Angular core version 4.3.5 is a minor update to the core framework, released on August 16, 2017, succeeding version 4.3.4, which was released just days prior, on August 10, 2017. Both versions share fundamental characteristics: They are described as "Angular - the core framework," use the MIT license, and depend on tslib version 1.7.1 or higher. Consistent peer dependencies on rxjs version 5.0.1 and zone.js version 0.8.4 indicate that the underlying architecture remains stable. For developers, this means that upgrading from 4.3.4 to 4.3.5 should be relatively straightforward, minimizing the risk of breaking changes.
Given the proximity of the release dates (less than a week) and identical dependency specifications, the changes between 4.3.4 and 4.3.5 are likely bug fixes, performance enhancements, or very minor feature additions, rather than significant architectural alterations. While the provided data doesn't detail these specific changes, developers considering an upgrade should consult the official Angular changelog or release notes for a comprehensive list of modifications. In general, applying minor updates like this is recommended to benefit from the latest improvements and ensure compatibility with other Angular ecosystem libraries. The update is available through npm under the @angular/core package.
All the vulnerabilities related to the version 4.3.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
