[JOC-2215] Upgrade angular/core, angular/common, angular/compiler version 16.12.12 to 16.12.14 due to 3rd-party vulnerabilities CVE-2026-22610, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Dismissed (View Workflow)
Priority: Medium
Resolution: Won't Fix
Affects Version/s: 2.5.10, 2.7.1
Fix Version/s: 2.5.13, 2.7.8
Component/s: JOC Cockpit GUI
Labels:
None

CVE-ID:
CVE-2026-22610, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610

Description

Impact

angular/core
- The vulnerability relates to unsafe innerHTML usage; mitigated in our code using DomPurify sanitization.
angular/common
- No applicable usage pattern found in the JS7 implementation,
angular/compiler
- Build-time dependency only. Not part of production bundle. No run-time exposure.

Maintainer Note
The issue is dismissed as the upgrade requires a major Angular migration that is a too big change and is not acceptable for the LTS phase of branch 2.5.

Attachments

Activity

People

Assignee:: Neeraj Patidar

Reporter:: Andreas Püschel

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17 April 2026 16:41

Updated:: 17 April 2026 17:29

Resolved:: 17 April 2026 16:43