Gatsby Cloud recently addressed a high-risk security vulnerability in its Image CDN service, which allowed the exploitation of arbitrary URLs via a Server Side Request Forgery (SSRF) or Cross Site Scripting (XSS) attack. The issue, identified by security researchers Shubham Shah and Sam Curry, was related to the u= URL parameter on certain routes, affecting only sites with Image CDN enabled. Gatsby released updates to gatsby-plugin-utils and Gatsby Cloud to mitigate the vulnerability, encrypting CDN URLs and preventing unauthorized URL rendering. Site operators are advised to upgrade to the latest version of the plugin or disable the Image CDN to ensure security. Gatsby has informed affected customers and offered guidance on remediation, emphasizing the importance of these updates for maintaining site safety.