Skip to content
Changelog Hub

next 15.2.3

npm / next / 15.2.3 source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary. This release contains a security patch for CVE-2025-29927.

Core Changes

  • Update default allowed origins list (#77212)
  • unify allowed origin detection handling (#77053)
  • Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
  • Ensure deploymentId is used for CSS preloads (#77210)
  • Update middleware request header (#77201)
  • [metadata] remove the default segement check for metadata rendering (#77119)
  • [ts-hint] fix vscode type hint plugin enabling (#77099)
  • [metadata] re-insert icons to head for streamed metadata (#76915)

Credits

Huge thanks to @ijjk, @ztanner, and @huozhi for helping!