Last 7 days
2
Features: 0
Changes: 0
Fixes: 2
Deprecations: 0
React framework for full-stack web applications.
Latest Next.js changelog updates, official release notes, breaking changes, security patches, pricing changes, and developer reactions in one product feed.
Follow this Next.js release-notes page to spot useful features, risky migrations, noisy announcements, and source links before they hit your backlog.
Changes.Watch links back to official changelog and release-note sources so summaries stay easy to verify.
Use channels to follow groups of tools around a stack, workflow, or topic.
Rolling windows show how many product updates landed in the last 7, 30, 90, and 365 days, grouped by existing changelog semantics.
2
4
15
Published the @next/swc wasm web package that was unintentionally omitted since v15.5.15.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
56
Publish @next/swc wasm web artifact that was missed since v16.2.4
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Release with no code changes to ensure next@latest points to a stable version
Community ratings: 1 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
No code changes in this release.
Community ratings: 1 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes to 15.5.19, excluding new canary features
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported numerous bug fixes across core, Playwright integration, dev-mode hydration, router query handling, cache tag encoding, server action rewrites, Turbopack hash encoding, FormData handling, module type handling, and adapter regio...
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Production build fixes target route generation and CSS ordering.
Community ratings: 35 Useful, 5 Noise, 8 Risky, 2 Broke, 17 Try.
Patched high‑severity vulnerabilities including DoS via server components, middleware/proxy bypasses, SSRF in WebSocket upgrades, and cache poisoning in React Server Component responses.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Address multiple high, moderate, and low severity security advisories (DoS, SSRF, XSS, cache poisoning, and middleware proxy bypass)
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Patched multiple high‑severity security vulnerabilities (DoS, SSRF, proxy bypass, cache poisoning, XSS) across Server Components, Middleware, and Image Optimization.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Patched high‑severity vulnerabilities such as denial‑of‑service, proxy bypass, SSRF, and cache exhaustion across server components, middleware, and caching layers.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Docs explain stricter remote image matching with clearer examples.
Community ratings: 12 Useful, 5 Noise, 2 Risky, 0 Broke, 4 Try.
Bump reqwest to 0.13.2, fixing Google Fonts handling on Windows ARM64
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fixed the vulnerability identified as CVE‑2026‑23869
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported security fixes addressing CVE‑2026‑23869.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes and stability improvements, including CSS HMR on Safari and glibc Linux CI fixes.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes for core and Turbopack, including adapter output handling, server actions in standalone mode, and layout segment optimization.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Add LRU disk cache and images.maximumDiskCacheSize option to next/image (feature).
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Added many experimental and performance features such as strict route type checking, new routing package, CPU profiling flag, custom cache handlers, LRU cache with invocation IDs, gesturePush, and Claude Code plugin marketplace; expanded...
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes from the canary branch.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fixed multiple security vulnerabilities (CVE‑2026‑27977‑27980, CVE‑2026‑29057) and prevented request smuggling and unsafe websocket connections.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backports bug fixes from canary without including all pending features
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fixed memory leak in span map and ensured LRU cache items have a minimum size to prevent unbounded growth.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes from the canary release.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Security update addressing CVE-2025-59471, CVE-2025-59472, and CVE-2026-23864.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Addresses a critical security vulnerability.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fix security vulnerabilities identified in CVE-2025-59471 and CVE-2025-59472
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Imported from changelog source; review and generate a concise summary before publishing.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Imported from changelog source; review and generate a concise summary before publishing.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applied security patch addressing identified vulnerabilities.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Security patch released to address a vulnerability.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Addresses security vulnerabilities in the application.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backports bug fixes without including pending canary features
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported key bug fixes to the stable release.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Update Turbopack's SWC core to v50.2.3, fixing crashes with MDX files containing multibyte characters
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes from the canary channel to v16.1.1.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Added a built‑in bundle analyzer (next analyze) and multiple Turbopack experimental features, improving build insights and source‑map handling.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applied a security patch to address vulnerabilities.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applied security update to address vulnerabilities in Next.js.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applied security patch for Next.js vulnerabilities
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applied Next.js security update to patch known vulnerabilities
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Security patch released for Next.js vulnerabilities.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applies Next.js security update to patch vulnerabilities.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applied security patch for Next.js
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Applies a security patch for Next.js to address known vulnerabilities
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes from the canary release
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fix for CVE-2025-66478 vulnerability.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Addressed security vulnerability CVE-2025-66478
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Addresses security vulnerability CVE-2025-66478.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fixes security vulnerability CVE‑2025‑66478
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Imported from changelog source; review and generate a concise summary before publishing.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fixes vulnerability identified in CVE‑2025‑66478.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Fixed security vulnerability referenced as CVE-2025-66478.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backported bug fixes from canary; not all pending features are included.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Backports bug fixes without adding pending features from canary.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.
Rename proxy.js to middleware.js in the NFT module.
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.