crossly-blocking

Bug Fixes

• textarea: avoid interpolating when going back/forward on IE
  • This fixes a Medium Severity XSS vulnerability (CVE-2022-25869).

New Features

• Angular: implement angular.version.vendor
  • This now holds the value "XLTS.dev" for ease of determining if a supported version of AngularJS is running in a given app

FAQ

Updated: March 5, 2024

The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:

1. Migrate off of AngularJS, or
2. Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.