fix: 1.2.0版本修复 React Server Components拒绝服务漏洞 (CVE-2025-55184) 和 CVE-2025-54880

2026-06-04 10:14:00 +08:00 · 2025-12-16 09:13:21 +08:00
parent b4bf4a59c6
commit ff78ea6936
3 changed files with 700 additions and 442 deletions
@@ -510,7 +510,7 @@ services:

  # Frontend web application.
  web:
-    image: ccr.ccs.tencentyun.com/yfgaia/dify-plus-web:1.2.0-fix.2
+    image: ccr.ccs.tencentyun.com/yfgaia/dify-plus-web:1.2.0.fix.3
    restart: always
    environment:
      CONSOLE_API_URL: ${CONSOLE_API_URL:-}
@@ -45,7 +45,7 @@
    "@mdx-js/loader": "^3.1.0",
    "@mdx-js/react": "^3.1.0",
    "@monaco-editor/react": "^4.6.0",
-    "@next/mdx": "15.2.3",
+    "@next/mdx": "15.5.9",
    "@octokit/core": "^6.1.2",
    "@octokit/request-error": "^6.1.5",
    "@remixicon/react": "^4.5.0",
@@ -85,18 +85,18 @@
    "lexical": "^0.18.0",
    "line-clamp": "^1.0.0",
    "lodash-es": "^4.17.21",
-    "mermaid": "11.4.1",
+    "mermaid": "11.10.0",
    "mime": "^4.0.4",
    "mitt": "^3.0.1",
    "negotiator": "^0.6.3",
-    "next": "15.2.6",
+    "next": "~15.5.9",
    "next-themes": "^0.4.3",
    "pinyin-pro": "^3.25.0",
    "qrcode.react": "^4.2.0",
    "qs": "^6.13.0",
-    "react": "19.2.1",
+    "react": "19.2.3",
    "react-18-input-autosize": "^3.0.0",
-    "react-dom": "19.2.1",
+    "react-dom": "19.2.3",
    "react-easy-crop": "^5.1.0",
    "react-error-boundary": "^4.1.2",
    "react-headless-pagination": "^1.1.6",