config.colorButton_colorsPerRowconfiguration option for setting the number of rows in the color selector.
element.setSizesets incorrect editor dimensions if the border width is represented as a fraction of pixels.
backgroundproperty if it only contains a color value. This fixes missing background colors when using Paste from Word.
config.pasteFromWordRemoveFontStylesoption now defaults to
false. This option will be deprecated in the future. Use Advanced Content Filter to replicate the effect of setting it to
config.pasteFromWordRemoveStylesoptions were dropped and no longer have any effect on pasted content.
downloadattribute in link (
<a>) elements. Selecting the "Force Download" checkbox in the Link dialog will cause the linked file to be downloaded automatically. Thanks to sbusse!
additionalRequestParametersproperty for file uploads to make it possible to send additional information about the uploaded file to the server.
config.image2_altRequiredoption for the Enhanced Image plugin to allow making alternative text a mandatory field. Thanks to Andrey Fedoseev!
mso-list: ignorestyle is not handled properly when pasting from Word.
<li>element after pasting from Word.
<span>elements in Paste from Word content cleanup breaking content formatting.
config.pasteFromWordRemoveFontStylesis ignored under certain conditions.
[Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell.
Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
An upgrade is recommended.
font-stylefamily property correctly, removing quotes and whitespace from font names.
config.autoGrow_onStartupoption set to
truedoes not work properly for an editor that is not visible.
onloadevents are not used in browsers it could have been used when loading scripts dynamically.