Angular core version 8.2.8 introduces subtle refinements to the foundational framework compared to its predecessor, version 8.2.7. While both versions share identical dependencies on tslib (version ^1.9.0) and peer dependencies on rxjs (version ^6.4.0) and zone.js (version ~0.9.1), indicating compatibility with related libraries, the key difference lies in the release timeline. Version 8.2.8 emerged on September 25, 2019, a week after 8.2.7, released on September 18, 2019.
Both packages, under the MIT license and maintained in the angular/angular git repository, provide the core functionalities for building robust web applications. The identical fileCount (614) and unpackedSize (25932925 bytes) for both versions suggest the changes between may be focused on bug fixes or performance improvements rather than large-scale features. If you are already using angular core 8.2.7, upgrading to 8.2.8 is recommended, especially as it may contain bug fixes not listed in the package description that may improve stability or reduce security risks. Always check the detailed changelog on the angular repository to ensure smooth upgrades and compatibility for enterprise-level angular projects.
All the vulnerabilities related to the version 8.2.8 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
