/
Published on 04.12.2025
TLDR: The React team has disclosed and patched a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components. The vulnerability (CVE-2025-55182) has a CVSS score of 10.0, and immediate upgrades are required for several react-server-dom-* packages and frameworks like Next.js and React Router.
Link: Critical Security Vulnerability in React Server Components – React
TLDR: React 19 marks a fundamental shift in how developers should handle asynchronous operations. The combination of concurrent features and new coordination APIs (useTransition, useOptimistic, Suspense, use()) creates a declarative system that automates async handling, reduces bugs, and improves user experience.
Link: The next era of React has arrived: Here's what you need to know - LogRocket Blog
TLDR: React Router is adding experimental support for React Server Components (RSC), offering an incremental adoption path. This includes rendering RSCs in loaders, creating entire RSC routes, and using React's native server functions for component-level mutations, providing more flexibility than React Router's traditional route-based actions.
Link: React Router's take on React Server Components
<Activity> and <ViewTransition>TLDR: Two new React 19 components, <Activity> and <ViewTransition>, provide powerful, declarative ways to handle common UI patterns. <Activity> allows components to be visually hidden while preserving state and allowing background tasks like preloading, while <ViewTransition> makes it easy to create smooth, animated page transitions.
Links: