diff --git a/astro.config.ts b/astro.config.ts
index ba38e224c12dd73..8b43468653a27ff 100644
--- a/astro.config.ts
+++ b/astro.config.ts
@@ -69,6 +69,14 @@ export default defineConfig({
 			rehypeTitleFigure,
 		],
 	},
+	image: {
+		service: {
+			entrypoint: "astro/assets/services/sharp",
+			config: {
+				limitInputPixels: false,
+			},
+		},
+	},
 	experimental: {
 		contentIntellisense: true,
 	},
diff --git a/src/content/changelog/workers/2025-03-22-next-js-vulnerability-waf.mdx b/src/content/changelog/workers/2025-03-22-next-js-vulnerability-waf.mdx
index 549d4548edc44d2..a413a32723f860b 100644
--- a/src/content/changelog/workers/2025-03-22-next-js-vulnerability-waf.mdx
+++ b/src/content/changelog/workers/2025-03-22-next-js-vulnerability-waf.mdx
@@ -10,12 +10,13 @@ date: 2025-03-22T13:00:00Z
 ---
 
 import { Image } from 'astro:assets';
+import managedRuleNextJsAuth from "~/assets/images/changelog/workers/high-res-CVE-2025-29927.gif"
 
 **Update**: We have changed this WAF rule to opt-in only, as sites that use auth middleware with third-party auth vendors were observing failing requests.
 
 **We strongly recommend updating your version of Next.js (if eligible)** to the patched versions, as your app will otherwise be vulnerable to an authentication bypass attack regardless of auth provider.
 
-## Enable the Managed Rule (strongly recommended)
+### Enable the Managed Rule (strongly recommended)
 
 This rule is opt-in only for sites on the Pro plan or above in the [WAF managed ruleset](/waf/managed-rules/).
 
@@ -29,9 +30,11 @@ To enable the rule:
 6. Click **Next**
 7. Scroll down and choose **Save**
 
+<Image src={managedRuleNextJsAuth} alt="Enable the CVE-2025-29927 rule" width="1280" height="1039" />
+
 This will enable the WAF rule and block requests with the `x-middleware-subrequest` header regardless of Next.js version.
 
-## Create a WAF rule (manual)
+### Create a WAF rule (manual)
 
 For users on the Free plan, or who want to define a more specific rule, you can create a [Custom WAF rule](/waf/custom-rules/create-dashboard/) to block requests with the `x-middleware-subrequest` header regardless of Next.js version.
 
@@ -50,7 +53,7 @@ To create a custom rule:
 
 ![Next.js CVE-2025-29927 WAF rule](src/assets/images/changelog/workers/waf-rule-cve-2025-29927.png)
 
-## Next.js CVE-2025-29927
+### Next.js CVE-2025-29927
 
 We've made a WAF (Web Application Firewall) rule available to all sites on Cloudflare to protect against the [Next.js authentication bypass vulnerability](https://github.com/advisories/GHSA-f82v-jwr5-mffw) (`CVE-2025-29927`) published on March 21st, 2025.