Angular core version 2.4.9 represents a minor update within the Angular 2.x series, arriving shortly after version 2.4.8. Both versions share fundamental characteristics, operating under the MIT license and residing within the established Angular framework structure. Key dependencies like RxJS (version ^5.0.1) and Zone.js (version ^0.7.2) remain consistent, ensuring compatibility for existing Angular 2 applications. Developers already using Angular 2.4.8 will find the upgrade to 2.4.9 relatively seamless, as the core API and fundamental principles remain unchanged.
The primary distinction lies in the release date; version 2.4.9 was published on March 2nd, 2017, while version 2.4.8 was released on February 18th, 2017. This roughly two-week gap suggests that version 2.4.9 likely incorporates bug fixes, performance enhancements, and potentially minor feature additions that address issues identified in the preceding version. Angular developers benefit from staying current with these point releases. While specific details of the changes aren't provided in the metadata, upgrading to 2.4.9 provides access to the latest improvements, which can lead to more stable, performant, and secure Angular applications. For developers concerned with maintaining a robust and well-supported Angular project, adopting version 2.4.9 is a recommended practice. Check the official Angular changelog for the extensive list of changes.
All the vulnerabilities related to the version 2.4.9 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
