Angular core version 4.3.0 presents a subtle but important update over its predecessor, 4.2.6, impacting Angular developers in several key areas. Both versions maintain identical dependencies on tslib (^1.7.1), rxjs (^5.0.1), and zone.js (^0.8.4), ensuring a consistent ecosystem for related libraries. The core license remains MIT.
The primary difference resides in the version number itself, indicating bug fixes, performance improvements, or potentially new features introduced in the 4.3.0 release. Developers should consult the official Angular changelog for a granular list of changes, focusing on any breaking changes, deprecated features, or new additions. These changes could range from minor enhancements in the template compiler to more significant modifications in the dependency injection system or change detection mechanisms.
For developers currently using Angular 4.2.6, upgrading to 4.3.0 (after carefully reviewing the changelog) will likely provide a more stable and optimized experience. Newly initiated projects should directly adopt version 4.3.0 to benefit from the latest enhancements and avoid potential compatibility issues down the line. Given the rapid evolution of frontend frameworks, keeping abreast of the latest patch versions is crucial for maintaining a robust and up-to-date Angular application. The release date, just days apart, suggest the changes are not massive, but still worth reviewing for a smooth developer experience.
All the vulnerabilities related to the version 4.3.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
