changelog: update next.js changelog again

Author: elithrar

src/content/changelog/workers/2025-03-22-next-js-vulnerability-waf.mdx

@@ -12,6 +12,8 @@ date: 2025-03-22T13:00:00Z
 import { Image } from 'astro:assets';
 import managedRuleNextJsAuth from "~/assets/images/changelog/workers/high-res-CVE-2025-29927.gif"
 
+**Update: Mon Mar 24th, 11PM UTC**: Next.js has made further changes to address a smaller vulnerability introduced in the patches made to its middleware handling. Users should upgrade to Next.js versions `15.2.4`, `14.2.26`, `13.5.10` or `12.3.6`. **If you are unable to immediately upgrade or are running an older version of Next.js, you can enable the WAF rule described in this changelog as a mitigation**.
+
 **Update: Mon Mar 24th, 8PM UTC**: Next.js has now [backported the patch for this vulnerability](https://github.com/advisories/GHSA-f82v-jwr5-mffw) to cover Next.js v12 and v13. Users on those versions will need to patch to `13.5.9` and `12.3.5` (respectively) to mitigate the vulnerability.
 
 **Update: Sat Mar 22nd, 4PM UTC**: We have changed this WAF rule to opt-in only, as sites that use auth middleware with third-party auth vendors were observing failing requests.