GitHub

Improper Middleware Redirect Handling Leads to SSRF

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next(). In self-hosted applications, this ...
GitHub

SEP-1607: Context Middleware

This SEP introduces a Context Middleware capability to MCP, enabling application-controlled transformation and enrichment of context. While MCP currently supports user-controlled context (Prompts), ...