AngularJS is the first major version of Google’s popular Angular family of open source JavaScript web application frameworks. Released in 2010, AngularJS is now scheduled to reach the end of its life on December 31st, 2021. After this date, Google will no longer make patches or updates for the AngularJS framework.
Why is this important?
A web application framework must receive regular and ongoing updates to fix security vulnerabilities and other flaws in the software. Websites and web applications built using AngularJS will become less secure over time as more weaknesses are found in the AngularJS framework and go unfixed. Hackers and other malicious actors use these weaknesses to gain access to the web applications’ user data and inject their own code into the web applications. Keeping software updated is one of the most important parts of securely using the web.
Can’t they just update to a newer version of AngularJS?
While a major version update is normally the solution to the end-of-life of a particular version of software, AngularJS cannot simply be updated to a newer version of the framework (now called just Angular). Google completely re-engineered the Angular framework between major version 1 and major version 2. Thanks to these differences, upgrading from AngularJS to a modern version of Angular would essentially be the same as moving to an entirely different JavaScript framework. Websites and web applications built with AngularJS will have to be entirely rebuilt before December 31st, 2021 if they want to continue to provide a secure web experience for their users.
Applications built using Angular do not have this problem. The modern Angular framework descends from major version 2 and has maintained more or less the same architecture and design as major version 2. Web applications using Angular can be updated without a total rewrite; however, there are always tweaks or changes that have to be made to guarantee compatibility between the existing codebase and the new version of the framework.
How does this affect me?
You may be surprised to find out that there is a good chance your favorite website or web application was built using AngularJS. AngularJS was one of the earliest JavaScript web application frameworks for building single-page web applications. It has significant support and investment despite its long age.
If you use OpenStack and its web interface Horizon, you are using an AngularJS application. Many of the interface panels in Horizon are implemented using AngularJS. The Horizon project will have to find a path to update these interface panels to a newer framework.
cPanel, the popular control panel for web hosting, uses AngularJS for its interface. The cPanel team will have to update their application to use a different framework, which may result in a different appearance or experience for cPanel users. Failure to make this update by December 31st, 2021 will expose cPanel users to increasing levels of risk as AngularJS becomes more and more out of date.
OpenStack and cPanel are two major examples of AngularJS applications that need to be updated. Several other popular websites and organizations also use AngularJS right now, like the Federal Trade Commission’s Identify Theft website, Zagat’s website, and several of Google’s own smaller web pages.
Sounds serious! What do I do?
If your web application or website has a way to send feedback, though, you can send your concerns to them. You may also be able to find a changelog or list of updates that are planned or were made to the web application and see if they mention moving from AngularJS.
Unfortunately, there is not much more you can do. It is on the developers for your web applications and websites to make this update. It is important to note that even though this is a serious issue, there likely will not be any serious risks for some time after December 31st, 2021. Discovering vulnerabilities in frameworks can take large amounts of time and effort, and AngularJS will present a less attractive target as more web applications and websites move to other frameworks.