Vue 2.6 NES Release Notes
Comprehensive changelog for Vue 2.6 NES (Never-Ending Support), documenting security updates and bug fixes including CVE patches and dependency updates.
Version 2.6.19 (NES) - October 4, 2024
Bug Fixes
- template-compiler, server-renderer, webpack-plugin: Depend on secure
lodash@4.17.21instead of single-function legacy packageslodash.template@4.5.0andlodash.uniq@4.5.0
Version 2.6.18 (NES) - July 25, 2024
Bug Fixes
- Improve parser processing for <script>, <style>, and <textarea> tags to patch CVE-2024-9506 (low-severity vulnerability)
Version 2.6.17 (NES) - June 3, 2024
Bug Fixes
- template-compiler: Sanitize ASTNodes when constructing AST tree to patch CVE-2024-6783 (medium-severity vulnerability)
Version 2.6.16 (NES) - October 18, 2023
Bug Fixes
- Allow Dev-only Vue Package Version comparison logic to work with NES naming convention (for example, when comparing the
template-compilerto thevueruntime, the "version")
Version 2.6.15 (NES) - August 16, 2023
Notes
- This release represents the NES forking point from
OSS Vue 2.6.14and contains no functional changes - Only non-functional files (licensing, copyright, packaging, etc) required for NES distribution were changed
Bug Fixes
- None