Next.js had to patch the patch - May 2026
next.js had a 13-CVE security drop on may 6, then patched the patch on may 7.
the first turbopack fix didn't apply to
actual fixed versions: 15.5.18 and 16.2.6. not 15.5.16 / 16.2.5.
what's in the release:
- SSRF via websocket upgrades, CVSS 8.6
- middleware bypass via dynamic route params, CVSS 8.1
- pages router i18n middleware bypass, CVSS 7.5
- DoS in the react flight protocol itself, CVSS 7.5
- plus cache poisoning in RSC responses and XSS in CSP-nonce apps
spent yesterday patching my vps boxes. the ones on Vercel auto-patched both rounds.
been defending the concept of bringing the backend to the frontend. backend security guys are out here going "and this is why we don't let frontend devs touch the server."
putting all new clients on Vercel from now on.
> if you are running next.js on a vps, even old projects you don't touch anymore, update them.
Source: vercel.com/changelog/next-js-may-2026-security-release
Follow for more: DevNotes
next.js had a 13-CVE security drop on may 6, then patched the patch on may 7.
the first turbopack fix didn't apply to
middleware.ts`/`proxy.ts, so anyone who updated once and stopped is still vulnerable.actual fixed versions: 15.5.18 and 16.2.6. not 15.5.16 / 16.2.5.
what's in the release:
- SSRF via websocket upgrades, CVSS 8.6
- middleware bypass via dynamic route params, CVSS 8.1
- pages router i18n middleware bypass, CVSS 7.5
- DoS in the react flight protocol itself, CVSS 7.5
- plus cache poisoning in RSC responses and XSS in CSP-nonce apps
spent yesterday patching my vps boxes. the ones on Vercel auto-patched both rounds.
been defending the concept of bringing the backend to the frontend. backend security guys are out here going "and this is why we don't let frontend devs touch the server."
putting all new clients on Vercel from now on.
> if you are running next.js on a vps, even old projects you don't touch anymore, update them.
Source: vercel.com/changelog/next-js-may-2026-security-release
Follow for more: DevNotes
Vercel
Next.js May 2026 security release - Vercel
Next.js 15.5.18 and 16.2.6 patch 13 security advisories covering middleware bypass, denial of service, SSRF, cache poisoning, and cross-site scripting.
👍5
😁4
Forwarded from baka Codes
this platform is created by one of the earliest A2SVians who is now a senior software engineer at Google. it's called Habeshans corner. it's aim is sharing opportunities like jobs, scholarships, internships and mentorships in the habesha community around the world. it's just getting started, but it could go on to be something big. join the corner, share it with in your circle.
@bakacodes
@bakacodes
Habeshans Corner
Discover and share jobs, scholarships, internships, and mentorship with Habeshans worldwide. Browse community posts with deadlines and locations, or publish opportunities for the Ethiopian and Eritrean diaspora.
❤6
Telegram wallet is killing birr p2p too, june 2
binance, okx, bybit, bitget already pulled out. wallet was the last spot left, even rolled out amharic two weeks ago to grab everyone. didn't even last the month.
> this was my last resort. trade before june 2 (enough for at least a couple months of expenses)
Follow for more: DevNotes
binance, okx, bybit, bitget already pulled out. wallet was the last spot left, even rolled out amharic two weeks ago to grab everyone. didn't even last the month.
> this was my last resort. trade before june 2 (enough for at least a couple months of expenses)
Follow for more: DevNotes
Telegram
Dev Notes
Welcome to DevNotes! 💻 A channel for coding tips, tech tutorials, and developer resources to help you level up your skills and stay updated.
😭5
Forwarded from Wallet
Notice on ETB trading in P2P Market
Due to regulatory requirements, P2P Market trading with Ethiopian Birr (ETB) will be discontinued on 2 June, 2026. Consequently, all active P2P advertisements involving ETB will be removed, and no new advertisements can be posted from this date.
To ensure a smooth transition, any trades started before the deadline can be completed as normal. Our support team will also remain available to handle all active appeals and disputes until they are fully resolved.
All other Crypto Wallet services remain operational, and your funds remain secure and accessible.
We appreciate your understanding and patience as we continue to align our services with applicable regulatory requirements.
If you have any questions — @wallet_supportbot, we’re always here to help.
Manage notifications
Due to regulatory requirements, P2P Market trading with Ethiopian Birr (ETB) will be discontinued on 2 June, 2026. Consequently, all active P2P advertisements involving ETB will be removed, and no new advertisements can be posted from this date.
To ensure a smooth transition, any trades started before the deadline can be completed as normal. Our support team will also remain available to handle all active appeals and disputes until they are fully resolved.
All other Crypto Wallet services remain operational, and your funds remain secure and accessible.
We appreciate your understanding and patience as we continue to align our services with applicable regulatory requirements.
If you have any questions — @wallet_supportbot, we’re always here to help.
Manage notifications
how to apply for remote jobs better
1. go to crunchbase.com, filter for companies that just raised. they have money and they're about to hire.
2. the free trial needs a card, use a bybit virtual card. Crunchbase won't track cards, so when the trial runs out you swap the email and start a fresh one.
3. pick one company a day. research what they actually build.
4. write a specific cold email. good breakdown here
5. send a linkedin dm too, hit them from both sides.
6. record a short video of yourself, why you're a fit. komodo is free and unlimited. puts you ahead of many.
it's a numbers game but quality numbers. just show up every day.
Follow for more: DevNotes
1. go to crunchbase.com, filter for companies that just raised. they have money and they're about to hire.
2. the free trial needs a card, use a bybit virtual card. Crunchbase won't track cards, so when the trial runs out you swap the email and start a fresh one.
3. pick one company a day. research what they actually build.
4. write a specific cold email. good breakdown here
5. send a linkedin dm too, hit them from both sides.
6. record a short video of yourself, why you're a fit. komodo is free and unlimited. puts you ahead of many.
it's a numbers game but quality numbers. just show up every day.
Follow for more: DevNotes
🔥13
You can buy stocks on binance now
telegram wallet added tokenized stocks late last year, just a handful of names. binance just went way bigger: 7,000+ US stocks and ETFs since june 1. nvidia, apple, tesla, google, microsoft, all the AI names are in there.
zero commission, fractional shares from $5, you buy straight with crypto (USDC, USDT, BNB). select ones trade 24/5.
next up is bStocks, where you turn a stock you hold into a token on BNB chain yourself.
i think it's a solid long-term play, better than just holding usd. considering putting a small amount in myself.
source: globalfintechseries
Follow for more: DevNotes
telegram wallet added tokenized stocks late last year, just a handful of names. binance just went way bigger: 7,000+ US stocks and ETFs since june 1. nvidia, apple, tesla, google, microsoft, all the AI names are in there.
zero commission, fractional shares from $5, you buy straight with crypto (USDC, USDT, BNB). select ones trade 24/5.
next up is bStocks, where you turn a stock you hold into a token on BNB chain yourself.
i think it's a solid long-term play, better than just holding usd. considering putting a small amount in myself.
source: globalfintechseries
Follow for more: DevNotes
PR Newswire
Binance Launches U.S. Stocks Trading and Previews bStocks Tokenized Securities
/PRNewswire/ -- Binance today introduced U.S. equities trading, giving eligible users access to more than 7,000 U.S.-listed stocks and ETFs. The launch...
⚡5💯1
p2p.army shows the birr (ETB) p2p prices across all exchanges in one place. not real time but close enough.
https://p2p.army/en/p2p/fiats/ETB
USDT's around 183 to buy, 177 to sell right now.
ETB p2p is dying. the national bank made birr p2p illegal in feb, and since then bybit, okx, binance and telegram all pulled out. mexc announced it's delisting etb from p2p too, gone by june 10. that leaves basically just gate (new) and bingx with live ads.
Follow for more: DevNotes
https://p2p.army/en/p2p/fiats/ETB
USDT's around 183 to buy, 177 to sell right now.
ETB p2p is dying. the national bank made birr p2p illegal in feb, and since then bybit, okx, binance and telegram all pulled out. mexc announced it's delisting etb from p2p too, gone by june 10. that leaves basically just gate (new) and bingx with live ads.
Follow for more: DevNotes
❤4👍2
Ablaze is hiring, 3 open roles:
Frontend Developer
Senior QA Engineer
Associate Business Manager
send your CV to talent@ablazelabs.com or message them on telegram: @Ablaze_Labs
not remote tho, sharing cause the pay is solid for a local company
Follow for more: DevNotes
Frontend Developer
Senior QA Engineer
Associate Business Manager
send your CV to talent@ablazelabs.com or message them on telegram: @Ablaze_Labs
not remote tho, sharing cause the pay is solid for a local company
Follow for more: DevNotes
Telegram
Dev Notes
Welcome to DevNotes! 💻 A channel for coding tips, tech tutorials, and developer resources to help you level up your skills and stay updated.
🙏4