Angular 22.0.0-next.6 Release: Security Fixes and Stability Improvements
The latest Angular release, 22.0.0-next.6, includes several significant fixes for security vulnerabilities and critical bugs. One notable fix registers SVG animation attributes in the URL security context, addressing a potential security issue. Another fix prevents recursive scope checks for invalid NgModule imports, improving the overall stability of the framework. Additionally, the release includes a fix to treat object[data] as a resource URL context, further enhancing security. The localize package has also been updated to validate locales and prevent path traversal. The migrations package now adds strictTemplates to tsconfig during ng update. The router package has been updated to pass outlet context to split, fixing empty path named outlets. These changes have a substantial impact on the security and stability of the Angular framework, making it essential for developers to review and update their applications. To learn more, read the release notes and review the migration steps.