HeroDevs
Visit Angular NES Home Page

Angular 10

Comprehensive release notes and changelog for Angular 10, including security patches, bug fixes, and feature updates across all supported versions.

5 Patched Vulnerabilities
VEX Statements

Angular

v10.2.16 - March 30, 2026

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-common@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-compiler@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-compiler-cli@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-core@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-elements@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-forms@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-language-service@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-localize@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-platform-browser@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-platform-browser-dynamic@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-platform-server@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-platform-webworker@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-platform-webworker-dynamic@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-router@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-service-worker@10.2.5-angular-10.2.16
    • @neverendingsupport/angular-upgrade@10.2.5-angular-10.2.16
    • @neverendingsupport/zone.js@0.11.2-angular-10.2.16

Security Fixes

  • core: Block creation of sensitive URI attributes from ICU messages.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-27970).

v10.2.15 - February 24, 2026

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-common@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-compiler@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-compiler-cli@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-core@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-elements@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-forms@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-language-service@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-localize@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-platform-browser@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-platform-browser-dynamic@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-platform-server@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-platform-webworker@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-platform-webworker-dynamic@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-router@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-service-worker@10.2.5-angular-10.2.15
    • @neverendingsupport/angular-upgrade@10.2.5-angular-10.2.15
    • @neverendingsupport/zone.js@0.11.2-angular-10.2.15

Security Fixes

  • core: Sanitize sensitive attributes on SVG script elements.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-22610).

v10.2.14 - December 19, 2025

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-common@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-compiler@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-compiler-cli@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-core@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-elements@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-forms@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-language-service@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-localize@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-platform-browser@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-platform-browser-dynamic@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-platform-server@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-platform-webworker@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-platform-webworker-dynamic@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-router@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-service-worker@10.2.5-angular-10.2.14
    • @neverendingsupport/angular-upgrade@10.2.5-angular-10.2.14
    • @neverendingsupport/zone.js@0.11.2-angular-10.2.14

Security Fixes

  • compiler: Prevent stored XSS via SVG animation attributeName and MathML/SVG URLs.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2025-66412).

v10.2.13 - December 4, 2025

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-common@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-compiler@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-compiler-cli@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-core@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-elements@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-forms@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-language-service@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-localize@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-platform-browser@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-platform-browser-dynamic@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-platform-server@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-platform-webworker@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-platform-webworker-dynamic@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-router@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-service-worker@10.2.5-angular-10.2.13
    • @neverendingsupport/angular-upgrade@10.2.5-angular-10.2.13
    • @neverendingsupport/zone.js@0.11.2-angular-10.2.13

Security Fixes

  • common: Prevent Cross-Site Request Forgery (XSRF) token leakage to protocol-relative URLs.
    • This fixes a high-severity Information Exposure vulnerability (CVE-2025-66035).

v10.2.12 - June 16, 2025

Notes

  • This release contains no functional changes from NES v10.2.11.
  • This release implements a new package naming scheme for the Angular packages. More information about the change can be found in the NES Decoupled Namespace Specification.
  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-common@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-compiler@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-compiler-cli@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-core@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-elements@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-forms@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-language-service@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-localize@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-platform-browser@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-platform-browser-dynamic@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-platform-server@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-platform-webworker@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-platform-webworker-dynamic@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-router@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-service-worker@10.2.5-angular-10.2.12
    • @neverendingsupport/angular-upgrade@10.2.5-angular-10.2.12
    • @neverendingsupport/zone.js@0.11.2-angular-10.2.12

v10.2.11 - February 6, 2025

Notes

  • This release contains no functional changes from NES v10.2.10.
  • This release contains only metadata fixes and improvements: Updated licensing information.
  • Full Version: 10.2.5-{PACKAGE_NAME}-10.2.11

v10.2.10 - February 6, 2025

Notes

  • This release adds the following packages: elements, language-service, localize
  • Full Version: 10.2.5-{PACKAGE_NAME}-10.2.10

v10.2.9 - January 28, 2025

Notes

  • This release contains no functional changes from NES v10.2.7.
  • This release contains only metadata fixes and improvements: Updated peer dependency versions.
  • Full Version: 10.2.5-{PACKAGE_NAME}-10.2.9

v10.2.7 - January 28, 2025

Notes

  • This release contains no functional changes from NES v10.2.6.
  • This release contains only metadata fixes and improvements: Updated peer dependency versions.
  • Full Version: 10.2.7-{PACKAGE_NAME}

v10.2.6 - February 8, 2024

Notes

  • Full Version: 10.2.6-{PACKAGE_NAME}

Security Fixes

  • common: Use ContentType: application/json (instead of text/plain) for boolean values with HttpClient request body.
  • compiler: Do not unquote CSS values.
  • core:
    • Do not use Function constructors in development mode to avoid CSP violations.
    • Set style property value to empty string instead of an invalid value.
    • Harden attribute and property binding rules for iframe elements.
    • Ensure sanitizer works if DOMParser returns null body.

Angular CLI

10.2.8 (NES) - September 2025

Notes

  • Full package names and versions
    • @neverendingsupport/angular-cli@10.2.4-angular-cli-10.2.8
    • @neverendingsupport/angular-pwa@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-architect@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-architect-cli@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-build-angular@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-build-ng-packagr@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-build-optimizer@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-build-webpack@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-core@10.2.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-schematics@10.2.4-angular-cli-10.2.8
    • @neverendingsupport/angular-devkit-schematics-cli@0.1002.4-angular-cli-10.2.8
    • @neverendingsupport/ngtools-webpack@10.2.4-angular-cli-10.2.8

Bug Fixes

  • Fixed build issues: updated peer dependency version numbers

10.2.7 (NES) - June 5, 2025

Notes

  • This release contains no functional changes from 10.2.6.
  • Full package names and versions
    • @neverendingsupport/angular-cli@10.2.4-angular-cli-10.2.7
    • @neverendingsupport/angular-pwa@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-architect@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-architect-cli@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-build-angular@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-build-ng-packagr@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-build-optimizer@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-build-webpack@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-core@10.2.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-schematics@10.2.4-angular-cli-10.2.7
    • @neverendingsupport/angular-devkit-schematics-cli@0.1002.4-angular-cli-10.2.7
    • @neverendingsupport/ngtools-webpack@10.2.4-angular-cli-10.2.7

10.2.6 (NES) - March 3, 2025

Security

10.2.5 (NES) - February 24, 2025

Notes

  • This is the initial release of the NES Angular CLI 10.2.x series.