AngularJS - 1.3.6 is out

Latest stable AngularJS version is out. 1.3.6 robofunky-danceblaster (2014-12-08) has been released. Stay up to date!

1.3.6 robofunky-danceblaster (2014-12-08)

Bug Fixes

  • $browser: prevent infinite digests when clearing the hash of a url (10ac5948, #9629, #9635, #10228, #10308)
  • $location: - allow hash fragments with hashPrefix in hash-bang location urls (2dc34a96, #9629, #9635, #10228, #10308) - strip off empty hash segments when comparing (e93710fe, #9635)
  • $parse: Follow JavaScript context for unbound functions (429938da)
  • filterFilter: - don’t match primitive sub-expressions against any prop (a75537d4) - ignore function properties and account for inherited properties (5ced914c, #9984) - correctly handle deep expression objects (f7cf8460, #7323, #9698, #9757)
  • http: preserve config object when resolving from cache (facfec98, #9004, #9030)
  • inputs: ignoring input events in IE caused by placeholder changes or focus/blur on inputs with placeholders (55d9db56, #9265)
  • linky: make urls starting with www. links, like markdown (915a891a, #10290)
  • ngAnimate: do not use jQuery class API (40a537c2, #10024, #10329)
  • ngMock: allow numeric timeouts in $httpBackend mock (acb066e8, #4891)
  • ngModelController: always use the most recent viewValue for validation (2d6a0a1d, #10126, #10299)
  • ngSanitize: exclude smart quotes at the end of the link (7c6be43e, #7307)
  • ngmodel: fixing many keys incorrectly marking inputs as dirty (d21dff21)
  • numberFilter: numbers rounding to zero shouldn’t be negative (96c61fe7, #10278)
  • orderBy: - make object-to-primtiive behaviour work for objects with null prototype (3aa57528) - maintain order in array of objects when predicate is not provided (8bfeddb5, #9566, #9747, #10311)
  • parse: fix operators associativity (ed1243ff)

Features

  • $$jqLite: export jqLite as a private service (f2e7f875)
  • $injector: print caller name in “unknown provider” errors (when available) (013b522c, #8135, #9721)
  • jsonFilter: add optional arg to define custom indentation (1191edba, #9771)
  • ngAria: bind keypress on ng-click w/ option (5481e2cf, #10288)

Breaking Changes

We no longer throw an ihshprfx error if the URL after the base path contains only a hash fragment. Previously, if the base URL was http://abc.com/base/ and the hashPrefix is ! then trying to parse http://abc.com/base/#some-fragment would have thrown an error. Now we simply assume it is a normal fragment and that the path is empty, resulting $location.absUrl() === "http://abc.com/base/#!/#some-fragment".

This should not break any applications, but you can no longer rely on receiving the ihshprfx error for paths that have the syntax above. It is actually more similar to what currently happens for invalid extra paths anyway: If the base URL and hashPrfix are set up as above, then http://abc.com/base/other/path does not throw an error but just ignores the extra path: http://abc.com/base.

1.3.5 cybernetic-mercantilism (2014-12-01)

Bug Fixes

1.3.4 highfalutin-petroglyph (2014-11-24)

Bug Fixes

Features

Performance Improvements

  • use Object.create instead of creating temporary constructors (bf6a79c3, #10058)

Breaking Changes

  • ngModelOptions: due to bb4d3b73, previously, ngModel invoked getter/setters in the global context.

1.3.3 undersea-arithmetic (2014-11-17)

Bug Fixes

  • $http: don’t parse single space responses as JSON (6f19a6fd, #9907)
  • minErr: stringify non-JSON compatible objects in error messages (cf43ccdf, #10085)
  • $rootScope: handle cyclic references in scopes when creating error messages (e80053d9, #10085)
  • ngRepeat: support cyclic object references in error messages (fa12c3c8, #9838, #10065, #10085)
  • ngMock: call $interval callbacks even when invokeApply is false (d81ff888, #10032)
  • ngPattern: match behaviour of native HTML pattern attribute (85eb9660, #9881, #9888)
  • select: ensure the label attribute is updated in Internet Explorer (6604c236, #9621, #10042)

Features

  • $location: allow to location to be changed during $locationChangeStart (a9352c19, #9607, #9678)
  • $routeProvider: allow setting caseInsensitiveMatch on the provider (0db573b7, #6477, #9873)

Performance Improvements

  • orderBy: copy array with slice instead of for loop (8eabc546, #9942)

Breaking Changes

  • $parse: due to fbad2805, you can’t use characters that have special meaning in AngularJS expressions (ex.: . or -) as part of filter’s name. Before this commit custom filters could contain special characters (like a dot) in their name but this wasn’t intentional.

1.3.2 cardiovasculatory-magnification (2014-11-07)

Bug Fixes

  • $compile: do not rebind parent bound transclude functions (841c0907, #9413)
  • $parse: - stateful interceptors override an undefined expression (ed99821e, #9821, #9825) - add quick check for Function constructor in fast path (e676d642)
  • $parse, events: prevent accidental misuse of properties on $event (e057a9aa)
  • ngRoute: allow proto inherited properties in route params object (b4770582, #8181, #9731)
  • select: use strict comparison for isSelected with selectAs (9e305948, #9639, #9949)

Features

  • ngAria: announce ngMessages with aria-live (187e4318, #9834)
  • ngMock: decorator that adds Scope#$countChildScopes and Scope#$countWatchers (74981c9f, #9926, #9871)

Security Note

This release also contains security fixes for expression sandbox bypasses.

These issues affect only applications with known server-side XSS holes that are also using CSP to secure their client-side code. If your application falls into this rare category, we recommend updating your version of Angular.

We’d like to thank security researches Sebastian Lekies, Jann Horn, and Gábor Molnár for reporting these issues to us.

We also added a documentation page focused on security, which contains some of the best practices, DOs and DON’Ts. Please check out https://docs.angularjs.org/guide/security.

comments powered by Disqus