XLTS for AngularJS v1.5.16 Released
Jun 8, 2022
Mar 5, 2024
exploitatively-ceasing
Bug Fixes
- textarea: avoid interpolating when going back/forward on IE
- This fixes a Medium Severity XSS vulnerability (CVE-2022-25869).
- This fix was cherry-picked from the v1.9.x branch
- input: prevent browsers from autofilling hidden inputs
- Autofilling with previous values (which will then be
$interpolated) could lead to XSS or errors - This fix was cherry-picked from the v1.8.x branch
- Autofilling with previous values (which will then be
New Features
- Angular: implement angular.version.vendor
- This now holds the value "XLTS.dev" for ease of determining if a supported version of AngularJS is running in a given app
FAQ
Updated: March 5, 2024
The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:
- Migrate off of AngularJS, or
- Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.
Jun 8, 2022
Mar 5, 2024