AngularJS EOL and Oxygen

Every single piece of software that uses AngularJS immediately imploded as soon as official support ended, resulting in hundreds of thousands (if not millions) of profitable products ceasing to exist overnight.

Just kidding. Absolutely nothing notable happened, and AngularJS continues to work exactly as it has for the last several years.

AngularJS is has been out since October 20th, 2010. Up until ~2021, Oxygen used AngularJS 1.3.5, which was released in 2014. Do you know how many vulnerabilities, performance issues or bugs we experienced as a result of using a ~7 year old version of AngularJS? 

Shocking, right? Well, not really, and it's all about what AngularJS is and how Oxygen uses it.

AngularJS is an open-source JavaScript-based web framework for developing applications. It was maintained mainly by Google and a community of individuals and corporations (as most open-source projects tend to be.)

One of the very attractive aspects of a critical part of your stack being open-source (I'm looking at you, WordPress and the WP plugin ecosystem!) is that you're not beholden to the original publisher of the code for updates, fixes, and improvements.

It's largely because of this that we haven't been worried at all about AngularJS reaching EOL. Despite knowing how stable it is from having used it in Oxygen since 2016 and never running into an issue that required us to update AngularJS, we also have a secret weapon in our back pocket...

That's right! The beans are spilled. As a software company, we employ a team of elite individuals known as Software Engineers. These incredible people know how to write code, including making changes to frameworks like AngularJS. And since it's open-source, there's absolutely nothing stopping us from making our own patches and updates if they're needed.

We're well equipped to maintain the framework ourselves in the event that a critical update is needed. Why would AngularJS need a critical update? Well, there are two primary reasons that might happen: 

1. A new, major vulnerability is discovered & disclosed.

2. AngularJS breaks.

The first scenario is possible, but not as exciting as it sounds because AngularJS is never actually used on the front-end of sites built with Oxygen. It is only used in the visual editor itself.

That means of the 5 known medium-level vulnerabilities (source) in AngularJS 1.8.2, 4 don't matter because AngularJS isn't exposed to website visitors, and 1 requires that you use the now-deprecated Internet Explorer browser.

And let's be honest. If you're still using Internet Explorer, there's nothing we can do to save your poor misguided soul at this point.

In order for AngularJS to break, one of the major web browsers would have to change something fundamental to the way JavaScript frameworks operate within them.

There's a good reason this doesn't happen very often, if ever: breaking stuff for a large percentage of the internet is just bad business.

Even so, if that does happen, we have a couple of options.

First, as mentioned previously, we can activate our elite squad of Software Engineers. This is the most likely route we would take if it ever became necessary, because whatever breaks is likely to be so minor it'll take a super quick patch to correct.

If that's not the best route, there are also companies like XLTS.dev and OpenLogic who specialize in offering long-term support & security updates for frameworks like AngularJS. We've already spoken to XLTS and can call them in if the need ever comes up.

Not to mention that, because Oxygen doesn't use AngularJS on the front-end of your sites, a breakage related to AngularJS is almost guaranteed not to impact your visitors' experiences at all.

In this context, "legacy" simply means that Oxygen is battle-tested and has been around a long time, just like WordPress. 

Every mature, established product reaches this stage eventually.

And as far as we're concerned, Oxygen being a mature, established, stable, battle-tested product that continues to stand the test of time is a Good Thing ™, not something to be worried about.