Changes.Watch
Know what changed in your dev stack before it affects you.
Audit your stack →

Clerk changelog digest

May 4 - May 10, 2026. Useful releases, risky migrations, and noisy updates from the Clerk channel.

Clerk updates in 2026-w19

Patched high‑severity vulnerabilities including DoS via server components, middleware/proxy bypasses, SSRF in WebSocket upgrades, and cache poisoning in React Server Component responses.

Address multiple high, moderate, and low severity security advisories (DoS, SSRF, XSS, cache poisoning, and middleware proxy bypass)

Patched multiple high‑severity security vulnerabilities (DoS, SSRF, proxy bypass, cache poisoning, XSS) across Server Components, Middleware, and Image Optimization.

Patched high‑severity vulnerabilities such as denial‑of‑service, proxy bypass, SSRF, and cache exhaustion across server components, middleware, and caching layers.