releases.shpreview
Clerk/JavaScript SDK/@clerk/nextjs@7.3.5

@clerk/nextjs@7.3.5

May 15, 2026JavaScript SDKView original ↗

Patch Changes

  • Bump next devDependency to 15.5.18 to pick up the fix for GHSA-26hh-7cqf-hhc6, a high-severity (CVSS 7.5) Middleware/Proxy bypass in App Router applications via segment-prefetch routes (incomplete-fix follow-up). If you use the Next.js App Router, we recommend upgrading to Next.js 15.5.18, 16.2.6, or a later patched release. The 16.0.0 through 16.2.5 versions are still affected. (#8547) by @jacekradko

  • Updated dependencies [9fa6642, 930047f, b45777c, 5441d86, 5a7225e]:

    • @clerk/shared@4.12.0
    • @clerk/react@6.6.4
    • @clerk/backend@3.4.9

Fetched May 16, 2026