TMiR 2025-12: Year in review, React2Shell (RCE, DOS, SCE, oh my)

Failed to add items

Sorry, we are unable to add the item because your shopping basket is already at capacity.

Add to cart failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Follow podcast failed

Unfollow podcast failed

TMiR 2025-12: Year in review, React2Shell (RCE, DOS, SCE, oh my)

Listen for free

View show details

About this listen

Full transcript at ReactifluxMain ContentReact2Shell vulnerabilityInitial announcementFollowup denial-of-service CVE and source code exposure CVEVercel bulletinCloudflareCloudflare report on exploit attemptsCloudflare outage on December 5, 2025Tech analysis: “Flight Protocol”Vuln is carefully crafted Promise deserialization + `new Function` evalPRs: Initial fixes, Promise cycles / function toString, more Promise cyclesGuillermo’s breakdownShruti’s breakdownComms critique“React is rainbow colored (function types)”What does this mean for React and RSC adoption going forward?When I go back and look at react.dev now \[…\] it feels half-finishedReact Native year in reviewMore CSS supportExpo EAS hostingRN 0.78: React 19 supportLynx launchedRN 0.79: JSC moving to Community PackageRN 0.80: Freezing the legacy architectureRN 0.81: Android 16 support for edge to edge1.0 on the horizonVega OS launchedRN 0.82: Only new architectureExpo App AwardsRN 0.83: New Devtools - no breaking changesReact year in reviewCRA deprecation, new install docs (Vite\!)Styled Components DeprecatedReleases: 19.2 (Activity, useEffectEvent), Compiler 1.0Research: View Transitions canary, perf, concurrent stores, “throw a promise” deprecated (but not merged yet)“Async React” and the ecosystemReact FoundationReact growth skyrocketsReact Router RSC support, TanStack Start WIP RSC, WakuDan’s RSC explainers (he had a bunch of things to say)Remix v3 Jam recap (not React but relevant)Mark went from frustrated (CRA) to excited (ReactConf, foundation, team efforts)⚡ Lightning round ⚡TS 7 progress updateNPM classic tokens revokedGitHub Actions planned workGithub Action pricing change and immediate about-faceStacked diffs proposal in the works?Anthropic bought BunSVG Clickjacking from Lyra (SVG filters as logic gates??)Dan Abramov’s RSC Explorer: https://rscexplorer.dev/ , https://overreacted.io/introducing-rsc-explorer/Instant-loading Github repo explorer using RSCs: Without the blue barReact Router’s Take on RSCsHow AI Coding Agents hid a Timebomb in Our App(https://acusti.ca/blog/2025/12/16/react-compiler-silent-failures-and-how-to-fix-them/)Great history of web dev: 30 Years of TagsNadia Makarevich’s latest deep dive: Bundle Size InvestigationExtensive ES2026 feature previewReact reconciler for Blender 3DThe “why” of React FiberAsync React articles from Aurora Scharff and Jack Herrington

No reviews yet