- #13793: The
embed_providerconfiguration option for the Media Embed and Semantic Media Embed plugins is no longer preset by default.
- The UI Color plugin now uses a custom color picker instead of the
YUI 2.7.0library which has some known vulnerabilities (it's a security precaution, there was no security issue in CKEditor due to the way it was used).
- #16755: Added the Table Selection plugin that lets you select and manipulate an arbitrary rectangular table fragment (a few cells, a row or a column).
- #16961: Added support for pasting from Microsoft Excel.
- #13381: Dynamic code evaluation call in
CKEDITOR.templateremoved. CKEditor can now be used with the
unsafe-evalContent Security Policy. Thanks to Caridy Patiño!
- #16971: Added support for color in the
backgroundproperty containing also other styles for table cells in the Table Tools plugin.
- #16847: Added support for parsing and inlining any formatting created using the Microsoft Word style system to the Paste from Word plugin.
- #16818: Added table cell height parsing in the Paste from Word plugin.
- #16850: Added a new
config.enableContextMenuconfiguration option for enabling and disabling the context menu.
- #16937: The
commandparameter in CKEDITOR.editor.getCommandKeystroke now also accepts a command name as an argument.
- #17010: The
CKEDITOR.dom.range.shrinkmethod now allows for skipping bogus
- #16935: [Chrome] Fixed: Blurring the editor in Source Mode throws an error.
- #16825: [Chrome] Fixed: Error thrown when destroying a focused inline editor.
- #16857: Fixed: Ctrl+Shift+V blocked by Copy Formatting.
- #16845: [IE] Fixed: Cursor jumps to the top of the scrolled editor after focusing it when the Copy Formatting plugin is enabled.
- #16786: Fixed: Added missing translations for the Copy Formatting plugin.
- #14714: [WebKit/Blink] Fixed: Exception thrown on refocusing a blurred inline editor.
- #16913: [Firefox, IE] Fixed: Paste as Plain Text keystroke does not work.
- #16968: Fixed: [Safari] Paste as Plain Text is not handled by the editor.
- #16912: Fixed: Exception thrown when a single image is pasted using Paste from Word.
- #16821: Fixed: Extraneous
heightstyle stacked when pasting from Word.
- #16866: [IE, Edge] Fixed: Whitespaces not preserved when pasting from Word.
- #16860: Fixed: Paragraphs which only look like lists incorrectly transformed into them when pasting from Word.
- #16817: Fixed: When pasting from Word, paragraphs are transformed into lists with some corrupted data.
- #16833: [IE11] Fixed: Malformed list with headers pasted from Word.
- #16826: [IE] Fixed: Superfluous paragraphs within lists pasted from Word.
- #12465: Fixed: Cannot change the state of checkboxes or radio buttons if the properties dialog was invoked with a double-click.
- #13062: Fixed: Impossible to unlink when the caret is at the edge of the link.
- #13585: Fixed: Error when wrapping two adjacent
<div>elements with a
- #16811: Fixed: Table alignment is not preserved by the Paste from Word plugin.
- #16810: Fixed: Vertical align in tables is not supported by the Paste from Word plugin.
- #11956: [Blink, IE] Fixed: Link dialog does not open on a double click on the second word of the link with a background color or other styles.
- #10472: Fixed: Unable to use Table Resize on table header and footer.
- #14762: Fixed: Hovering over an empty table (without rows or cells) throws an error when the Table Resize plugin is active.
- #16777: [Edge] Fixed: The Clipboard plugin does not allow to drop widgets into the editor.
- #14894: [Chrome] Fixed: The editor scrolls to the top after focusing or when a dialog is opened.
- #14769: Fixed: URLs with '-' in host are not detected by the Auto Link plugin.
- #16804: Fixed: Focus is not on the first menu item when the user opens a context menu or a drop-down list from the editor toolbar.
- #14407: [IE] Fixed: Non-editable widgets can be edited.
- #16927: Fixed: An error thrown if a bundle containing the Color Button plugin is run in ES5 strict mode. Thanks to Igor Rubinovich!
- #16920: Fixed: Several plugins not using the Dialog plugin as a direct dependency.
- PR#336: Fixed: Typo in
CKEDITOR.getCssAPI documentation. Thanks to knusperpixel!
- #17027: Fixed: Command event data should be initialized as an empty object.
- Fixed the behavior of HTML parser when parsing
srcdocattributes of the
<iframe>element in a CKEditor setup with ACF turned off and without the Iframe Dialog plugin. The issue was originally reported as a security issue by Sriramk21 from Pegasystems and was later downgraded by the security team into a normal issue due to the requirement of having ACF turned off. Disabling Advanced Content Filter is against security best practices, so the problem described above has not been considered a security issue as such.
- Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
- Fixed: DOM Exception after clicking "Remove Language" on a selected word with enabled Language plugin in SCAYT.
- #16958: Switched the default MathJax CDN provider for the Mathematical Formulas plugin from
cdn.mathjax.orgto cdnjs, due to closing of
cdn.mathjax.orgscheduled for April 30, 2017.
- #16954: Removed the paste dialog.
- #16982: Latest Safari now supports enhanced Clipboard API introduced in CKEditor 4.5.0.
- #17025: Updated Bender.js to 0.4.2.
- #16733: Added a new pastel color palette for the Color Button plugin and a new
config.colorButton_colorsPerRowconfiguration option for setting the number of rows in the color selector.
- #16752: Added a new Azerbaijani localization. Thanks to the Azerbaijani language team!
- #13818: It is now possible to group Widget style definitions, so applying one style disables the other.
- #13446: [Chrome] Fixed: It is possible to type in an unfocused inline editor.
- #14856: Fixed: Font size and font family reset each other when modified at certain positions.
- #16745: [Edge] Fixed: List items are lost when pasted from Word.
- #16682: [Edge] Fixed: A list gets pasted from Word as a set of paragraphs. Added the
- #10373: Fixed: Context menu items can be dragged into the editor.
- #16728: [IE] Fixed: Copy Formatting breaks the editor in Quirks Mode.
- #16795: [IE] Fixed: Copy Formatting breaks the editor in Compatibility Mode.
- #16675: Fixed: Styles applied with Copy Formatting to a single table cell are applied to the whole table.
- #16753: Fixed:
element.setSizesets incorrect editor dimensions if the border width is represented as a fraction of pixels.
- #16705: [Firefox] Fixed: Unable to paste images as Base64 strings when using Clipboard.
- #11064: [Blink, WebKit] Fixed: Cannot select all editor content when a widget or a non-editable element is the first or last element of the content. Also fixes this issue in the Select All plugin.
- #14755: [Blink, WebKit, IE8] Fixed: Browser hangs when a table is inserted in the place of a selected list with an empty last item.
- #16624: Fixed: Improved the Color Button plugin which will now normalize the CSS
backgroundproperty if it only contains a color value. This fixes missing background colors when using Paste from Word.
- #16600: [Blink, WebKit] Fixed: Error thrown occasionally by an uninitialized editable for multiple CKEditor instances on the same page.
- #14569: Added a new, flat, default CKEditor skin called Moono-Lisa. Refreshed default colors available in the Color Button plugin (Text Color and Background Color feature).
- #14707: Added a new Copy Formatting feature to enable easy copying of styles between your document parts.
- Introduced the completely rewritten Paste from Word plugin:
- Backward incompatibility: The
config.pasteFromWordRemoveFontStylesoption now defaults to
false. This option will be deprecated in the future. Use Advanced Content Filter to replicate the effect of setting it to
- Backward incompatibility: The
config.pasteFromWordRemoveStylesoptions were dropped and no longer have any effect on pasted content.
- Major improvements in preservation of list numbering, styling and indentation (nested lists with multiple levels).
- Major improvements in document structure parsing that fix plenty of issues with distorted or missing content after paste.
- Backward incompatibility: The
- Added new translation: Occitan. Thanks to Cédric Valmary!
- #10015: Keyboard shortcuts (relevant to the operating system in use) will now be displayed in tooltips and context menus.
- #13794: The Upload Image feature now uses
- #12541: Added the Upload File plugin that lets you upload a file by drag&dropping it into the editor content.
- #14449: Introduced the Balloon Panel plugin that lets you create stylish floating UI elements for the editor.
- #12077: Added support for the HTML5
downloadattribute in link (
<a>) elements. Selecting the "Force Download" checkbox in the Link dialog will cause the linked file to be downloaded automatically. Thanks to sbusse!
- #13518: Introduced the
additionalRequestParametersproperty for file uploads to make it possible to send additional information about the uploaded file to the server.
- #14889: Added the
config.image2_altRequiredoption for the Enhanced Image plugin to allow making alternative text a mandatory field. Thanks to Andrey Fedoseev!
- #9991: Fixed: Paste from Word should only normalize input data.
- #7209: Fixed: Lists with 3 levels not pasted from Word correctly.
- #14335: Fixed: Pasting a numbered list starting with a value different from "1" from Microsoft Word does not work correctly.
- #14542: Fixed: Copying a numbered list from Microsoft Word does not preserve list formatting.
- #14544: Fixed: Copying a nested list from Microsoft Word results in an empty list.
- #14660: Fixed: Pasting text from Word breaks the styling in some cases.
- #14867: [Firefox] Fixed: Text gets stripped when pasting content from Word.
- #2507: Fixed: Paste from Word does not detect pasting a part of a paragraph.
- #3336: Fixed: Extra blank row added on top of the content pasted from Word.
- #6115: Fixed: When Right-to-Left text direction is applied to a table pasted from Word, borders are missing on one side.
- #6342: Fixed: Paste from Word filters out a basic text style when it is configured to use attributes.
- #6457: [IE] Fixed: Pasting from Word is extremely slow.
- #6789: Fixed: The
mso-list: ignorestyle is not handled properly when pasting from Word.
- #7262: Fixed: Lists in preformatted body disappear when pasting from Word.
- #7662: [Opera] Fixed: Extra empty number/bullet shown in the editor body when editing a multi-level list pasted from Word.
- #7807: Fixed: Last item in a list not converted to a
<li>element after pasting from Word.
- #7950: [IE] Fixed: Content from Word pasted differently than in other browsers.
- #7982: Fixed: Multi-level lists get split into smaller ones when pasting from Word.
- #8231: [WebKit, Opera] Fixed: Paste from Word inserts empty paragraphs.
- #8266: Fixed: Paste from Word inserts a blank line at the top.
- #8341, #7646: Fixed: Faulty removal of empty
<span>elements in Paste from Word content cleanup breaking content formatting.
- #8754: [Firefox] Fixed: Incorrect pasting of multiple nested lists in Paste from Word.
- #8983: Fixed: Alignment lost when pasting from Word with
- #9331: [IE] Fixed: Pasting text from Word creates a simple Caesar cipher.
- #9422: Fixed: Paste from Word leaves an unwanted
- #10011: [IE9-10] Fixed:
config.pasteFromWordRemoveFontStylesis ignored under certain conditions.
- #10643: Fixed: Differences between using Ctrl+V and pasting from the Paste from Word dialog.
- #10784: Fixed: Lines missing when pasting from Word.
- #11294: [IE10] Fixed: Font size is not preserved when pasting from Word.
- #11627: Fixed: Missing words when pasting from Word.
- #12784: Fixed: Bulleted list with custom bullets gets changed to a numbered list when pasting from Word.
- #13174: Fixed: Data loss after pasting from Word.
- #13828: Fixed: Widget classes should be added to the wrapper rather than the widget element.
- #13829: Fixed: No class in Widget wrapper to identify the widget type.
- #13519: Server response received when uploading files should be more flexible.
- Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
- Support for the new default Moono-Lisa skin.
- #121: Fixed: Basic Styles do not work when SCAYT is enabled.
- #125: Fixed: Inline styles are not continued when writing multiple lines of styled text with SCAYT enabled.
- #127: Fixed: Uncaught TypeError after enabling SCAYT in the CKEditor
- #128: Fixed: Error thrown after enabling SCAYT caused by conflicts with RequireJS.
[Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell.
Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
An upgrade is recommended.
- #14747: The Enhanced Image caption now supports the link
- #7154: Added support for the "Display Text" field to the Link dialog. Thanks to Ryan Guill!
- #13362: [Blink, WebKit] Fixed: Active widget element is not cached when it is losing focus and it is inside an editable element.
- #13755: [Edge] Fixed: Pasting images does not work.
- #13548: [IE] Fixed: Clicking the elements path disables Cut and Copy icons.
- #13812: Fixed: When aborting file upload the placeholder for image is left.
- #14659: [Blink] Fixed: Content scrolled to the top after closing the dialog in a
- #14825: [Edge] Fixed: Focusing the editor causes unwanted scrolling due to dropped support for the