no notes
| Release list | ||
|---|---|---|
| 16.2.1 | RECENT | |
| 15.5.14 | RECENT | |
| 16.2.0 | RECENT | |
| 15.5.13 | RECENT | |
| 16.1.7 | RECENT | |
| 15.5.12 | ||
| 15.5.11 | ||
| 16.1.6 | ||
| 16.1.5 | ||
| 16.0.11 | ||
| 15.5.10 | ||
| 15.4.11 | ||
| 15.3.9 | ||
| 15.2.9 | ||
| 15.1.12 | ||
| 15.0.8 | ||
| 16.1.4 | ||
| 16.1.3 | ||
| 16.1.2 | ||
| 16.1.1 | ||
Next.js
- project on GitHub > vercel/next.js
- last check : with 0 version(s) added
notes:
no notes
Release notes:
[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
- [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
- Apply server actions transform to node_modules in route handlers (#89380)
- ensure
maxPostponedStateSizeis always respected (See: CVE-2026-27979) - feat(next/image): add lru disk cache and
images.maximumDiskCacheSize(See: CVE-2026-27980) - Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
- Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
- fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)
Credits
Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!