1.9.7 (NES / XLTS) - July 18, 2024
Bug Fixes
- *: preserve license file headers in minified files
-
*: use correct names and versions in
bower.json
files
New Features
-
jqLite: add opt-in mode for compatibility with jQuery v4 via
angular.jqLite_jQueryLt4CompatibilityEnabled()
- See Compatibility with jQuery v4 for more information.
1.9.6 (NES / XLTS) - May 21, 2024
Bug Fixes
-
$compile: always sanitize image sources on
<source>
element- This fixes a Medium Severity Content Spoofing vulnerability (CVE-2024-8373).
-
srcset: prevent bypassing image source sanitization with
(ng(Attr/Prop))Srcset
- This fixes a Medium Severity Content Spoofing vulnerability (CVE-2024-8372).
1.9.5 (NES) - February 4, 2024
Notes
-
Fixed deployment script that resulted in
v1.9.4
incorrectly registering asv1.9.5-local+sha.6756ba9
in various places (code headers, angular global object, etc)
1.9.4 (NES) - October 22, 2023
Notes
- Repackaging XLTS for AngularJS as AngularJS NES.
- XLTS merged with HeroDevs in September 2023 and continues to support AngularJS under Never Ending Support (NES).
- AngularJS NES v1.9.4 is functionally equivalent to XLTS for AngularJS v1.9.3.
1.9.3 (XLTS) - August 18, 2023
Bug Fixes
-
$compile: fix a vulnerable performance issue in ng-srcset parsing
- This fixes a High Severity ReDoS vulnerability (CVE-2024-21490).
- route: suppress warning from CodeQL regarding escaping backslash characters
1.9.2 (XLTS) - July 12, 2023
Bug Fixes
- ngAnimate: make animation duration calculation compatible with CSS Animations Level 2
- browserTrigger: fix focus triggering in IE with jQuery >=3.7.0
- bootstrap: no longer trigger RegExp warning in CodeQL scans
1.9.1 (XLTS) - April 4, 2023
Bug Fixes
- $compile: fix mergeConsecutiveTextNodes logic for jQuery v4 preview
-
$resource: improve performance when stripping trailing slashes
- This fixes a Medium Severity ReDoS vulnerability (CVE-2023-26117).
-
Angular:
- collect jQuery nodes between two elements correctly for jQuery v4 preview
- improve performance of regular expression used in angular.copy
- This fixes a Medium Severity ReDoS vulnerability (CVE-2023-26116).
-
input: make
URL_REGEXP
less ambiguous- This fixes a Medium Severity ReDoS vulnerability (CVE-2023-26118).
1.9.0 (XLTS) - May 25, 2022
Bug Fixes
-
textarea: avoid interpolating when going back/forward on IE
- This fixes a Medium Severity XSS vulnerability (CVE-2022-25869).
New Features
-
Angular: implement angular.version.vendor
- This now holds the value "XLTS.dev" for ease of determining if a supported version of AngularJS is running in a given app.
Breaking Changes
-
textarea: Avoid interpolating when going back/forward on IE.
Previously, the HTML contents of<textarea>
elements were interpolated on all browsers. Due to security considerations, the HTML contents of<textarea>
elements are no longer interpolated on Internet Explorer.
If you want to set the<textarea>
element's value by evaluating an AngularJS expression, you can use ng-bind or ng-prop-value. For example:<!-- Before: -->
<textarea>{{ 1 + 2 }}</textarea>
<!-- After: -->
<textarea ng-bind="1 + 2"></textarea>
<!-- ...or... -->
<textarea ng-prop-value="1 + 2"></textarea>
1.8.8 (XLTS) - April 11, 2022
Bug Fixes
-
$filter: fix ReDoS issue in currencyFilter
-
This fixes a Medium Severity ReDoS vulnerability (CVE-2022-25844).
-
-
ngMocks: use a more performant regex in stripQueryAndHash
1.8.7 (XLTS) - September 21, 2021
New Features
-
jqLite: print console warnings for vulnerable HTML input
- This is related to a previous fix for Medium Severity and High Severity vulnerabilities associated with CVE-2020-7676 in 1.8.0.
-
ngCompileExtPreAssignBindings:
- introduce the
ngCompileExtPreAssignBindings
module. Learn more here. -
add types for the
ngCompileExtPreAssignBindings
module
- introduce the
1.8.6 (XLTS) - August 21, 2021
This release fixes the URLs for a number of console error messages and makes improvements to the docs.
Bug Fixes
- docs: linting cleanup of the web worker used for search
- $sce: fix docs URL in iequirks error
- $interpolate: fix docs URL in noconcat error
- jqlite: nosel error points to an invalid URL
- multiple: update error references to use code.angularjs.xlts.dev
1.8.5 (XLTS) - May 29, 2021
Bug Fixes
- fix 68 npm security audit warnings, mostly with the build tooling
- fix 20 GitHub Dependabot security alerts