Skip to content

v15.1.0

Compare
Choose a tag to compare
@github-actions github-actions released this 22 Mar 17:48
· 45 commits to master since this release

Features

  • add searchPattern as an option and restrict default search pattern (#75) (d701f51)

Bug Fixes

  • use correct path for environment files in ng-add (421b3ff)

Security Notice

With the change in version 15 to search all files for environment variables, a potential information disclosure vulnerability was introduced, as unintended environment variables might be exposed.

You might be affected, if you use environment variables in your angular.json workspace that expose application internals (like used services/tools) or secrets that are also available on the deployed environment (e.g. a monorepo that also contains a Node.js backend, which is deployed in the same system/container/pod as the frontend bundle).

This should have little to no impact, if you only have a simple angular.json workspace without a backend component.

With 15.1 this risk is mitigated, as the lookup path is restricted by adding an option searchPattern which defaults to {sourceRoot}/**/!(server).ts (only search sourceRoot of the related angular.json project and exclude files with server in the name).

Full Changelog: v15.0.2...v15.1.0