XLTS for AngularJS v1.5.13 Released

venerably-shielding

‍

Bug Fixes

• jqLite: prevent possible XSS due to regex-based HTML replacement
  • This fixes Medium Severity and High Severity vulnerabilities associated with CVE-2020-7676.
  • This fix was cherry-picked from the v1.8.x branch.
• docs: remove extra . in error link URLs

‍

New Features

• jqLite: print warnings for problematic HTML input

‍

Breaking Changes

jqLite due to:

• jqLite: prevent possible XSS due to regex-based HTML replacement

See https://jquery.com/upgrade-guide/3.5/. This applies a similar change to jqLite. Using self-closing tags in HTML is no longer supported.

‍

FAQ

Updated: March 5, 2024

The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:

1. Migrate off of AngularJS, or
2. Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.