v16.2.5

🐛 Bug Fixes

• Addressed High severity vulnerability: Denial of Service with Server Components ([GHSA-8h8q-6873-q5fj]).
• Addressed High severity vulnerability: Middleware / Proxy bypass in App Router applications via segment-prefetch routes ([GHSA-267c-6grr-h53f]).
• Addressed High severity vulnerability: Denial of Service via connection exhaustion in applications using Cache Components ([GHSA-mg66-mrh9-m8jx]).
• Addressed High severity vulnerability: Middleware / Proxy bypass through dynamic route parameter injection ([GHSA-492v-c6pp-mqqv]).
• Addressed High severity vulnerability: Server-side request forgery in applications using WebSocket upgrades ([GHSA-c4j6-fc7j-m34r]).
• Addressed High severity vulnerability: Middleware / Proxy bypass in Pages Router applications using i18n ([GHSA-36qx-fr4f-26g5]).
• Addressed Moderate severity vulnerability: Cross-site scripting in App Router applications using CSP nonces ([GHSA-ffhc-5mcf-pf4q]).
• Addressed Moderate severity vulnerability: Cross-site scripting in beforeInteractive scripts with untrusted input ([GHSA-gx5p-jg67-6x7h]).
• Addressed Moderate severity vulnerability: Denial of Service in the Image Optimization API ([GHSA-h64f-5h5j-jqjh]).
• Addressed Moderate severity vulnerability: Cache poisoning in React Server Component responses ([GHSA-wfc6-r584-vfw7]).
• Addressed Low severity vulnerability: Cache poisoning via collisions in React Server Component cache-busting ([GHSA-vfv6-92ff-j949]).
• Addressed Low severity vulnerability: Middleware / Proxy redirects can be cache-poisoned ([GHSA-3g8h-86w9-wvmq]).