HeroDevs
Visit Angular NES Home Page

Angular 5

Comprehensive release notes and changelog for Angular 5, including security patches, bug fixes, and feature updates across all supported versions.

4 Patched Vulnerabilities
VEX Statements

Angular

v5.2.18 - May 5, 2026

Notes

Security Fixes

  • core: Sanitize sensitive attributes on SVG script elements.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-22610).

v5.2.17 - December 19, 2025

Notes

Security Fixes

  • compiler: Prevent stored XSS via SVG animation attributeName and MathML/SVG URLs.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2025-66412).

v5.2.16 - December 10, 2025

Notes

Security Fixes

  • common: Prevent Cross-Site Request Forgery (XSRF) token leakage to protocol-relative URLs.
    • This fixes a high-severity Information Exposure vulnerability (CVE-2025-66035).

v5.2.15 - June 16, 2025

Notes

v5.2.14 - February 6, 2025

Notes

  • This release contains no functional changes from NES v5.2.13.
  • This release contains metadata fixes and improvements: Updated licensing information.
  • Full Version: 5.2.11-{PACKAGE_NAME}-5.2.14

v5.2.13 - January 10, 2025

Notes

  • This release contains no functional changes from NES v5.2.12.
  • This release contains metadata fixes and improvements: Updated package.json files.
  • Full Version: 5.2.11-{PACKAGE_NAME}-5.2.13

v5.2.12 - January 9, 2025

Notes

  • Full Version: 5.2.11-{PACKAGE_NAME}-5.2.12

Security Fixes

  • common: Use ContentType: application/json (instead of text/plain) for boolean values with HttpClient request body.
  • core:
    • Ensure sanitizer works if DOMParser returns null body.
    • Fix possible XSS vulnerability in development through SSR.
      • This fixes a low-severity Cross-Site Scripting (XSS) vulnerability (CVE-2021-4231).
  • platform-browser: Prevent memory leak of style nodes if shadow DOM encapsulation is used.