CKEditor 5 v10.0.1 with a security patch released

CKEditor 5 with a security patch release

We would like to announce the release of CKEditor 5 v10.0.1 that contains a security fix for the Link package, so an upgrade is highly recommended for all CKEditor 5 installations that include it. Additionally, this release fixes an issue with the decoupled editor that blocked enabling real-time collaboration in this editor.

# Security issue fixed

CKEditor 5 v10.0.1 fixes a cross-site scripting (XSS) issue in the @ckeditor/ckeditor5-link package. The vulnerability allowed remote attackers to inject an arbitrary web script through a crafted href attribute of a link (<a>) element.

Note that all official CKEditor 5 builds as well as all custom builds which included this package are affected.

CKEditor 5 versions affected: v0.3.0 and later.

This issue was reported independently by Toan Chi Nguyen from Techlab Corporation and Michal Bazyli. Thank you!

# Other fixes

Other than that, this release fixes an issue with asynchronous data initialization in the decoupled editor class which blocked enabling real-time collaboration in this editor.

# Download

CKEditor 5 builds can be downloaded from the CDN, npm or as zip packages. Read more in the Installation guide.

# License

CKEditor 5 is available under Open Source and Commercial licenses. Full details can be found on our license page.

# Reporting issues and contributing

You can report all general issues in the main CKEditor 5 repository. Read more in the Reporting issues guide.

# Support

The project documentation is growing and always up to date. Community support is available through Stack Overflow. Read more in the Getting support guide.

If you have enjoyed reading this, be sure to check out our other blog posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

We use cookies and other technologies to provide you with a better user experience.

Learn more

Hi there, any questions about products or pricing?

Any questions about our products or pricing?

Send us a quick message and one of our Sales Representatives will be in touch with you as soon as possible.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.