clearer

Author: elithrar

src/content/changelog/workers/2025-03-22-next-js-vulnerability-waf.mdx

@@ -1,5 +1,5 @@
 ---
-title: Managed WAF rule for Next.js vulnerability
+title: New Managed WAF rule for Next.js CVE-2025-29927.
 description: Automatic deployment of a Web Application Firewall rule to block requests that attempt to bypass authentication in Next.js applications as part of CVE-2025-29927.
 products:
   - workers
@@ -9,9 +9,9 @@ products:
 date: 2025-03-22T13:00:00Z
 ---
 
-We've deployed a WAF (Web Application Firewall) rule to all sites to protect against the [Next.js authentication bypass vulnerability](https://github.com/advisories/GHSA-f82v-jwr5-mffw) (`CVE-2025-29927`) published on March 21st, 2025.
+We've deployed a WAF (Web Application Firewall) rule to all sites on Cloudflare to protect against the [Next.js authentication bypass vulnerability](https://github.com/advisories/GHSA-f82v-jwr5-mffw) (`CVE-2025-29927`) published on March 21st, 2025. This includes sites using Next.js on Workers and Pages, as well as sites using Cloudflare to protect Next.js applications hosted elsewhere.
 
-This rule is automatically deployed to all sitesas part of our [WAF Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/) and blocks requests that attempt to bypass authentication in Next.js applications.
+This rule has been automatically deployed to all sitesas part of our [WAF Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/) and blocks requests that attempt to bypass authentication in Next.js applications.
 
 The vulnerability affects almost all Next.js versions, and is patched in Next.js `14.2.25` and `15..2.3`. **Users on older versions of Next.js (`11.1.4` to `13.5.6`) do not have a patch available**.