125: The RSC Vulnerabilities Keep Coming

Hot on the heels of the first critical vulnerability discovered in React applications using RSCs last week, two more vulnerabilities have surfaced, which is not uncommon. Even if you already updated for the critical vulnerability, you will need to update again.

In lighter news, Anthropic donates MCP to the Agentic AI Foundation, just one year after introducing it to the world. MCP’s rise has been meteoric: 10,000 active public MCP servers, adoption by ChatGPT, Cursor, Gemini, Copilot, VS Code, and more, and now stewardship by the AAIF, which is under the Linux Foundation.

With all the great things coming to CSS lately, the Chrome Dev team created a great CSS Wrapped write up highlighting the big features for 2025. Of the 22 new features added, invoker commands, popover enhancements, and customizable select dropdowns are some of the most exciting additions.

Timestamps:

• 2:29 - More vulnerabilities in RSCs
• 6:36 - Anthropic donates MCP to the Agentic AI Foundation
• 16:04 - CSS 2025 wrap up
• 25:05 - Disney to allow characters on Sora
• 29:42 - What’s making us happy

News:

• Paige - Anthropic donates MCP to the Agentic AI Foundation
• Jack - More vulnerabilities in RSCs discovered
• TJ - CSS Wrapped 2025

Lightning News: 

• Disney will allow characters on Sora AI video generator

What Makes Us Happy this Week:

• Paige - Twinkly Christmas Lights
• Jack - 3D printed underwear for the multiboard desk organization
• TJ - Mammoth

Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.

• Front-end Fire website
• Blue Collar Coder on YouTube
• Blue Collar Coder on Discord
• Reach out via email
• Tweet at us on X @front_end_fire
• Follow us on Bluesky @front-end-fire.com
• Subscribe to our YouTube channel @Front-EndFirePodcast