A security vulnerability was discovered that affects Sentry’s Next.js SDK, which made it possible to exploit Sentry’s Tunnel feature to establish Server-Side Request Forgery (SSRF) attacks.
The Sentry team has already released a patch with the latest version 7.77.0.
While we still recommend updating to the latest version of the Sentry SDK, Vercel has taken proactive measures on our firewall to protect our customers.
We will continue to proactively protect all Sentry + Next.js deployments on Vercel through the Vercel Firewall, regardless of Sentry's Next.js SDK version running.