We had an intense time patching React2Shell WAF bypasses together with the best hackers in the world paying out over $1 million in bounties. Additionally, we deployed a runtime mitigation on the Vercel platform that eliminates the RCE vector at the core. As a side effect, the 2 layers of defenses gave us the opportunity to measure the efficacy of the Vercel WAF against React2Shell and we can conclude that it was very effective. Details: https://t.co/P8VrdprBhT