Angular developers looking for a stable core framework update will be interested in the jump from version 7.1.1 to 7.1.2 of @angular/core. Both versions, released in late 2018, share the same fundamental dependencies like tslib (version ^1.9.0), rxjs (version ^6.0.0) and zone.js (version ~0.8.26), and are licensed under MIT. The core functionality, as indicated by the description "Angular - the core framework," remained consistent between releases.
The differences lie primarily in the details of the distributed package. While the file count remains the same at 605 files, the unpacked size experiences a minuscule increase from 19,441,164 bytes in version 7.1.1 to 19,441,211 bytes in version 7.1.2, a difference of only 47 bytes. This suggests that the update likely consists of very minor bug fixes, performance tweaks, or potentially some changes to documentation that would not drastically alter the overall framework size.
The release dates also provide a clue: version 7.1.1 was released on November 28, 2018, while version 7.1.2 followed just over a week later on December 6, 2018. This quick turnaround usually signals that the latter likely addresses issues discovered soon after the initial 7.1.1 release. Developers should consider upgrading to version 7.1.2 to benefit from these potential improvements and ensure they're using the most up-to-date stable build within the 7.1.x series.
All the vulnerabilities related to the version 7.1.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
