what stackpulse tracks
Angular releases from GitHub
StackPulse watches Angular release notes and keeps the original source link close to every summary.
#stacks/angular/framework
Angular release notes, breaking changes, and upgrade notes.
The web development framework for building modern apps StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.
releases
12
breaking
1
security
6
deprecated
4
migrations
3
upgrade risk
Breaking changes and deprecations
Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.
migration notes
Source-backed next steps
Migration steps and recommended actions are only shown when the upstream release notes support them.
# latest_releases
source-backedv22.1.0-next.1mediumsecurityprereleaseJun 17, 2026
22.1.0-next.1
This prerelease includes various bug fixes and performance improvements across Angular's common, compiler, core, http, and migrations modules. Notable changes include security-sensitive handling of iframe credentialless and DOM clobbering guards.
affected
Developers using Angular's core features, especially those working with security-sensitive components like iframes and DOM manipulation, are affected.
action
Update to this version if you're experiencing issues with DOM security or iframe credential handling.
release_signals
!Treat iframe credentialless as security-sensitive to prevent potential security issues
!Guard against DOM clobbering in declareExperimentalWebMcpTool to enhance security
v22.0.2mediumsecurityJun 17, 2026
22.0.2
This patch release includes several bug fixes across common, compiler, core, http, and migrations modules, focusing on security improvements, performance optimizations, and edge case handling.
affected
Users relying on shadow DOM name selectors, transfer cache behavior, or iframe credentialless features may be affected.
action
Update to version 22.0.2 to benefit from security fixes and performance improvements.
release_signals
!Fix for DOM clobbering in declareExperimentalWebMcpTool
!Treat iframe credentialless as security-sensitive
v22.1.0-next.0mediumdeprecationfeaturesecurityprereleaseJun 10, 2026
22.1.0-next.0
This prerelease introduces several fixes and improvements, including enhanced support for foreign components, HTTP transfer cache optimizations, and deprecation of JSONP support in the HTTP module.
affected
Developers using JSONP functionality in Angular's HTTP module are affected by its deprecation.
action
Migrate from JSONP to standard HTTP requests.
release_signals
!Harden platform location origin validation during SSR (#69184)
!Deprecate `HttpClient.jsonp`, `HttpClientJsonpModule`, and related JSONP classes/functions
+Add custom set option to linkedSignal
+Compile non-exported classes if standalone in language-service
+Typecheck templates requiring inline typecheck blocks in language-service
v22.0.1mediumdeprecationsecurityJun 10, 2026
22.0.1
This release focuses on bug fixes and security improvements across various Angular modules, including common, compiler, core, forms, http, and platform-server.
affected
Developers using Angular's platform-server module for XHR requests are affected by the deprecation.
action
Migrate from XHR to standard `fetch` APIs in `@angular/platform-server`.
release_signals
!Prevent prototype pollution in formatDateTime
!Use cryptographically secure SHA-256 for transfer cache key generation
!Sanitize `href`/`xlink:href` attributes of any element of the MathML namespace
!Harden TransferState restoration against DOM clobbering
!Strips sensitive headers on cross-origin redirects
!XHR support in `@angular/platform-server` is deprecated. Use standard `fetch` APIs instead.
v21.2.17mediumdeprecationsecurityJun 10, 2026
21.2.17
This release focuses on security hardening, bug fixes, and deprecations across Angular's common, compiler, core, http, platform-server, and service-worker modules.
affected
Developers using Angular's platform-server XHR APIs or relying on transfer cache, DOM manipulation, or cross-origin redirects may be affected.
action
Migrate from deprecated XHR APIs to `fetch` and review security-related changes for potential impacts.
release_signals
!Use cryptographically secure SHA-256 for transfer cache key generation
!Harden TransferState restoration against DOM clobbering
!Strips sensitive headers on cross-origin redirects
!Sanitize two-way properties
!Harden platform location origin validation during SSR
!XHR support in `@angular/platform-server` is deprecated. Use standard `fetch` APIs instead.
v20.3.25mediumdeprecationsecurityJun 10, 2026
20.3.25
This release focuses on security hardening, bug fixes, and deprecations across Angular's core modules. Key changes include improved transfer cache security, stricter URL validation, and deprecation of server-side XHR.
affected
Developers using Angular's platform-server XHR APIs or handling sensitive HTTP headers in service workers are most affected.
action
Migrate from platform-server XHR APIs to fetch APIs and review HTTP header handling in service workers.
release_signals
!Use cryptographically secure SHA-256 for transfer cache key generation
!Harden TransferState restoration against DOM clobbering
!Strips sensitive headers on cross-origin redirects
!Rejects non-HTTP(S) URLs in JSONP requests
!Harden platform location origin validation during SSR
!XHR support in `@angular/platform-server` is deprecated. Use standard `fetch` APIs instead.