15.14.2: Reliability and security patch: <base> tag, cy.wait(), and simple-git RCE
Released Released on April 28, 2026
Apps using <base target="_top"> or <base target="_parent"> no longer escape the Cypress iframe during test runs. This release also fixes a cy.wait() teardown crash on multi-alias retries, a config reload race in cypress open, and patches a simple-git Remote Code Execution vulnerability.