Angular 7 Release Notes | HeroDevs Docs

Angular

v7.2.24 - April 9, 2026

Notes

Full package name(s) and version(s):
- @neverendingsupport/angular-animations@7.2.16-angular-7.2.24
- @neverendingsupport/angular-bazel@7.2.16-angular-7.2.24
- @neverendingsupport/angular-common@7.2.16-angular-7.2.24
- @neverendingsupport/angular-compiler@7.2.16-angular-7.2.24
- @neverendingsupport/angular-compiler-cli@7.2.16-angular-7.2.24
- @neverendingsupport/angular-core@7.2.16-angular-7.2.24
- @neverendingsupport/angular-elements@7.2.16-angular-7.2.24
- @neverendingsupport/angular-forms@7.2.16-angular-7.2.24
- @neverendingsupport/angular-http@7.2.16-angular-7.2.24
- @neverendingsupport/angular-language-service@7.2.16-angular-7.2.24
- @neverendingsupport/angular-platform-browser@7.2.16-angular-7.2.24
- @neverendingsupport/angular-platform-browser-dynamic@7.2.16-angular-7.2.24
- @neverendingsupport/angular-platform-server@7.2.16-angular-7.2.24
- @neverendingsupport/angular-platform-webworker@7.2.16-angular-7.2.24
- @neverendingsupport/angular-platform-webworker-dynamic@7.2.16-angular-7.2.24
- @neverendingsupport/angular-router@7.2.16-angular-7.2.24
- @neverendingsupport/angular-service-worker@7.2.16-angular-7.2.24
- @neverendingsupport/angular-upgrade@7.2.16-angular-7.2.24

Security Fixes

core:
- Sanitize sensitive attributes on SVG script elements.
  - This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-22610).
- Block creation of sensitive URI attributes from ICU messages.
  - This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-27970).

Breaking Changes

core

Block creation of sensitive URI attributes from ICU messages:
Translators can no longer introduce URI attributes—attribute values are blocked to avoid malicious links, and sanitization now relies on an allowlist of known attributes (still sanitizing URI ones). Translated ICU content keeps only recognized attributes and drops everything else.

v7.2.23 - December 19, 2025

Notes

Full package name(s) and version(s):
- @neverendingsupport/angular-animations@7.2.16-angular-7.2.23
- @neverendingsupport/angular-bazel@7.2.16-angular-7.2.23
- @neverendingsupport/angular-common@7.2.16-angular-7.2.23
- @neverendingsupport/angular-compiler@7.2.16-angular-7.2.23
- @neverendingsupport/angular-compiler-cli@7.2.16-angular-7.2.23
- @neverendingsupport/angular-core@7.2.16-angular-7.2.23
- @neverendingsupport/angular-elements@7.2.16-angular-7.2.23
- @neverendingsupport/angular-forms@7.2.16-angular-7.2.23
- @neverendingsupport/angular-http@7.2.16-angular-7.2.23
- @neverendingsupport/angular-language-service@7.2.16-angular-7.2.23
- @neverendingsupport/angular-platform-browser@7.2.16-angular-7.2.23
- @neverendingsupport/angular-platform-browser-dynamic@7.2.16-angular-7.2.23
- @neverendingsupport/angular-platform-server@7.2.16-angular-7.2.23
- @neverendingsupport/angular-platform-webworker@7.2.16-angular-7.2.23
- @neverendingsupport/angular-platform-webworker-dynamic@7.2.16-angular-7.2.23
- @neverendingsupport/angular-router@7.2.16-angular-7.2.23
- @neverendingsupport/angular-service-worker@7.2.16-angular-7.2.23
- @neverendingsupport/angular-upgrade@7.2.16-angular-7.2.23

Security Fixes

compiler: Prevent stored XSS via SVG animation attributeName and MathML/SVG URLs.
- This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2025-66412).

v7.2.22 - December 10, 2025

Notes

Full package name(s) and version(s):
- @neverendingsupport/angular-animations@7.2.16-angular-7.2.22
- @neverendingsupport/angular-bazel@7.2.16-angular-7.2.22
- @neverendingsupport/angular-common@7.2.16-angular-7.2.22
- @neverendingsupport/angular-compiler@7.2.16-angular-7.2.22
- @neverendingsupport/angular-compiler-cli@7.2.16-angular-7.2.22
- @neverendingsupport/angular-core@7.2.16-angular-7.2.22
- @neverendingsupport/angular-elements@7.2.16-angular-7.2.22
- @neverendingsupport/angular-forms@7.2.16-angular-7.2.22
- @neverendingsupport/angular-http@7.2.16-angular-7.2.22
- @neverendingsupport/angular-language-service@7.2.16-angular-7.2.22
- @neverendingsupport/angular-platform-browser@7.2.16-angular-7.2.22
- @neverendingsupport/angular-platform-browser-dynamic@7.2.16-angular-7.2.22
- @neverendingsupport/angular-platform-server@7.2.16-angular-7.2.22
- @neverendingsupport/angular-platform-webworker@7.2.16-angular-7.2.22
- @neverendingsupport/angular-platform-webworker-dynamic@7.2.16-angular-7.2.22
- @neverendingsupport/angular-router@7.2.16-angular-7.2.22
- @neverendingsupport/angular-service-worker@7.2.16-angular-7.2.22
- @neverendingsupport/angular-upgrade@7.2.16-angular-7.2.22

Security Fixes

common: Prevent Cross-Site Request Forgery (XSRF) token leakage to protocol-relative URLs.
- This fixes a high-severity Information Exposure vulnerability (CVE-2025-66035).

v7.2.21 - June 16, 2025

Notes

This release contains no functional changes from NES v7.2.20.
This release implements a new package naming scheme for the Angular packages. More information about the change can be found in the NES Decoupled Namespace Specification.
Full package name(s) and version(s):
- @neverendingsupport/angular-animations@7.2.16-angular-7.2.21
- @neverendingsupport/angular-bazel@7.2.16-angular-7.2.21
- @neverendingsupport/angular-common@7.2.16-angular-7.2.21
- @neverendingsupport/angular-compiler@7.2.16-angular-7.2.21
- @neverendingsupport/angular-compiler-cli@7.2.16-angular-7.2.21
- @neverendingsupport/angular-core@7.2.16-angular-7.2.21
- @neverendingsupport/angular-elements@7.2.16-angular-7.2.21
- @neverendingsupport/angular-forms@7.2.16-angular-7.2.21
- @neverendingsupport/angular-http@7.2.16-angular-7.2.21
- @neverendingsupport/angular-language-service@7.2.16-angular-7.2.21
- @neverendingsupport/angular-platform-browser@7.2.16-angular-7.2.21
- @neverendingsupport/angular-platform-browser-dynamic@7.2.16-angular-7.2.21
- @neverendingsupport/angular-platform-server@7.2.16-angular-7.2.21
- @neverendingsupport/angular-platform-webworker@7.2.16-angular-7.2.21
- @neverendingsupport/angular-platform-webworker-dynamic@7.2.16-angular-7.2.21
- @neverendingsupport/angular-router@7.2.16-angular-7.2.21
- @neverendingsupport/angular-service-worker@7.2.16-angular-7.2.21
- @neverendingsupport/angular-upgrade@7.2.16-angular-7.2.21

v7.2.20 - February 5, 2025

Notes

This release contains no functional changes from NES v7.2.19.
This release contains metadata fixes and improvements: Updated licensing information.
Full Version: 7.2.16-{PACKAGE_NAME}-7.2.20

v7.2.19 - January 22, 2025

Notes

This release adds the following packages: bazel, elements, language-service
This release contains metadata fixes and improvements: Updated origination version to 7.2.16.
Full Version: 7.2.16-{PACKAGE_NAME}-7.2.19

v7.2.18 - May 16, 2024

Notes

This release contains no functional changes from NES v7.2.17.
This release contains only metadata fixes and improvements: Updated peer dependency versions.
Full Version: 7.2.15-{PACKAGE_NAME}-7.2.18

v7.2.17 - March 15, 2024

Notes

Full Version: 7.2.17-{PACKAGE_NAME}

Security Fixes

common: Use ContentType: application/json (instead of text/plain) for boolean values with HttpClient request body.
core:
- Ensure sanitizer works if DOMParser returns null body.
- Fix possible XSS vulnerability in development through SSR.
  - This fixes a low-severity Cross-Site Scripting (XSS) vulnerability (CVE-2021-4231).
platform-browser: Prevent memory leak of style nodes if shadow DOM encapsulation is used.

Angular CLI

7.3.14 (NES) - September 2025

Notes

Full package names and versions
- @neverendingsupport/angular-cli@7.3.10-angular-cli-7.3.14
- @neverendingsupport/angular-pwa@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-architect@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-architect-cli@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-build-angular@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-build-ng-packagr@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-build-optimizer@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-build-webpack@0.13.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-core@7.3.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-schematics@7.3.10-angular-cli-7.3.14
- @neverendingsupport/angular-devkit-schematics-cli@0.13.10-angular-cli-7.3.14
- @neverendingsupport/ngtools-webpack@7.3.10-angular-cli-7.3.14

Bug Fixes

Fixed build issues: updated peer dependency version numbers

7.3.13 (NES) - June 5, 2025

Notes

This release contains no functional changes from 7.3.12.
Full package names and versions
- @neverendingsupport/angular-cli@7.3.10-angular-cli-7.3.13
- @neverendingsupport/angular-pwa@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-architect@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-architect-cli@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-build-angular@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-build-ng-packagr@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-build-optimizer@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-build-webpack@0.13.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-core@7.3.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-schematics@7.3.10-angular-cli-7.3.13
- @neverendingsupport/angular-devkit-schematics-cli@0.13.10-angular-cli-7.3.13
- @neverendingsupport/ngtools-webpack@7.3.10-angular-cli-7.3.13

Angular 7

Angular

v7.2.24 - April 9, 2026

Notes

Security Fixes

Breaking Changes

core

v7.2.23 - December 19, 2025

Notes

Security Fixes

v7.2.22 - December 10, 2025

Notes

Security Fixes

v7.2.21 - June 16, 2025

Notes

v7.2.20 - February 5, 2025

Notes

v7.2.19 - January 22, 2025

Notes

v7.2.18 - May 16, 2024

Notes

v7.2.17 - March 15, 2024

Notes

Security Fixes

Angular CLI

7.3.14 (NES) - September 2025

Notes

Bug Fixes

7.3.13 (NES) - June 5, 2025

Notes

7.3.12 (NES) - February 28, 2025

Security

7.3.11 (NES) - February 20, 2025

Notes