v16.4.2 is a patch release. Key changes include:

• Fix a potential XSS vulnerability when the attacker controls an attribute name (CVE-2018-6341). This fix is available in the latest react-dom@16.4.2, as well a…;
• Fix a crash in the server renderer when an attribute is called hasOwnProperty. This fix is only available in react-dom@16.4.2. (@gaearon in #13303).

v16.4.1 is a patch release. Key changes include:

• You can now assign propTypes to components returned by React.ForwardRef. (@bvaughn in #12911);
• Fix a crash when the input type changes from some other types to text. (@spirosikmd in #12135).

v16.4.0 is a minor release. Key changes include:

• Add a new experimental React.unstable_Profiler component for measuring performance. (@bvaughn in #12745);
• Add support for the Pointer Events specification. (@philipp-spiess in #12507).

v16.3.2 is a patch release. Key changes include:

• Improve the error message when passing null or undefined to React.cloneElement. (@nicolevy in #12534);
• Fix an IE crash in development when using . (@bvaughn in #12546).

v16.3.1 is a patch release. Key changes include:

• Fix a false positive warning in IE11 when using Fragment. (@heikkilamarko in #12504);
• Prefix a private API. (@Andarist in #12501).

v16.3.0 is a minor release. Key changes include:

• Add a new officially supported context API. (@acdlite in #11818);
• Add a new React.createRef() API as an ergonomic alternative to callback refs. (@trueadm in #12162).

v16.4.2 is a patch release. Key changes include:

• Fix a potential XSS vulnerability when the attacker controls an attribute name (CVE-2018-6341). This fix is available in the latest react-dom@16.4.2, as well a…;
• Fix a crash in the server renderer when an attribute is called hasOwnProperty. This fix is only available in react-dom@16.4.2. (@gaearon in #13303).

v16.4.1 is a patch release. Key changes include:

• You can now assign propTypes to components returned by React.ForwardRef. (@bvaughn in #12911);
• Fix a crash when the input type changes from some other types to text. (@spirosikmd in #12135).

v16.4.0 is a minor release. Key changes include:

• Add a new experimental React.unstable_Profiler component for measuring performance. (@bvaughn in #12745);
• Add support for the Pointer Events specification. (@philipp-spiess in #12507).

v16.3.2 is a patch release. Key changes include:

• Improve the error message when passing null or undefined to React.cloneElement. (@nicolevy in #12534);
• Fix an IE crash in development when using . (@bvaughn in #12546).

v16.3.1 is a patch release. Key changes include:

• Fix a false positive warning in IE11 when using Fragment. (@heikkilamarko in #12504);
• Prefix a private API. (@Andarist in #12501).

v16.3.0 is a minor release. Key changes include:

• Add a new officially supported context API. (@acdlite in #11818);
• Add a new React.createRef() API as an ergonomic alternative to callback refs. (@trueadm in #12162).