docs: add changelog entry for React/Next.js security update (CVE-2025-66478) (#2515)

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Catherine Deskur <catherine@buildwithfern.com>

Author: devin-ai-integration[bot]

fern/products/docs/pages/changelog/2025-12-04.mdx

@@ -0,0 +1,27 @@
+## Security update: React Server Components vulnerability patched
+
+We've updated our platform to address a critical security vulnerability (CVE-2025-66478) in React Server Components. This vulnerability, rated CVSS 10.0, could allow remote code execution when processing attacker-controlled requests in unpatched environments.
+
+The vulnerability originates in the upstream React implementation (CVE-2025-55182) and affects Next.js applications using the App Router with React Server Components.
+
+### What we did
+
+We upgraded our platform dependencies to the patched versions:
+
+- **Next.js**: Updated from 15.5.4 to 15.5.7
+- **React**: Updated from 19.0.0 to 19.0.1
+- **React-DOM**: Updated from 19.0.0 to 19.0.1
+
+These versions include the hardened React Server Components implementation that resolves the vulnerability.
+
+### Impact on Fern users
+
+No action is required from Fern Docs users. The security patch has been applied to all Fern-hosted documentation sites automatically.
+
+For self-hosted deployments, we recommend updating to the latest Fern platform version to ensure you have the security fix.
+
+### References
+
+- [Next.js Security Advisory: CVE-2025-66478](https://nextjs.org/blog/CVE-2025-66478)
+- [Next.js 15.5.7 Release](https://github.com/vercel/next.js/releases/tag/v15.5.7)
+- [React 19.0.1 Release](https://github.com/facebook/react/releases/tag/v19.0.1)