🔐 Critical Security Week: 5 Developer Vulnerabilities Patched + Python 3.15 & AWS Lambda Updates
Today's Top Developer Updates
- Oracle Fusion Middleware CVE-2025-61757: CISA-flagged critical vulnerability requires patch by December 12, 2025
- Next.js Authorization Bypass Flaw: Middleware security issue patched in versions 14.2.25 and 15.2.3
- ASP.NET Core HTTP Smuggling: CVE-2025-55315 affects versions 8.0, 9.0, and 10.0
- Python 3.15.0a2 Released: Second alpha for Python 3.15 available for testing (November 19)
- AWS Lambda Rust Support: Official Rust runtime now available alongside Java 25
Critical Security Vulnerabilities
November 21 brings five critical security vulnerabilities affecting popular developer tools and frameworks. CISA has added Oracle Fusion Middleware to its Known Exploited Vulnerabilities catalog, while Next.js and ASP.NET Core patches address severe authorization and HTTP smuggling issues.
- CVE-2025-61757 (Oracle Fusion): Missing authentication allows unauthenticated remote attackers to take over Identity Manager. Patch deadline: December 12, 2025
- Next.js Authorization Bypass: Critical flaw in middleware authorization checks. Safe versions: 14.2.25 or 15.2.3
- CVE-2025-55315 (ASP.NET Core): HTTP request smuggling vulnerability in versions 8.0, 9.0, and 10.0
- esm.sh CDN Vulnerability: Template literal injection in CSS-to-JS module conversion. Patched in version 136
Python 3.15.0a2 Alpha Released
Python 3.15.0a2, the second alpha release for Python 3.15, was released on November 19, 2025. This alpha version allows developers to test upcoming features before the stable release while Python 3.14 reached general availability on October 7, 2025.
- Release Date: November 19, 2025 (Python 3.15.0a2)
- Current Stable: Python 3.14 (released October 7, 2025)
- End of Life: Python 3.9 reached EOL in November 2025
- Developer Impact: Test applications against 3.15 alpha to prepare for migration
AWS Lambda Now Supports Rust & Java 25
AWS announced official Rust runtime support for Lambda on November 17, 2025, alongside Java 25 integration. This marks a significant milestone for Rust developers seeking serverless deployment options with AWS's managed infrastructure.
- Rust Support: Native AWS Lambda runtime for Rust applications
- Java 25: Latest Java LTS version now supported in Lambda
- Performance Benefits: Rust's memory safety and zero-cost abstractions ideal for Lambda cold starts
- Migration Path: Existing custom Rust runtimes can migrate to official support
Azure Developer CLI November Release
Microsoft released Azure Developer CLI (azd) November 2025 update (versions 1.20.1 through 1.21.2) with Container Apps reaching general availability and new layered provisioning in beta.
- Container Apps GA: Production-ready Azure Container Apps support in azd
- Layered Provisioning (Beta): Modular infrastructure-as-code organization
- Extension Framework: Custom azd functionality through extensions
- Aspire 13 Support: .NET Aspire 13 integration for cloud-native development
Microsoft Ignite 2025 Highlights
Microsoft Ignite 2025 (November 18-20) unveiled Azure HorizonDB, a scale-out PostgreSQL database, and Agent 365 (A365), a control plane for deploying and governing AI agents across enterprise environments.
- Azure HorizonDB: Distributed PostgreSQL with horizontal scaling for high-throughput workloads
- Agent 365 (A365): Unified platform for managing AI agents with governance controls
- Developer Impact: Native PostgreSQL compatibility with cloud-scale performance
- AI Integration: Seamless agent deployment across Microsoft 365 and Azure
📬 Never Miss a Developer Update
Get Tech Pulse Daily delivered to your inbox every morning. Security alerts, framework releases, and actionable dev news.
Join 12,000+ developers. Unsubscribe anytime.