This week in web development: Payload patches critical SQL injection vulnerabilities affecting Drizzle-based database adapters, Next.js ships 10 canary releases focused on Turbopack infrastructure and server-side HMR, and Anthropic commits to covering electricity cost increases caused by their AI data centers. Payload issued critical security patches for SQL injection vulnerabilities in version 3.73 and 3.74. This affects Drizzle-based adapters with JSON/rich text fields with read access set to anything but false in Postgres/SQLite with serial IDs. OpenAI is beginning to test ads in ChatGPT's free and Go tiers. Cursor released Composer 1.5 with 20x more reinforcement learning than v1, and Railway launches one-click Cloudflare DNS integration plus horizontal scaling without deployment cycles.0:00 Payload CMS Security Patches1:17 Payload v3.7.6 Release1:47 Shadcn/ui Blocks Update2:00 Next.js Canary Releases3:15 Cloudflare Markdown for Agents4:32 AWS Infrastructure Updates5:39 Dokploy v0.27 Stability Release6:12 OpenAI Ad Testing in ChatGPT6:49 Cursor Composer 1.57:55 Anthropic Nonprofit Access & Energy Commitment9:24 Claude Code Updates10:03 Google Gemini 3 Deep Think10:37 Railway Deployment Improvements12:00 Closing Thoughts
Hosted on Acast. See acast.com/privacy for more information.
