Angular developers considering an upgrade from version 5.2.6 to 5.2.7 of the @angular/core package will find a subtle but important update. Both versions share the same core dependencies, relying on tslib version ^1.7.1, and expect peer dependencies of rxjs version ^5.5.0 and zone.js version ^0.8.4. Crucially, both versions maintain identical file counts (144) and unpacked sizes (7227543 bytes) within their distribution packages. This suggests the changes between the versions are minimal, most likely consisting of bug fixes or very minor performance enhancements, rather than significant feature additions or architectural overhauls impacting the overall size. Both versions are licensed under the MIT license and are part of the official Angular project, obtainable from the same GitHub repository. The key difference lies in the release date: version 5.2.7 was published on February 28, 2018, succeeding version 5.2.6 released on February 22, 2018. For those seeking the most up-to-date fixes within the Angular 5.2.x series, upgrading to 5.2.7 is advisable, although the similarity in metrics means it is unlikely to introduce breaking changes or require significant code adjustments.
All the vulnerabilities related to the version 5.2.7 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
