We would like to announce the slightly premature release of CKEditor 4.4.3 which, among a variety of fixes and new features, contains a security fix to one of the official plugins. An upgrade is highly recommended!
Security Issue Fixed
We have recently been contacted by Mario Heiderich of Cure53 regarding a potential XSS issue in the Preview plugin. A security patch was promptly produced by our developers and the team has decided to speed up an upcoming CKEditor 4.4.3 release in order to provide the fix to the general public as soon as possible. We would like to thank Mario and his team for their submission and strongly recommend everyone to upgrade all existing editor installations!
Although it is a minor release, CKEditor 4.4.3 includes a new feature, too. The Justify option was added to the Horizontal Alignment drop-down in the Table Cell Properties dialog window. This means that table cell content can now not only be centered and left- or right-aligned, but it can also be justified, too.
This editor version contains patches submitted to our GitHub repository. Alin Purcaru fixed an editor crash after deleting a table and Noam Shalev-Inar corrected an undesired behavior of the Enter key which created a new line instead of breaking the list when pressed inside an empty list item.
The CKEditor development team also fixed an irritating issue with the
config.disableObjectResizing option not working in Internet Explorer, however, only up till version 10. A fix for Internet Explorer 11 requires a move on Microsoft's part, so you can support our pledge here if you are interested in getting this fixed once and for all.
Edit: The CKEditor team managed to convinced Microsoft that a solution is needed and they agreed to implement a fix in future releases!
Check out the What's New? page for the full list of changes.
CKEditor is available under Open Source and Commercial licenses. Full details can be found on our license page.
Please use the CKEditor Development website to report issues and suggestions through tickets.