Why is this important?
A web application framework must receive regular and ongoing updates to fix security vulnerabilities and other flaws in the software. Websites and web applications built using AngularJS will become less secure over time as more weaknesses are found in the AngularJS framework and go unfixed. Hackers and other malicious actors use these weaknesses to gain access to the web applications’ user data and inject their own code into the web applications. Keeping software updated is one of the most important parts of securely using the web.
Can’t they just update to a newer version of AngularJS?
Applications built using Angular do not have this problem. The modern Angular framework descends from major version 2 and has maintained more or less the same architecture and design as major version 2. Web applications using Angular can be updated without a total rewrite; however, there are always tweaks or changes that have to be made to guarantee compatibility between the existing codebase and the new version of the framework.
How does this affect me?
If you use OpenStack and its web interface Horizon, you are using an AngularJS application. Many of the interface panels in Horizon are implemented using AngularJS. The Horizon project will have to find a path to update these interface panels to a newer framework.
cPanel, the popular control panel for web hosting, uses AngularJS for its interface. The cPanel team will have to update their application to use a different framework, which may result in a different appearance or experience for cPanel users. Failure to make this update by December 31st, 2021 will expose cPanel users to increasing levels of risk as AngularJS becomes more and more out of date.
OpenStack and cPanel are two major examples of AngularJS applications that need to be updated. Several other popular websites and organizations also use AngularJS right now, like the Federal Trade Commission’s Identify Theft website, Zagat’s website, and several of Google’s own smaller web pages.
Sounds serious! What do I do?
If your web application or website has a way to send feedback, though, you can send your concerns to them. You may also be able to find a changelog or list of updates that are planned or were made to the web application and see if they mention moving from AngularJS.
Unfortunately, there is not much more you can do. It is on the developers for your web applications and websites to make this update. It is important to note that even though this is a serious issue, there likely will not be any serious risks for some time after December 31st, 2021. Discovering vulnerabilities in frameworks can take large amounts of time and effort, and AngularJS will present a less attractive target as more web applications and websites move to other frameworks.