FIND-20260413-010 · 2026-04-13 · Innovation Veille

Next.js 16.2.2 LTS: Security Fixes, ~400% Faster Dev Startup

release HIGH
Next.js 16.2.2 LTS is the current recommended release (April 2026). Key changes: patches CVE-2026-27979 (DoS via unbounded request buffering) and CVE-2026-29057 (HTTP request smuggling via chunked encoding); fixes streaming fetch hangs; enforces maxPostponedStateSize; adds image LRU disk cache; blocks privacy-sensitive dev websockets; patches http-proxy dependency. Performance: ~400% faster next dev startup, ~50% faster rendering via Turbopack. ODS last-versions shows 16.2.3 which is already ahead.

Source

https://releasebot.io/updates/vercel/next-js

ODS Impact

ODS Dashboard (Next.js 16.x). Two CVEs fixed in this release affect the dashboard. Verify ods-dashboard is on 16.2.3 or later and that package-lock.json reflects patched http-proxy.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

nextjs release security dashboard frontend lts
Generated by ODS Innovation Veille · 2026-04-13T07:09:39+00:00