🔒 Security Patch
This release patches the Next.js May 2026 security advisory and CVE-2026-23870 (React Server Components DoS).
Important
All self-hosted users should upgrade immediately.
What's changed
- ⬆️ Upgrade Next.js to
16.2.6 - ⬆️ Upgrade React and React DOM to
19.2.6
Affected surface in Rallly includes middleware, App Router segment-prefetch, Image Optimization, Server Functions, and CSP nonces.
Full Changelog: v4.10.0...v4.10.1