The Wire · Showcase
VERCEL AI HARDENS AGAINST SSRF AND SOCKET LEAKS, NEXT.JS CACHE LAYER GETS DEV PERSISTENCE
By RepoJournal · Filed · About Vercel
Vercel AI shipped critical fixes to block three classes of SSRF bypasses in download validation, while Next.js dev server now persists private cache entries across reloads.
The AI SDK's `downloadBlob`, `download`, and MCP client functions had multiple security gaps in their URL validation and socket handling that have been patched [1][2]. The SSRF guard now blocks hostname tricks and redirect bypasses, and rejected downloads properly cancel their response bodies to prevent TCP socket leaks that could pile up under sustained load [2]. On the MCP side, once a client receives its first valid SSE endpoint, that URL stays locked in and later endpoint events are ignored, preventing a malicious event from hijacking subsequent tool calls [3]. Meanwhile, Next.js dev server improvements make cache behavior more realistic: private `'use cache'` entries now persist in a built-in in-memory handler so warm reloads stay fast [4], and stale cache entries serve until actual expiration rather than dropping at revalidate time [5]. The Vercel CLI got two wins for integration discovery: `vercel integration discover --category <slug>` filters the marketplace, and a new `vercel integration categories` subcommand lists valid slugs [7]. Node framework preset detection now works without package.json, defaulting to ESM format for a bare `server.ts` [6].
Action items
- → Update @vercel/ai to latest patch immediately if you use downloadBlob or MCP clients with untrusted URLs vercel/ai [immediate]
- → Review your next dev cache patterns; private cache now persists by default in development vercel/next.js [plan]
- → If you're using custom OpenAPI specs, upgrade to latest vercel CLI to use --spec-url flag vercel/vercel [monitor]
- → Monitor Workflow runs for duplicate hook_created events; idempotency fix now prevents spurious conflicts vercel/workflow [monitor]
References
- [1] fix(provider-utils,ai): harden download SSRF guard against hostname and redirect bypasses (#15980) vercel/ai
- [2] fix(provider-utils): cancel response body on download rejection to prevent socket leak ↗ vercel/ai
- [3] fix(mcp): lock first sse endpoint received via event ↗ vercel/ai
- [4] Persist `'use cache: private'` entries in dev (#94694) vercel/next.js
- [5] Serve stale `'use cache'` entries in the dev server until they expire ↗ vercel/next.js
- [6] Support Node framework preset without a package.json (#16614) vercel/vercel
- [7] [cli] Add --category filter + integration categories subcommand (#16576) vercel/vercel
FAQ
- What changed in Vercel on June 12, 2026?
- Vercel AI shipped critical fixes to block three classes of SSRF bypasses in download validation, while Next.js dev server now persists private cache entries across reloads.
- What should Vercel teams do about it?
- Update @vercel/ai to latest patch immediately if you use downloadBlob or MCP clients with untrusted URLs • Review your next dev cache patterns; private cache now persists by default in development • If you're using custom OpenAPI specs, upgrade to latest vercel CLI to use --spec-url flag
- Which Vercel repositories shipped on June 12, 2026?
- vercel/ai, vercel/next.js, vercel/vercel