Skip to content
← Back to Changelog

Thursday, November 9th 2023

Vercel Firewall proactively protects against vulnerability in the Sentry Next.js SDK

Posted by

Avatar for matheus

Matheus Fernandes

Principal Engineer

Avatar for smaeda-ks

Shohei Maeda

Software Engineer

A security vulnerability was discovered that affects Sentry’s Next.js SDK, which made it possible to exploit Sentry’s Tunnel feature to establish Server-Side Request Forgery (SSRF) attacks.

The Sentry team has already released a patch with the latest version 7.77.0.

While we still recommend updating to the latest version of the Sentry SDK, Vercel has taken proactive measures on our firewall to protect our customers.

We will continue to proactively protect all Sentry + Next.js deployments on Vercel through the Vercel Firewall, regardless of Sentry's Next.js SDK version running.