Hi Taiga team!
I’ve just been reading about Critical Security Vulnerability in React Server Components – React which has a level 10 CVE (remote code execution).
I know that Taiga has some NodeJS components (I think in taiga-events). I think it doesn’t use React Server Components or Next.js, but I wasn’t 100% sure, and thought it best to ask here just to get some reassurance that we don’t need to do anything re: self-hosted instances?
Thanks in advance! 
Hi there, @mig5 !
I did a quick check just in case, and we are not using any of the affected libraries/components in our JS projects.
In any case, of course, we keep reviewing the security of Taiga and releasing patches as soon as we have them, so we recommend keeping Taiga updated. For particularly major things, we will probably warn people to update here at community besides publishing the new version.
Best!
Thanks @Charlie , appreciate the reassurance!
In any case, of course, we keep reviewing the security of Taiga and releasing patches as soon as we have them, so we recommend keeping Taiga updated. For particularly major things, we will probably warn people to update here at community besides publishing the new version.
Indeed, and I am keen to see the upgrade to a still-supported Django hopefully soon I realise it’s a big job. Presumably there’s nothing too concerning right now in the old Django in terms of security issues (or you’d have handled the update already). In any case, will be a relief to be on the LTS version at some stage!
Thanks to you and your team for all your work.
