Vercel has released Next.js in version 11.1. The framework for creating server-side applications with React brings a security patch in the minor release that is intended to prevent possible open redirects, but also new features.
Security patch against open redirects
The Next.js development team was informed that an open redirect with pages/_error.js was possible. Next.js 11.1 comes with a security patch to prevent them. With open redirects, attackers can redirect visitors to a trusted domain to their domain and misuse their reputation for phishing attacks. Applications hosted by the Next.js manufacturer Vercel (formerly ZEIT) are not affected.
In addition to the security patch, new features are included in minor release 11.1. This includes the import of npm packages with an experimental flag using ES Modules:
// next.config.js
module.exports = {
// Prefer loading of ES Modules over CommonJS
experimental: { esmExternals: true }
}In addition, Next.js 11.1 introduces performance improvements when using next build and new rules for ESLint, which has been on board since version 11. The last major release mainly brought innovations for the user experience (UX) in cooperation with the Chrome team in the Aurora project.
Next.js can be used on macOS, Windows (including Windows Subsystem on Linux) and Linux, Node.js version 12.0 or higher is required.
A blog post describes the most important innovations in Next.js 11.1, weitere Details offer the release notes on GitHub.
(May)
