View all articles
Posted on: 

CKFinder 2.6 with Security Patches and a Bootstrap Skin Released

Despite the fact that most of our effort nowadays goes into CKFinder 3 enhancements, we managed to squeeze into our schedule the release of CKFinder 2.6 with security patches and a refreshed look based on Bootstrap 3 - “the most popular HTML, CSS, and JS framework for developing responsive, mobile first projects on the web”.

Security Patches for XSS Issues

We have been contacted by our colleagues from Galaxy Software Services Taiwan regarding an issue discovered during penetration tests. It was related to DOM XSS and reflected XSS vulnerabilities. After confirming the issue, a security patch was developed in order to provide the fix to the general public as soon as possible. The entire application was also rigorously checked to confirm that it was the only place affected.

All identified issues are now fixed and an upgrade to CKFinder 2.6 is highly recommended.

Automatic CSRF Protection

A feature that previously required custom coding and setting proper configuration options is now automatically enabled in CKFinder 2.6 and requires no manual setup. The built-in CSRF protection additionally improves the security of authenticated users - when a malicious website contains a link, a form button or some JavaScript that is intended to perform unwanted action using the credentials of a logged-in user who visits the malicious site, CKFinder will now detect and block such attempts.

Note for CKEditor users: In order to upload files directly inside CKEditor with updated CKFinder (with CSRF protection enabled), CKEditor should be also updated to the latest stable version (CKEditor 4.5.6 released on 9th Dec, 2015).

New Bootstrap 3 Skin

CKFinder 2 Bootstrap 3 Skin

Here is a piece of good news to all our clients who are using CKFinder 2 for Java or .NET (while waiting for a suitable CKFinder 3 connector) but also for ColdFusion and classic ASP users. Following user feedback we have decided to refresh the look and feel of CKFinder 2 by adding a new optional Bootstrap skin. We hope you will enjoy it! 

Changelog

See the What’s New? page for a full list of changes.

Download

Download CKFinder now!

Support

All CKFinder licenses come with a year of dedicated support straight from core CKFinder developers. You can also refer to StackOverflow for community support.

If you have enjoyed reading this, be sure to check out our other blog posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

We use cookies and other technologies to provide you with a better user experience.

Learn more

Hi there, any questions about products or pricing?

Any questions about our products or pricing?

Send us a quick message and one of our Sales Representatives will be in touch with you as soon as possible.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.