CoreUI Free Angular Admin Template v5.6.21 - Security Update

We are pleased to announce the release of CoreUI Free Angular Admin Template v5.6.21. This critical security update brings full support for Angular 21.2.5, includes updated CoreUI for Angular v5.6.21 components, and addresses multiple security vulnerabilities in the undici package. This release ensures your Angular admin dashboard runs securely with the latest framework improvements.

Speed up your responsive apps and websites with fully-featured, ready-to-use open-source admin panel templates—free to use and built for efficiency.

Angular

Bootstrap

React.js

Vue.js

How to Update

Download from GitHub releases or clone the latest version:

git clone https://github.com/coreui/coreui-free-angular-admin-template.git
cd coreui-free-angular-admin-template
git checkout 5.6.21
npm install
ng update @angular/[email protected] @angular/[email protected]

For existing projects, update dependencies to match package.json from v5.6.21.

What’s New

Angular 21.2.5 Support

This release brings full support for Angular 21.2.5, ensuring your admin template benefits from:

• Latest Framework Features: All Angular 21.2.5 improvements and enhancements
• Security Fixes: Critical security patches from the Angular team
• Stability Updates: Framework-level bug fixes and improvements
• Performance Optimizations: Enhanced runtime performance
• TypeScript Compatibility: Updated TypeScript support

CoreUI for Angular v5.6.21

Updated to the latest CoreUI for Angular components (v5.6.21):

• All Dashboard Components: Latest widgets and UI components
• Enhanced Performance: Improved component rendering
• Security Updates: All components updated with latest security patches
• Chart Integration: Updated @coreui/angular-chartjs integration
• Icon Library: Latest @coreui/icons-angular package

Critical Security Patches

This release addresses six critical security vulnerabilities in the undici package (updated to ^7.24.0):

1. WebSocket 64-bit Length Parser Overflow (GHSA-f269-vfmq-vjvj)

Fixed a parser overflow vulnerability in WebSocket handling that could be exploited in applications using WebSocket connections.

2. HTTP Request/Response Smuggling (GHSA-2mjp-6q6p-2qxm)

Resolved HTTP smuggling issues that could allow attackers to bypass security controls and inject malicious requests.

3. Unbounded WebSocket Memory Consumption (GHSA-vrm6-8vpv-qv8q)

Patched memory consumption vulnerability that could lead to denial of service through WebSocket connections.

4. Invalid Server Validation Exception Handling (GHSA-v9p9-hfj2-hcw8)

Enhanced server validation to properly handle exceptions and prevent security bypasses.

5. CRLF Injection via Upgrade Option (GHSA-4992-7rv2-5pvq)

Mitigated CRLF injection attacks that could occur during protocol upgrades.

6. DeduplicationHandler Response Buffering DoS (GHSA-phc3-fgpg-7m6h)

Fixed denial of service vulnerability in response buffering mechanism.

We strongly recommend updating immediately to protect your admin dashboard against these known vulnerabilities.

Development Tools Updates

Updated Angular CLI and build tools:

• Angular CLI 21.2.3: Latest command-line interface with improvements
• Angular Build Tools: Updated @angular/build for faster builds
• Angular CDK 21.2.3: Latest component development kit
• Better Developer Experience: Improved error messages and build performance

Dependency Updates

We have updated key dependencies to their latest versions, ensuring improved performance, security, and compatibility with Angular 21.2.5:

Angular Core Updates

• @angular/animations to: 21.2.5
• @angular/common to: 21.2.5
• @angular/compiler to: 21.2.5
• @angular/core to: 21.2.5
• @angular/forms to: 21.2.5
• @angular/language-service to: 21.2.5
• @angular/localize to: 21.2.5
• @angular/platform-browser to: 21.2.5
• @angular/platform-browser-dynamic to: 21.2.5
• @angular/router to: 21.2.5

Angular Development Tools

• @angular/build to: 21.2.3
• @angular/cli to: 21.2.3
• @angular/compiler-cli to: 21.2.3
• @angular/cdk to: 21.2.3

CoreUI Packages

• @coreui/angular to: 5.6.21 - Core components with security updates
• @coreui/angular-chartjs to: 5.6.21 - Chart.js integration
• @coreui/icons-angular to: 5.6.21 - Icon library

Security Overrides

• undici - overridden to: ^7.24.0 (addresses six critical vulnerabilities)

These updates bring your admin template to the latest Angular 21.2.5 and related library versions with critical security improvements.

Getting Started

For new installations:

# Clone the repository
git clone https://github.com/coreui/coreui-free-angular-admin-template.git
cd coreui-free-angular-admin-template

# Install dependencies
npm install

# Start development server
ng serve

# Build for production
ng build --configuration production

The application will be available at http://localhost:4200

Template Features

This free admin template includes:

• Dashboard: Complete admin dashboard with widgets and charts
• Theme: Modern, responsive design
• Components: All CoreUI components included
• Navigation: Sidebar navigation with breadcrumbs
• Charts: Integrated Chart.js for data visualization
• Icons: Complete CoreUI Icons library
• Forms: Form examples and validation
• Tables: Data tables and listings
• Responsive: Mobile-first responsive design

Why Choose This Template?

• Free & Open Source: MIT licensed, use in any project
• Angular 21 Compatible: Latest Angular framework
• Production Ready: Battle-tested in enterprise applications
• Regular Updates: Frequent security updates and improvements
• Active Community: Large community support
• Professional Design: Clean, modern interface
• Well Documented: Complete Angular documentation
• TypeScript: Full TypeScript support

Migration Notes

This is a security update with full backward compatibility. No breaking changes were introduced. If you’re upgrading from an earlier version:

1. Download or clone the new version
2. Compare your customizations with new version
3. Update dependencies in your package.json
4. Run npm install to update packages
5. Test your customizations thoroughly
6. Run npm audit to verify security patches

Why Update?

Updating to v5.6.21 provides critical benefits:

• Security: Six critical vulnerability patches in undici package
• Latest Angular: Access to Angular 21.2.5 features and security fixes
• Updated Components: Latest CoreUI components with improvements
• Stability: Framework-level bug fixes
• Best Practices: Stay current with security standards
• Performance: Runtime optimizations and improvements

Security Recommendations

After updating:

1. Verify Patches: Run npm audit to confirm vulnerabilities are resolved
2. Test Thoroughly: Verify all dashboard features work correctly
3. Update Regularly: Keep your dependencies up to date
4. Monitor Advisories: Subscribe to security advisories
5. Review Customizations: Ensure your custom code is compatible

Additional Resources

• CoreUI Free Angular Admin Template Demo
• CoreUI for Angular Documentation
• Angular Documentation
• GitHub Repository
• Community Support

For a comprehensive overview of all changes, enhancements, and updates introduced in this release, please refer to the full changelog on GitHub.