This week's update includes a critical security patch for a DoS vulnerability in the Arbitrum SDK and a core software fix to restore the censorship-resistant 'force inclusion' mechanism.

We've shipped two important updates to bolster the security and robustness of the Arbitrum ecosystem. The first is a security patch for the Arbitrum SDK, which addresses a Denial-of-Service (DoS) vulnerability (GHSA-qj8w-gfj5-8c6v) found in the `serialize-javascript` dependency. The second is a fix within the core Arbitrum software for the 'force inclusion' mechanism, a key feature for ensuring transaction finality. The SDK patch was necessary to protect decentralized applications built with our tools from potential DoS attacks, which could disrupt service and degrade user experience. The fix was implemented by allowlisting the vulnerable package. The 'force inclusion' mechanism is a fundamental component of Arbitrum's censorship resistance strategy; it allows users to bypass a potentially censoring L2 sequencer by submitting their transactions directly on L1. The recent bug fix restores this critical functionality, ensuring users always have a trustless path to get their transactions included on the L2. For developers, the immediate impact is the need to update the Arbitrum SDK in their projects to inherit the security benefits of the DoS patch. This simple action safeguards applications and their users. The core software fix, while not requiring direct action from most dapp developers, strengthens the underlying security guarantees of the entire Arbitrum network. This enhances platform reliability and reinforces developer and user confidence in the protocol's commitment to decentralization and censorship resistance.