Today, VoidZero joins Cloudflare.
Vite remains MIT, vendor-neutral, and stewarded by the same wider team.
The same goes for Vitest, Rolldown, and Oxc.
Cloudflare is also committing $1M to an OSS fund to support independent development in the Vite ecosystem.
We published three security advisories affecting the dev server.
Only apps using --host are affected.
Update now to the patched versions:
- Vite 8.0.5 / 7.3.2 / 6.4.2
- Vite+ 0.1.16
Links to each vulnerability report below.