« See all

CKEditor 4.15.1 with a security patch released

We would like to announce the release of CKEditor 4.15.1. This security update addresses a vulnerability in the CKEditor 4 Color History feature and an upgrade is highly recommended. There are also other bug fixes that will enrich your CKEditor 4 WYSIWYG editing experience, including fixing problems with the Table Resize plugin, the script loader or CSS margin parsing errors in certain contexts.

# Security issue fixed

CKEditor 4.15.1 fixes an XSS vulnerability in the Color History feature (CVE‑2020‑27193). Prior to this version, it was possible to execute an XSS-type attack conducted with a specially crafted HTML code injected by the victim via the Color Button dialog. However, the vulnerability required the user to manually paste the code, minimizing the risk.
We would like to thank Mark Wade for reporting this.

The font color picker dialog with color history feature in the CKEditor 4 WYSIWYG editor.
The font color picker dialog with color history feature in the CKEditor 4 WYSIWYG editor.

It is strongly advised to update your copy of CKEditor 4 promptly to avoid any risk. Sorry for any inconvenience caused.

# Export to PDF updated to 1.0.1

We revisited our greatly popular Export to PDF plugin and improved it. The external CSS support in the classic editor now handles exceptions and displays helpful error messages. This should make it easier to debug cases where the document formatting was lost due to an inaccessible stylesheet.

The Export to PDF function in the CKEditor 4 WYSIWYG editor toolbar.
The Export to PDF function in the CKEditor 4 WYSIWYG editor toolbar.
  • Export to PDF is a commercial feature. Check the pricing if you are interested. Contact us for a tailor-made offer!
  • If you want to test Export to PDF before buying, check out the commitment-free CKEditor Premium Features 30-day free trial. You can learn more about all the features included in this handy software bundle in our trials documentation.
  • You can also use the Export to PDF feature for free, but it will add a watermark on the output files in unlicensed installations.

# Other improvements

Based on community feedback and best practices in web development, we always try to modernize the CKEditor 4 API to make working with it a pleasure for any developer. We have also fixed some bugs, including:

Please refer to the changelog, to see what other improvements were made.

# Release notes

Check out the release notes and contact us for more information.

# Download

Download CKEditor now and upgrade your installation or use your favorite package manager to install it!

# License

CKEditor is available under Open Source and Commercial licenses. Full details can be found on our license page.

# Reporting issues and contributing

Please report any new issues in the CKEditor 4 development repository and follow the instructions in the issue template. You can also contribute code and provide editor patches through pull requests.

# Support

Community support is available through Stack Overflow. Visit the resources page for additional options.

Share this post

Linkedin Reddit
CKEditor helps: the promotion of open science
CKEditor 5 v23.1.0 with raw HTML embedding, reconversion API and pasting tables into tables with track changes