Next.js / update detail

v15.5.18

Official Next.js changelog summary with source attribution, release tags, and community reactions.

Track this Next.js release note alongside related changelog updates, risky changes, and weekly digest signals from the developer community.

Next.js4 weeks agoMay 7, 2026, 08:18 PMUsefulAI-assisted summary

score 0

~Patched high‑severity vulnerabilities including DoS via server components, middleware/proxy bypasses, SSRF in WebSocket upgrades, and cache poisoning in React Server Component responses.
~Fixed moderate and low‑severity issues such as XSS in App Router CSP nonces and beforeInteractive scripts, DoS in Image Optimization API, and cache poisoning via route parameter injection.

Security-relevantsecuritysource needs review

official source

Verify the original release note

Every summary should remain traceable to the original changelog or release source.

AI-assisted summarysource needs review

related updates

Next.js4 days agoJun 1, 2026, 08:09 PMUsefulAI-assisted summary

score 0

bugfixminor