supersonically-starting

Bug Fixes

• $compile: fix mergeConsecutiveTextNodes logic for jQuery v4 preview
• $resource: improve performance when stripping trailing slashes
  • This fixes a Medium Severity ReDoS vulnerability (CVE-2023-26117).
• Angular:
  • collect jQuery nodes between two elements correctly for jQuery v4 preview
  • improve performance of regular expression used in angular.copy
    • This fixes a Medium Severity ReDoS vulnerability (CVE-2023-26116).
• input: make URL_REGEXP less ambiguous
  • This fixes a Medium Severity ReDoS vulnerability (CVE-2023-26118).

FAQ

Updated: March 5, 2024

The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:

1. Migrate off of AngularJS, or
2. Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.