Security concern: @nestjs/platform-express depends on vulnerable multer version | NestJS | Page 1

gray roost · 2025-05-28T19:06:33.872Z

Hi team, does the core team plan to support multer@2.0.0 in future versions of @nestjs/platform-express soon? Current version depends on a vulnerable release (GHSA-3rfm-9rg2-4m5j). Thanks!

gray roost Hi team, does the core team plan to support [email protected] in future versions of @...

Hi, it`s already supported
https://github.com/nestjs/nest/releases/tag/v11.1.2
https://github.com/nestjs/nest/releases/tag/v10.4.18

GitHub

Release v11.1.2 · nestjs/nest

v11.1.2 (2025-05-26)
Bug fixes

microservices

#15172 fix(microservices): support custom strategy in async usefactory config (@mag123c)
#15166 fix(microservice): prevent error logs during redis cli...

GitHub

Release v10.4.18 · nestjs/nest

v10.4.18 (2025-05-26)
Dependencies

platform-express

chore(deps): bump multer from 1.4.5-lts.2 to 2.0.0

#Security concern: @nestjs/platform-express depends on vulnerable multer version