Release Watcher - Next.js v15.2.4

Release list
15.3.2	2025-05-06 RECENT
15.3.1	2025-04-17
15.3.0	2025-04-09
15.2.5	2025-04-08
14.2.28	2025-04-08
14.2.27	2025-04-07
12.3.7	2025-03-28
13.5.11	2025-03-27
12.3.6	2025-03-24
13.5.10	2025-03-24
14.2.26	2025-03-24
15.2.4	2025-03-24
12.3.5	2025-03-23
13.5.9	2025-03-22
15.2.3	2025-03-18
14.2.25	2025-03-17
15.2.2	2025-03-11
15.2.1	2025-03-03
15.2.0	2025-02-26
15.1.7	2025-02-11

Release list

15.3.2

2025-05-06

RECENT

15.3.1

2025-04-17

15.3.0

2025-04-09

15.2.5

2025-04-08

14.2.28

2025-04-08

14.2.27

2025-04-07

12.3.7

2025-03-28

13.5.11

2025-03-27

12.3.6

2025-03-24

13.5.10

2025-03-24

14.2.26

2025-03-24

15.2.4

2025-03-24

12.3.5

2025-03-23

13.5.9

2025-03-22

15.2.3

2025-03-18

14.2.25

2025-03-17

15.2.2

2025-03-11

15.2.1

2025-03-03

15.2.0

2025-02-26

15.1.7

2025-02-11

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary. This release contains a security patch for CVE-2025-29927.

Core Changes

Match subrequest handling for edge and node (#77474)
exclude images and static media from dev origin check (#77417)
ensure /__next middleware URLs are included in the origin check (#77416)
remove direct ip/port bypass in dev origin check (#77414)
switch development origin verification to be opt-in rather than opt-out (#77395)

Credits

Huge thanks to @ijjk and @ztanner for helping!