Other

Security

Critical Update: CVE-2025-55182 (Dec 2025)

Status: PATCHED

PortfoliX v1.0.1 includes a critical security update for Next.js (v16.0.7) to address a Remote Code Execution (RCE) vulnerability in React Server Components.

What you need to do:

  • New Installations: You are safe. The current version (v1.0.1) is already patched.
  • Existing Installations: If you installed v1.0.0, please update immediately.

How to Update

  1. Pull the latest changes from the repository (or download the new zip).
  2. Run npm install to update dependencies.
  3. Rebuild the application: npm run build.
  4. Restart the server: pm2 restart portfolix (or your process manager).

Best Practices

  1. Change Default Credentials: Never leave the default admin@portfolix.dev account active.
  2. Secure Environment Variables: Never commit your .env file to public repositories.
  3. Use SSL: Always serve your site over HTTPS. Our install.sh script sets this up automatically.
  4. Keep Node.js Updated: Use the LTS version of Node.js.
← PreviousThemesNext →Support