CKEditor 4.7.0

Important Notes:

  • #13793: The embed_provider configuration option for the Media Embed and Semantic Media Embed plugins is no longer preset by default.
  • The UI Color plugin now uses a custom color picker instead of the YUI 2.7.0 library which has some known vulnerabilities (it's a security precaution, there was no security issue in CKEditor due to the way it was used).

New Features:

Fixed Issues:

  • #16935: [Chrome] Fixed: Blurring the editor in Source Mode throws an error.
  • #16825: [Chrome] Fixed: Error thrown when destroying a focused inline editor.
  • #16857: Fixed: Ctrl+Shift+V blocked by Copy Formatting.
  • #16845: [IE] Fixed: Cursor jumps to the top of the scrolled editor after focusing it when the Copy Formatting plugin is enabled.
  • #16786: Fixed: Added missing translations for the Copy Formatting plugin.
  • #14714: [WebKit/Blink] Fixed: Exception thrown on refocusing a blurred inline editor.
  • #16913: [Firefox, IE] Fixed: Paste as Plain Text keystroke does not work.
  • #16968: Fixed: [Safari] Paste as Plain Text is not handled by the editor.
  • #16912: Fixed: Exception thrown when a single image is pasted using Paste from Word.
  • #16821: Fixed: Extraneous <span> elements with height style stacked when pasting from Word.
  • #16866: [IE, Edge] Fixed: Whitespaces not preserved when pasting from Word.
  • #16860: Fixed: Paragraphs which only look like lists incorrectly transformed into them when pasting from Word.
  • #16817: Fixed: When pasting from Word, paragraphs are transformed into lists with some corrupted data.
  • #16833: [IE11] Fixed: Malformed list with headers pasted from Word.
  • #16826: [IE] Fixed: Superfluous paragraphs within lists pasted from Word.
  • #12465: Fixed: Cannot change the state of checkboxes or radio buttons if the properties dialog was invoked with a double-click.
  • #13062: Fixed: Impossible to unlink when the caret is at the edge of the link.
  • #13585: Fixed: Error when wrapping two adjacent <div> elements with a <div>.
  • #16811: Fixed: Table alignment is not preserved by the Paste from Word plugin.
  • #16810: Fixed: Vertical align in tables is not supported by the Paste from Word plugin.
  • #11956: [Blink, IE] Fixed: Link dialog does not open on a double click on the second word of the link with a background color or other styles.
  • #10472: Fixed: Unable to use Table Resize on table header and footer.
  • #14762: Fixed: Hovering over an empty table (without rows or cells) throws an error when the Table Resize plugin is active.
  • #16777: [Edge] Fixed: The Clipboard plugin does not allow to drop widgets into the editor.
  • #14894: [Chrome] Fixed: The editor scrolls to the top after focusing or when a dialog is opened.
  • #14769: Fixed: URLs with '-' in host are not detected by the Auto Link plugin.
  • #16804: Fixed: Focus is not on the first menu item when the user opens a context menu or a drop-down list from the editor toolbar.
  • #14407: [IE] Fixed: Non-editable widgets can be edited.
  • #16927: Fixed: An error thrown if a bundle containing the Color Button plugin is run in ES5 strict mode. Thanks to Igor Rubinovich!
  • #16920: Fixed: Several plugins not using the Dialog plugin as a direct dependency.
  • PR#336: Fixed: Typo in CKEDITOR.getCss API documentation. Thanks to knusperpixel!
  • #17027: Fixed: Command event data should be initialized as an empty object.
  • Fixed the behavior of HTML parser when parsing src/srcdoc attributes of the <iframe> element in a CKEditor setup with ACF turned off and without the Iframe Dialog plugin. The issue was originally reported as a security issue by Sriramk21 from Pegasystems and was later downgraded by the security team into a normal issue due to the requirement of having ACF turned off. Disabling Advanced Content Filter is against security best practices, so the problem described above has not been considered a security issue as such.

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
    • Fixed: DOM Exception after clicking "Remove Language" on a selected word with enabled Language plugin in SCAYT.
  • #16958: Switched the default MathJax CDN provider for the Mathematical Formulas plugin from cdn.mathjax.org to cdnjs, due to closing of cdn.mathjax.org scheduled for April 30, 2017.
  • #16954: Removed the paste dialog.
  • #16982: Latest Safari now supports enhanced Clipboard API introduced in CKEditor 4.5.0.
  • #17025: Updated Bender.js to 0.4.2.

CKEditor 4.6.2

New Features:

Fixed Issues:

CKEditor 4.6.1

New Features:

Fixed Issues:

  • #11064: [Blink, WebKit] Fixed: Cannot select all editor content when a widget or a non-editable element is the first or last element of the content. Also fixes this issue in the Select All plugin.
  • #14755: [Blink, WebKit, IE8] Fixed: Browser hangs when a table is inserted in the place of a selected list with an empty last item.
  • #16624: Fixed: Improved the Color Button plugin which will now normalize the CSS background property if it only contains a color value. This fixes missing background colors when using Paste from Word.
  • #16600: [Blink, WebKit] Fixed: Error thrown occasionally by an uninitialized editable for multiple CKEditor instances on the same page.

CKEditor 4.6.0

New Features:

Fixed Issues:

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
    • Support for the new default Moono-Lisa skin.
    • #121: Fixed: Basic Styles do not work when SCAYT is enabled.
    • #125: Fixed: Inline styles are not continued when writing multiple lines of styled text with SCAYT enabled.
    • #127: Fixed: Uncaught TypeError after enabling SCAYT in the CKEditor <div> element.
    • #128: Fixed: Error thrown after enabling SCAYT caused by conflicts with RequireJS.

CKEditor 4.5.11

Security Updates:

  • [Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell.

    Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.

    An upgrade is recommended.

New Features:

Fixed Issues:

  • #13362: [Blink, WebKit] Fixed: Active widget element is not cached when it is losing focus and it is inside an editable element.
  • #13755: [Edge] Fixed: Pasting images does not work.
  • #13548: [IE] Fixed: Clicking the elements path disables Cut and Copy icons.
  • #13812: Fixed: When aborting file upload the placeholder for image is left.
  • #14659: [Blink] Fixed: Content scrolled to the top after closing the dialog in a <div>-based editor.
  • #14825: [Edge] Fixed: Focusing the editor causes unwanted scrolling due to dropped support for the setActivemethod.