CKEditor 4.15.1 with a security patch released

security patch released

We would like to announce the release of CKEditor 4.15.1. This security update addresses a vulnerability in the CKEditor 4 Color History feature and an upgrade is highly recommended. There are also other bug fixes that will enrich your CKEditor 4 WYSIWYG editing experience, including fixing problems with the Table Resize plugin, the script loader or CSS margin parsing errors in certain contexts.

# Security issue fixed

CKEditor 4.15.1 fixes an XSS vulnerability in the Color History feature (CVE‑2020‑27193). Prior to this version, it was possible to execute an XSS-type attack conducted with a specially crafted HTML code injected by the victim via the Color Button dialog. However, the vulnerability required the user to manually paste the code, minimizing the risk.
We would like to thank Mark Wade for reporting this.

The font color picker dialog with color history feature in the CKEditor 4 WYSIWYG editor.
The font color picker dialog with color history feature in the CKEditor 4 WYSIWYG editor.

It is strongly advised to update your copy of CKEditor 4 promptly to avoid any risk. Sorry for any inconvenience caused.

# Export to PDF updated to 1.0.1

We revisited our greatly popular Export to PDF plugin and improved it. The external CSS support in the classic editor now handles exceptions and displays helpful error messages. This should make it easier to debug cases where the document formatting was lost due to an inaccessible stylesheet.

The Export to PDF function in the CKEditor 4 WYSIWYG editor toolbar.
The Export to PDF function in the CKEditor 4 WYSIWYG editor toolbar.
  • Export to PDF is a commercial feature. Check the pricing if you are interested. Contact us for a tailor-made offer!
  • If you want to test Export to PDF before buying, check out the commitment-free CKEditor Premium Features 30-day free trial. You can learn more about all the features included in this handy software bundle in our trials documentation.
  • You can also use the Export to PDF feature for free, but it will add a watermark on the output files in unlicensed installations.

# Other improvements

Based on community feedback and best practices in web development, we always try to modernize the CKEditor 4 API to make working with it a pleasure for any developer. We have also fixed some bugs, including:

Please refer to the changelog, to see what other improvements were made.

# Release notes

Check out the release notes and contact us for more information.

# Download

Download CKEditor now and upgrade your installation or use your favorite package manager to install it!

# License

CKEditor is available under Open Source and Commercial licenses. Full details can be found on our license page.

# Reporting issues and contributing

Please report any new issues in the CKEditor 4 development repository and follow the instructions in the issue template. You can also contribute code and provide editor patches through pull requests.

# Support

Community support is available through Stack Overflow. Visit the resources page for additional options.

If you have enjoyed reading this, be sure to check out our other blog posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

We use cookies and other technologies to provide you with a better user experience.

Learn more

Hi there, any questions about products or pricing?

Any questions about our products or pricing?

Send us a quick message and one of our Sales Representatives will be in touch with you as soon as possible.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.