CKEditor 5 changelog

This is the CKEditor 5 changelog guide. Here you will find information about the most important changes introduced in the release, new features, and bug fixes.

Information about both major and minor breaking changes is available, too, if the release introduces them. You can read more about breaking changes in CKEditor 5 in the Versioning policy guide.

You can find more information about each release in the blog posts linked at the start of each entry.

This guide provides the changelog information for the 3 latest releases of CKEditor 5. For older releases, refer to the release notes on GitHub.

We are happy to announce the release of CKEditor 5 v46.1.0.

We updated the implementation for more reliable drag-and-drop on iOS touch devices. The behavior on the desktop devices remains unchanged.

We reverted a low-level change to improve stability in pagination, especially in scenarios including long tables.

The Server-side editor API now supports a hidden_in_presence_list user flag. You can use this mechanism to prevent automation script users from appearing in the editor’s presence list while scripts run.

We provided a better handling of edge cases where a marker points to a non-existing comment thread (for example, due to integrator mistakes). Such markers are now removed automatically to keep the editor stable.

• real-time-collaboration: CloudServicesCommentsAdapter#getCommentThread no longer throws an error when a comment thread does not exist. Instead, it now returns null.

• real-time-collaboration: The user will not be displayed in the Presence List when a server-side editor API script is executed with the hidden_in_presence_list parameter.
• table: The table caption feature now has a configuration option table.tableCaption.useCaptionElement that changes the HTML for table captions. With this option set to true the output HTML for table caption changes from figure.table > figcaption to figure.table > table > caption. Closes #18988.

• clipboard, engine, widget: Improved drag & drop of widgets with selection handle on iOS devices. Closes #16335.
• engine: Spaces at the end of list items are correctly preserved when saving and loading data. Closes #18960.
• engine: Fixed an issue where the editor could crash if the selection was moved to a non-existent node during the blur event. Closes #18744.
• merge-fields: Editor no longer incorrectly adds an empty paragraph (that does not exist in data) when loaded data contains a block merge field with a marker (such as comment) on it.
• pagination: Adjusted theme for <caption> vs <figcaption> element in tables. See ckeditor/ckeditor5#18988.
• paste-from-office: Ensure consistent formatting of content pasted from Google Docs by replacing tab characters with spaces in preformatted text blocks. Closes #18995.
• revision-history: Fixed an error that prevented previewing a revision that included a removed block merge field.
• uploadcare: Fixed an issue where the Uploadcare image uploader and editor did not work correctly with custom upload URLs or custom CDN canonical names.
• watchdog: Fixed an issue where Watchdog incorrectly restored collaboration data (comment threads and suggestions) after a crash in load and save integrations. Closes #19033.
• widget: Read-only mode no longer focuses the editor and displays UI when selecting nested editables. Closes #18965.

• comments, real-time-collaboration: Comment markers linked to non-existing threads are now removed automatically (instead of throwing an error) in real-time collaboration, ensuring the editor remains fully functional.
• track-changes: Error track-changes-user-not-found will now be thrown with additional data to help with debugging: authorId (the ID of the missing user) and suggestionId (the ID of the suggestion for which the error was thrown).

A Cross-Site Scripting (XSS) vulnerability has been discovered in the CKEditor 5 clipboard package (CVE-2025-58064). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.

This vulnerability affects only installations where the editor configuration meets one of the following criteria:

• HTML embed plugin is enabled
• Custom plugin introducing an editable element which implements view RawElement is enabled

You can read more details in the relevant security advisory and contact us if you have more questions.

We are happy to announce the release of CKEditor 5 v46.0.2.

This hotfix release resolves an issue where archived comment threads could incorrectly appear in the sidebar, ensuring they remain properly contained in the comments archive.

• comments: The Annotation#isVisible property of archived comment thread annotations can no longer be modified. This prevents archived comment threads from being incorrectly displayed in the sidebar and ensures they remain properly contained within the archive.