For StartupsFor CommunitiesDigestBlog
Log InGet Started Free
Back to digest

OSS Updates: Security Fixes Hit Next.js, AI SDKs Advance, and More

StartupCornersMay 12, 20261 min read
OSS Releases

Frameworks

vercel/next.js, v16.2.6 and v15.5.18, ⚠ Breaking: Multiple critical security fixes including DoS protection, middleware bypass prevention, and XSS mitigations, v16.2.6

nuxt/nuxt, v4.4.5 and v3.21.5, Performance optimization for layer root caching plus CSS inlining improvements and island rendering fixes, v4.4.5

vitejs/vite, v8.0.12 and v8.0.11, Maintenance releases with bug fixes and stability improvements, v8.0.12

withastro/astro, v6.3.1 and v6.3.0, New experimental advanced routing feature for custom request pipeline control plus local image endpoint fixes, astro@6.3.0

AI

langchain-ai/langchain, langchain-core==1.4.0, Major core library update with improved serialization, deprecation handling, and security fixes for untrusted manifest loading, langchain-core==1.4.0

vllm-project/vllm, v0.20.2, Critical fixes for DeepSeek V4 sparse attention and KV cache allocation, plus MXFP4 torch.compile support and Qwen3-VL improvements, v0.20.2

anthropics/anthropic-sdk-typescript, aws-sdk: v0.3.0, New AWS client for Claude Platform on AWS integration, aws-sdk: v0.3.0

openai/openai-python, v2.36.0, Realtime API v2 support with manual API updates, v2.36.0

BerriAI/litellm, v1.83.14-stable.patch.3, Stable patch release with cosign-verified Docker image security, v1.83.14-stable.patch.3

Runtime

cloudflare/workerd, v1.20260511.1, Daily runtime updates with test parallelism improvements and worker FFI extensions, v1.20260511.1

vercel/turborepo, v2.9.12, LSP diagnostics fixes for transit nodes and VS Code extension improvements, v2.9.12

Data

ClickHouse/ClickHouse, v26.4.2.10-stable, v26.3.10.62-lts, and v26.2.18.8-stable, Multiple stable and LTS releases across version branches, v26.4.2.10-stable

supabase/supabase, v1.26.05, Developer update featuring custom OAuth/OIDC providers, ISO 27001 certification, and new @supabase/server SDK for multi-runtime support, v1.26.05

This week's releases signal a major focus on security and stability across the ecosystem. Next.js shipped comprehensive security fixes addressing multiple high-severity vulnerabilities, while the AI tooling space continued its rapid evolution with LangChain's major core update and improved model inference capabilities in vLLM.

Ready for one link for your startup?

Free to start. Founding Members get $120 in credits and a direct line to the founders.

Create Your Link

Free to start · No credit card

Read next

Jun 16, 2026 · 2 min
OSS Releases Week of June 16 2026: vLLM, Deno, Kubernetes
A busy week of OSS releases brings vLLM v0.23.0 with 408 commits, a feature-rich Deno v2.8.3, synchronized Kubernetes patch drops across four minor versions, and a security-conscious Astro bugfix.
Jun 9, 2026 · 2 min
Open Source Weekly: Top Developer Releases from June 9, 2026
This week brought significant updates across the open source ecosystem, from VSCode's latest release to breaking changes in Remix's middleware architecture.