Angular core version 4.2.6 represents a minor but important update to the Angular framework, following closely on the heels of version 4.2.5. While both versions share the same core description as "Angular - the core framework" and maintain identical dependencies on tslib (version ^1.7.1) and peer dependencies on rxjs (version ^5.0.1) and zone.js (version ^0.8.4), the key difference lies in their release dates. Version 4.2.6 was released on July 8th, 2017, a little over a week after version 4.2.5, which was released on June 30th, 2017.
This relatively short interval between releases suggests that version 4.2.6 likely includes bug fixes, performance improvements, or minor enhancements that warranted a quick follow-up to the previous stable release. Developers should consider upgrading to version 4.2.6 if they are currently using version 4.2.5 to benefit from these potential improvements and ensure they are running the most stable and up-to-date version of the framework. The library itself, under the MIT license and maintained in the angular/angular Git repository, provides the fundamental building blocks for creating robust and scalable web applications. It remains consistent in its core dependencies, ensuring a smooth transition for developers already familiar with the 4.2.x series.
All the vulnerabilities related to the version 4.2.6 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
