Note
This release is backporting bug fixes. It does not include all pending features/changes on canary.
This release contains a security patch for CVE-2025-29927.
Core Changes
- Update default allowed origins list (#77212)
- unify allowed origin detection handling (#77053)
- Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
- Ensure deploymentId is used for CSS preloads (#77210)
- Update middleware request header (#77201)
- [metadata] remove the default segement check for metadata rendering (#77119)
- [ts-hint] fix vscode type hint plugin enabling (#77099)
- [metadata] re-insert icons to head for streamed metadata (#76915)