Angular core version 2.2.4, released on November 30, 2016, represents a minor update over its predecessor, version 2.2.3 (released a week earlier on November 23, 2016). Both versions share identical descriptions, declaring themselves as the "Angular - the core framework," and maintain the same peer dependencies on rxjs version 5.0.0-beta.12 and zone.js version ^0.6.21. This indicates a commitment to compatibility and stability within the evolving Angular ecosystem. The consistent MIT license and repository information reassure developers of the project's open-source nature and readily available resources.
While the core framework remains consistent between these versions, developers might be interested in the subtle changes and bug fixes that likely accompany the version bump. Although specific details of these changes aren't provided in this metadata, upgrading from 2.2.3 to 2.2.4 typically addresses smaller issues, performance improvements, or security patches discovered in the previous release. Developers considering an update should consult the official Angular changelog and release notes for a comprehensive understanding of the changes. This information, available through the Angular GitHub repository, would detail any breaking changes, new features, or specific bug fixes relevant to their projects, ensuring a smooth and informed upgrade path.
All the vulnerabilities related to the version 2.2.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
