Angular Versions - Are versions 6 and 7 safe from attacks?
Question
I am using Angular 6 and Angular 7 in different projects. The update to Angular 13 will be very extensive and time consuming. Does anyone know if it is still safe (safe from attacks) to use the old versions? Which version is critical and why?
Thanks already for your answers
2 answers
solution1
1 2022-02-03 13:24:59
It is not safe to use Angular 6 or 7. Currently there is one known low severity vulnerability . But anytime a new vulnerability with high severity could be found. And in this case, Angular will not provide a security fix, as LTS is currently only provided for v11 and beyond, see support policy and schedule . So you should ASAP update to v11.
solution2
0 2022-02-03 13:11:37
Angular recommended to use Angular templates rather than using DOM API such as document, ElementRef etc. Angular does not have control over these DOM API, so it does not provide the protection against security vulnerabilities and attacker can inject malicious code in DOM tree. Source: 1
You should Add CSP (Content Security Policy) To avoid such malicious attacks like XSS. Moreover, use best practices/methods of authentication on angular with back-end to make your App fool proof.
As for the upgrading to Angualr 13. I will recommend you to upgrade to latest lts version ie of right now is ^12.0.0. You will enjoy new rich features and experience a faster angular then before because it is near to ivy compiler.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.