stack.pulse
#stacks/angular/framework

Angular release notes, breaking changes, and upgrade notes.

The web development framework for building modern apps StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.

source repo$track this stackplan upgraderss
releases
12
breaking
1
security
6
deprecated
4
migrations
3

Get source-linked upgrade notes and occasional sponsor recommendations. No GitHub login required.

what stackpulse tracks

Angular releases from GitHub

StackPulse watches Angular release notes and keeps the original source link close to every summary.

upgrade risk

Breaking changes and deprecations

Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.

migration notes

Source-backed next steps

Migration steps and recommended actions are only shown when the upstream release notes support them.

# latest_releases

source-backed
allbreakingdeprecationmigrationsecurity
v22.1.0-next.3mediummigrationprereleaseJun 26, 2026

22.1.0-next.3

This prerelease version of Angular includes a fix for a migration failure related to tsconfig rootDir specifications.

affected

Users encountering migration failures due to tsconfig rootDir settings are affected.

action

Update to this version if you experience migration failures related to tsconfig rootDir configurations.

view source on github->
v22.0.4mediummigrationJun 26, 2026

22.0.4

This release fixes a migration failure that occurs when the tsconfig specifies a rootDir.

affected

Users who encountered migration failures due to tsconfig rootDir specifications are affected.

action

Update to version 22.0.4 if you experienced migration issues related to tsconfig rootDir.

view source on github->
v22.1.0-next.2mediumfeatureprereleaseJun 25, 2026

22.1.0-next.2

This prerelease includes fixes for compiler, http, service-worker, and other modules, along with a new migration from injectable to service and improved RouterLinkActive handling.

affected

Developers using the Angular framework may need to apply the new migration for injectable to service conversion.

action

Review the new migration for converting injectables to services and update RouterLinkActive usage if handling null or undefined inputs.

release_signals
+Migration from injectable to service
+RouterLinkActive now handles null and undefined inputs
+Support for model() signals in downgradeComponent
view source on github->
v22.0.3mediumfeatureJun 25, 2026

22.0.3

This release contains several bug fixes across the Angular framework, including compiler improvements, core fixes, and service-worker updates.

affected

Developers using Angular's JIT compiler, HTTP client, service worker, or upgrade module may be affected by these fixes.

action

Update to version 22.0.3 to benefit from the bug fixes and improvements.

release_signals
+support model() signals in downgradeComponent for upgrade module compatibility
view source on github->
v22.1.0-next.1mediumsecurityprereleaseJun 17, 2026

22.1.0-next.1

This prerelease includes various bug fixes and performance improvements across Angular's common, compiler, core, http, and migrations modules. Notable changes include security-sensitive handling of iframe credentialless and DOM clobbering guards.

affected

Developers using Angular's core features, especially those working with security-sensitive components like iframes and DOM manipulation, are affected.

action

Update to this version if you're experiencing issues with DOM security or iframe credential handling.

release_signals
!Treat iframe credentialless as security-sensitive to prevent potential security issues
!Guard against DOM clobbering in declareExperimentalWebMcpTool to enhance security
view source on github->
v22.0.2mediumsecurityJun 17, 2026

22.0.2

This patch release includes several bug fixes across common, compiler, core, http, and migrations modules, focusing on security improvements, performance optimizations, and edge case handling.

affected

Users relying on shadow DOM name selectors, transfer cache behavior, or iframe credentialless features may be affected.

action

Update to version 22.0.2 to benefit from security fixes and performance improvements.

release_signals
!Fix for DOM clobbering in declareExperimentalWebMcpTool
!Treat iframe credentialless as security-sensitive
view source on github->
vsix-22.0.1mediumfeatureJun 11, 2026

VSCode Extension: 22.0.1

This release focuses on bug fixes for the VSCode extension, including resolving relative workspace paths and preventing external template inlay hints from appearing in TypeScript files.

affected

Developers using the Angular VSCode extension may experience improved path resolution and inlay hint behavior.

action

Update to the latest version of the VSCode extension for improved functionality.

view source on github->
v22.1.0-next.0mediumdeprecationfeaturesecurityprereleaseJun 10, 2026

22.1.0-next.0

This prerelease introduces several fixes and improvements, including enhanced support for foreign components, HTTP transfer cache optimizations, and deprecation of JSONP support in the HTTP module.

affected

Developers using JSONP functionality in Angular's HTTP module are affected by its deprecation.

action

Migrate from JSONP to standard HTTP requests.

release_signals
!Harden platform location origin validation during SSR (#69184)
!Deprecate `HttpClient.jsonp`, `HttpClientJsonpModule`, and related JSONP classes/functions
+Add custom set option to linkedSignal
+Compile non-exported classes if standalone in language-service
+Typecheck templates requiring inline typecheck blocks in language-service
view source on github->
v22.0.1mediumdeprecationsecurityJun 10, 2026

22.0.1

This release focuses on bug fixes and security improvements across various Angular modules, including common, compiler, core, forms, http, and platform-server.

affected

Developers using Angular's platform-server module for XHR requests are affected by the deprecation.

action

Migrate from XHR to standard `fetch` APIs in `@angular/platform-server`.

release_signals
!Prevent prototype pollution in formatDateTime
!Use cryptographically secure SHA-256 for transfer cache key generation
!Sanitize `href`/`xlink:href` attributes of any element of the MathML namespace
!Harden TransferState restoration against DOM clobbering
!Strips sensitive headers on cross-origin redirects
!XHR support in `@angular/platform-server` is deprecated. Use standard `fetch` APIs instead.
view source on github->
v21.2.17mediumdeprecationsecurityJun 10, 2026

21.2.17

This release focuses on security hardening, bug fixes, and deprecations across Angular's common, compiler, core, http, platform-server, and service-worker modules.

affected

Developers using Angular's platform-server XHR APIs or relying on transfer cache, DOM manipulation, or cross-origin redirects may be affected.

action

Migrate from deprecated XHR APIs to `fetch` and review security-related changes for potential impacts.

release_signals
!Use cryptographically secure SHA-256 for transfer cache key generation
!Harden TransferState restoration against DOM clobbering
!Strips sensitive headers on cross-origin redirects
!Sanitize two-way properties
!Harden platform location origin validation during SSR
!XHR support in `@angular/platform-server` is deprecated. Use standard `fetch` APIs instead.
view source on github->
v20.3.25mediumdeprecationsecurityJun 10, 2026

20.3.25

This release focuses on security hardening, bug fixes, and deprecations across Angular's core modules. Key changes include improved transfer cache security, stricter URL validation, and deprecation of server-side XHR.

affected

Developers using Angular's platform-server XHR APIs or handling sensitive HTTP headers in service workers are most affected.

action

Migrate from platform-server XHR APIs to fetch APIs and review HTTP header handling in service workers.

release_signals
!Use cryptographically secure SHA-256 for transfer cache key generation
!Harden TransferState restoration against DOM clobbering
!Strips sensitive headers on cross-origin redirects
!Rejects non-HTTP(S) URLs in JSONP requests
!Harden platform location origin validation during SSR
!XHR support in `@angular/platform-server` is deprecated. Use standard `fetch` APIs instead.
view source on github->
v22.0.0highbreakingmigrationfeatureJun 3, 2026

22.0.0

This release introduces several new features and fixes, including improved type checking, support for Node.js 26.0.0, and enhanced handling of Angular expressions with optional chaining.

affected

Developers using legacy shadow DOM selectors or deprecated shadow CSS encapsulation polyfills will need to update their code.

action

Review and apply the provided migration schematics to ensure compatibility with Angular 22.0.0.

release_signals
-Remove dedicated support for legacy shadow DOM selectors
-Remove deprecated shadow CSS encapsulation polyfills
+Allow safe navigation to correctly narrow down nullables
+Angular expressions with optional chaining returns `undefined`
+Support comments in HTML elements
+Add support for Node.js 26.0.0
+Add `injectAsync` helper function
migration_steps2 steps
  1. 01Add a schematics to migrate `provideHttpClient` to keep using the `HttpXhrBackend` implementation
  2. 02Add migration to add `ChangeDetectionStrategy.Eager` where applicable
view source on github->