Posted on: 

CKFinder 2.3.1 Released

The CKSource team is happy to announce the release of CKFinder 2.3.1. This is a minor release that includes security fixes for all server-side connectors, most notably regarding Denial-of-Service (DoS) attacks (low/medium risk). We recommend updating all installations of CKFinder. Version 2.3.1 also includes a few localization updates and new language: Serbian.

Security Fixes

  • Fixed the ability to perform DoS attack by users authorized to use the sever connector and with permissions to upload files (ASP, PHP, ColdFusion).
  • Fixed the ability to cause a Denial-of-Service to files and folders on certain servers (like Apache) by users authorized to use the sever connector and with permissions to create folders. The attack was possible only inside a folder to which the user had "create folder" permissions.

We would like to thank Soroush Dalili (@irsdl) for reporting both issues.

Other Changes

  • Added new translation: Serbian.
  • Updated translations: Catalan, Chinese and Japanese.
  • Folders that start with a dot character are now disallowed by default.
  • Fixed auto-renaming of files with multiple extensions: foo.tar.gz will be renamed to foo(1).tar.gz on second upload.
  • (Java) Thumbnails were sometimes not available.


See the whatsnew page for a list of changes.


Download CKFinder now!


Community support is available through our forums. Visit the support page for additional options.

If you have enjoyed reading this, be sure to check out our other blog posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

We use cookies and other technologies to provide you with a better user experience.

Learn more

Hi there, any questions about products or pricing?

Any questions about our products or pricing?

Send us a quick message and one of our Sales Representatives will be in touch with you as soon as possible.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.