Angular core version 2.0.1 represents a minor update to the foundational framework for building web applications, evolving from its predecessor, version 2.0.0. Both releases, built by Google's Angular team, share a common bedrock, emphasizing the core principles of component-based architecture and declarative templates. They both rely on specific peer dependencies: RxJS version 5.0.0-beta.12 for reactive programming capabilities and Zone.js version 0.6.21, or a more recent compatible version, for managing asynchronous operations within the Angular application.
The key distinction lies in the specific release. Version 2.0.1, published on September 23, 2016, comes roughly a week after version 2.0.0 which was published on September 15, 2016. This suggests that version 2.0.1 likely includes bug fixes, performance improvements, or small feature enhancements that didn't warrant a major or minor version bump. For developers, upgrading from 2.0.0 to 2.0.1 is advisable, aiming to leverage the incorporated improvements. It’s important to consult the official Angular changelog and release notes for detailed information on the specific changes included in version 2.0.1 compared to 2.0.0. This will ensure a smooth transition and a clear understanding of any potential impact on existing Angular projects. Both versions are distributed under the MIT license and can be accessed via npm.
All the vulnerabilities related to the version 2.0.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
