clerk team for more details.

While we still recommend updating to the latest version of the Clerk SDK, Vercel has taken proactive measures on our Firewall to protect our customers on all plans.

We will continue efforts to proactively protect Clerk + Next.js deployments on Vercel through the Vercel Firewall, regardless of Clerk's Next.js SDK version running.