Enhance v16.1.x release notes based on review feedback

- Add version compatibility matrix table
- Add Security Enhancements section with PR references
- Add Common Upgrade Issues section for troubleshooting
- Add Pro License Features section with link to Pro
- Clarify generator improvements only affect new installations
- Add author attribution to all bug fix entries

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: justin808

docs/upgrading/release-notes/16.1.0.md

@@ -24,6 +24,16 @@ Then run `bundle install` and your package manager's install command.
 
 **Important:** The shakapacker gem and npm package versions must match exactly.
 
+## Version Compatibility
+
+| Component   | Minimum | Recommended |
+| ----------- | ------- | ----------- |
+| Ruby        | 3.2     | 3.3+        |
+| Node.js     | 20      | 22+         |
+| Shakapacker | 8.2.0   | 8.2.0+      |
+| React       | 18      | 18+         |
+| Rails       | 6.1     | 7.0+        |
+
 ## New Features in v16.1.0
 
 ### Doctor Rake Task
@@ -52,28 +62,74 @@ end
 
 ### Generator Improvements
 
+**Note:** These improvements only affect newly generated code from `rails g react_on_rails:install` or component generators. Existing applications are unaffected.
+
 - Modern TypeScript patterns with better type inference
 - Optimized tsconfig.json with `"moduleResolution": "bundler"`
 - Enhanced Redux TypeScript integration
 - Smart `bin/dev` defaults
 
+## Security Enhancements
+
+v16.1.0 includes important security improvements:
+
+- **Command injection protection**: Fixed command injection vulnerabilities in generator package installation commands by replacing unsafe string interpolation with secure array-based system calls ([PR 1786](https://github.com/shakacode/react_on_rails/pull/1786)) by [justin808](https://github.com/justin808)
+- **Improved input validation**: Enhanced package manager validation and argument sanitization across all generators ([PR 1786](https://github.com/shakacode/react_on_rails/pull/1786)) by [justin808](https://github.com/justin808)
+- **Hardened DOM selectors**: Using `CSS.escape()` and proper JavaScript escaping for XSS protection ([PR 1791](https://github.com/shakacode/react_on_rails/pull/1791)) by [AbanoubGhadban](https://github.com/AbanoubGhadban)
+
 ## Bug Fixes
 
 ### v16.1.1
 
-- Fixed RSC manifest file path resolution ([PR 1818](https://github.com/shakacode/react_on_rails/pull/1818))
+- Fixed RSC manifest file path resolution ([PR 1818](https://github.com/shakacode/react_on_rails/pull/1818)) by [AbanoubGhadban](https://github.com/AbanoubGhadban)
 
 ### v16.1.0
 
-- Fixed LoadError in `rake react_on_rails:doctor` when using packaged gem
-- Fixed packs generator error when `server_bundle_js_file` is empty
-- Fixed NoMethodError in environments without Shakapacker
-- Fixed inconsistent Shakapacker version requirements
+- Fixed LoadError in `rake react_on_rails:doctor` when using packaged gem ([PR 1795](https://github.com/shakacode/react_on_rails/pull/1795)) by [justin808](https://github.com/justin808)
+- Fixed packs generator error when `server_bundle_js_file` is empty ([PR 1802](https://github.com/shakacode/react_on_rails/pull/1802)) by [justin808](https://github.com/justin808)
+- Fixed NoMethodError in environments without Shakapacker ([PR 1806](https://github.com/shakacode/react_on_rails/pull/1806)) by [justin808](https://github.com/justin808)
+- Fixed inconsistent Shakapacker version requirements ([PR 1806](https://github.com/shakacode/react_on_rails/pull/1806)) by [justin808](https://github.com/justin808)
 
 ## Deprecations
 
 Remove `config.generated_assets_dirs` from your configuration - asset paths are now automatically determined from `shakapacker.yml`.
 
+## Common Upgrade Issues
+
+### Shakapacker Version Mismatch
+
+**Symptom:** Assets fail to compile or inconsistent behavior between development and production.
+
+**Solution:** Ensure your Shakapacker gem and npm package versions match exactly:
+
+```bash
+# Check gem version
+bundle show shakapacker
+
+# Check npm version
+npm list shakapacker
+# or
+yarn list shakapacker
+```
+
+Both should show the same version (e.g., 8.2.0).
+
+### Missing Server Bundle After Upgrade
+
+**Symptom:** Server-side rendering fails with "bundle not found" errors.
+
+**Solution:** If you're using `server_bundle_output_path`, ensure the directory exists and your build process outputs to that location. Run `rake react_on_rails:doctor` to diagnose configuration issues.
+
+## Pro License Features
+
+v16.1.0 introduced foundational changes for React on Rails Pro, including:
+
+- Core/Pro separation with clear licensing boundaries
+- Runtime license validation with graceful fallback
+- Enhanced immediate hydration (Pro-only feature)
+
+These changes are internal and do not affect open-source users. For information about Pro features like streaming SSR, React Server Components, and enhanced performance optimizations, see [React on Rails Pro](https://www.shakacode.com/react-on-rails-pro/).
+
 ## Related Resources
 
 - [Changelog](https://github.com/shakacode/react_on_rails/blob/master/CHANGELOG.md)