HeroDevs
Visit Angular NES Home Page

Angular 6

Comprehensive release notes and changelog for Angular 6, including security patches, bug fixes, and feature updates across all supported versions.

5 Patched Vulnerabilities
VEX Statements

Angular

v6.1.19 - April 28, 2026

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-common@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-compiler@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-compiler-cli@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-core@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-elements@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-forms@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-http@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-language-service@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-platform-browser@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-platform-browser-dynamic@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-platform-server@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-platform-webworker@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-platform-webworker-dynamic@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-router@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-service-worker@6.1.10-angular-6.1.19
    • @neverendingsupport/angular-upgrade@6.1.10-angular-6.1.19

Security Fixes

  • core: Sanitize sensitive attributes on SVG script elements.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2026-22610).

v6.1.18 - December 19, 2025

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-common@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-compiler@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-compiler-cli@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-core@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-elements@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-forms@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-http@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-language-service@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-platform-browser@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-platform-browser-dynamic@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-platform-server@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-platform-webworker@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-platform-webworker-dynamic@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-router@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-service-worker@6.1.10-angular-6.1.18
    • @neverendingsupport/angular-upgrade@6.1.10-angular-6.1.18

Security Fixes

  • compiler: Prevent stored XSS via SVG animation attributeName and MathML/SVG URLs.
    • This fixes a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2025-66412).

v6.1.17 - December 10, 2025

Notes

  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-common@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-compiler@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-compiler-cli@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-core@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-elements@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-forms@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-http@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-language-service@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-platform-browser@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-platform-browser-dynamic@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-platform-server@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-platform-webworker@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-platform-webworker-dynamic@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-router@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-service-worker@6.1.10-angular-6.1.17
    • @neverendingsupport/angular-upgrade@6.1.10-angular-6.1.17

Security Fixes

  • common: Prevent Cross-Site Request Forgery (XSRF) token leakage to protocol-relative URLs.
    • This fixes a high-severity Information Exposure vulnerability (CVE-2025-66035).

v6.1.16 - June 16, 2025

Notes

  • This release contains no functional changes from NES v6.1.15.
  • This release implements a new package naming scheme for the Angular packages. More information about the change can be found in the NES Decoupled Namespace Specification.
  • Full package name(s) and version(s):
    • @neverendingsupport/angular-animations@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-common@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-compiler@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-compiler-cli@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-core@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-elements@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-forms@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-http@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-language-service@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-platform-browser@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-platform-browser-dynamic@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-platform-server@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-platform-webworker@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-platform-webworker-dynamic@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-router@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-service-worker@6.1.10-angular-6.1.16
    • @neverendingsupport/angular-upgrade@6.1.10-angular-6.1.16

v6.1.15, February 6, 2025

Notes

  • This release adds the following packages: elements, language-service
  • Full Version: 6.1.10-{PACKAGE_NAME}-6.1.15

v6.1.14, February 4, 2025

Notes

  • This release contains no functional changes from NES v6.1.13.
  • This release contains metadata fixes and improvements: Updated licensing information.
  • Full Version: 6.1.10-{PACKAGE_NAME}-6.1.14

v6.1.13, February 4, 2025

Notes

  • This release contains no functional changes from NES v6.1.12.
  • This release contains only metadata fixes and improvements: Updated peer dependency versions.
  • Full Version: 6.1.10-{PACKAGE_NAME}-6.1.13

v6.1.12, February 4, 2025

Notes

  • This release contains no functional changes from NES v6.1.11.
  • This release contains only metadata fixes and improvements: Updated peer dependency versions.
  • Full Version: 6.1.12-{PACKAGE_NAME}

v6.1.11, February 7, 2024

Notes

  • Full Version: 6.1.11-{PACKAGE_NAME}

Security Fixes

  • common: Use ContentType: application/json (instead of text/plain) for boolean values with HttpClient request body.
  • core:
    • Ensure sanitizer works if DOMParser returns null body.
    • Fix possible XSS vulnerability in development through SSR.
      • This fixes a low-severity Cross-Site Scripting (XSS) vulnerability (CVE-2021-4231).
  • platform-browser: Prevent memory leak of style nodes if shadow DOM encapsulation is used.

Angular CLI

6.2.14 (NES) - September 2025

Notes

  • Full package names and versions
    • @neverendingsupport/angular-cli@6.2.9-angular-cli-6.2.14
    • @neverendingsupport/angular-pwa@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-architect@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-architect-cli@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-build-angular@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-build-ng-packagr@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-build-optimizer@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-build-webpack@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-core@6.2.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-schematics@6.2.9-angular-cli-6.2.14
    • @neverendingsupport/angular-devkit-schematics-cli@0.8.9-angular-cli-6.2.14
    • @neverendingsupport/ngtools-webpack@6.2.9-angular-cli-6.2.14

Bug Fixes

  • Fixed build issues: updated peer dependency version numbers

6.2.13 (NES) - June 5, 2025

Notes

  • This release contains no functional changes from 6.2.12.
  • Full package names and versions
    • @neverendingsupport/angular-cli@6.2.9-angular-cli-6.2.13
    • @neverendingsupport/angular-pwa@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-architect@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-architect-cli@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-build-angular@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-build-ng-packagr@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-build-optimizer@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-build-webpack@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-core@6.2.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-schematics@6.2.9-angular-cli-6.2.13
    • @neverendingsupport/angular-devkit-schematics-cli@0.8.9-angular-cli-6.2.13
    • @neverendingsupport/ngtools-webpack@6.2.9-angular-cli-6.2.13

6.2.12 (NES) - February 26, 2025

Security

Notes

  • This is the initial release of the NES Angular CLI 6.2.x series.