HeroDevs
Visit Angular NES Home Page

Angular 19

Comprehensive release notes and changelog for Angular 19, including security patches, bug fixes, and feature updates across all supported versions.

1 Patched Vulnerability
VEX Statements

Angular Core

v19.2.20 - March 13, 2026

Notes

  • This release contains no functional change from the OSS Angular v19.2.19.
  • This release mainlines OSS v19.2.19 into NES v19.2.20.
  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-common@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-compiler@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-compiler-cli@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-core@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-elements@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-forms@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-language-service@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-localize@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-platform-browser@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-platform-browser-dynamic@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-platform-server@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-router@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-service-worker@19.2.19-angular-19.2.20
    • @neverendingsupport/angular-upgrade@19.2.19-angular-19.2.20

Security Fixes

  • core: Block creation of sensitive URI attributes from ICU messages.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-27970).

Breaking Changes

core
  • Block creation of sensitive URI attributes from ICU messages:
    Translators can no longer introduce URI attributes—attribute values are blocked to avoid malicious links, and sanitization now relies on an allowlist of known attributes (still sanitizing URI ones). Translated ICU content keeps only recognized attributes and drops everything else.

v19.2.19 - January 27, 2026

Notes

  • This release contains no functional change from the OSS Angular v19.2.18.
  • This release mainlines OSS v19.2.18 into NES v19.2.19.
  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-common@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-compiler@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-compiler-cli@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-core@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-elements@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-forms@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-language-service@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-localize@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-platform-browser@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-platform-browser-dynamic@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-platform-server@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-router@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-service-worker@19.2.18-angular-19.2.19
    • @neverendingsupport/angular-upgrade@19.2.18-angular-19.2.19

Angular CLI

v19.2.20 - January 29, 2026

Notes

  • This release contains no functional change from the OSS Angular CLI v19.2.19.
  • This release mainlines OSS v19.2.19 into NES v19.2.20.
  • Full package name(s) and version(s):
    • @neverendingsupport/angular-build@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-cli@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-create@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-pwa@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-ssr@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-architect@0.1902.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-architect-cli@0.1902.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-build-angular@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-build-webpack@0.1902.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-core@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-schematics@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/angular-devkit-schematics-cli@19.2.19-angular-cli-19.2.20
    • @neverendingsupport/ngtools-webpack@19.2.19-angular-cli-19.2.20