CKEditor 4.15.1 with a security patch released
We would like to announce the release of CKEditor 4.15.1. This security update addresses a vulnerability in the CKEditor 4 Color History feature and an upgrade is highly recommended. There are also other bug fixes that will enrich your CKEditor 4 WYSIWYG editing experience, including fixing problems with the Table Resize plugin, the script loader or CSS margin parsing errors in certain contexts.
# Security issue fixed
CKEditor 4.15.1 fixes an XSS vulnerability in the Color History feature (CVE‑2020‑27193). Prior to this version, it was possible to execute an XSS-type attack conducted with a specially crafted HTML code injected by the victim via the Color Button dialog. However, the vulnerability required the user to manually paste the code, minimizing the risk.
We would like to thank Mark Wade for reporting this.
It is strongly advised to update your copy of CKEditor 4 promptly to avoid any risk. Sorry for any inconvenience caused.
# Export to PDF updated to 1.0.1
We revisited our greatly popular Export to PDF plugin and improved it. The external CSS support in the classic editor now handles exceptions and displays helpful error messages. This should make it easier to debug cases where the document formatting was lost due to an inaccessible stylesheet.
- Export to PDF is a commercial feature. Check the pricing if you are interested. Contact us for a tailor-made offer!
- If you want to test Export to PDF before buying, check out the commitment-free CKEditor Premium Features 30-day free trial. You can learn more about all the features included in this handy software bundle in our trials documentation.
- You can also use the Export to PDF feature for free, but it will add a watermark on the output files in unlicensed installations.
# Other improvements
Based on community feedback and best practices in web development, we always try to modernize the CKEditor 4 API to make working with it a pleasure for any developer. We have also fixed some bugs, including:
- The Table Resize plugin no longer prevents editing of merged cells. (#3961)
- The Auto Grow plugin now properly resizes the editor. (#4286)
- Applying a block format removes existing block styles. (#3649)
Please refer to the changelog, to see what other improvements were made.