Posted on: 

CKFinder 3.1 for PHP with Security Patches Released

We’d like to announce the release of CKFinder 3.1 for PHP, the first major update to the totally rebuilt CKFinder 3 line that was unveiled this summer. This version includes plenty of improvements and new features, including reworked keyboard navigation and focus management with a new Keyboard Shortcuts dialog, greatly improved application performance, full Microsoft Edge compatibility as well as some new configuration options and commands. Considerable effort was also put into improving iPad/Safari compatibility and Right-to-Left support as well as UI and UX fixes for the compact mode. Last but not least, this release includes several important security patches for the server-side part of the application so updating is highly recommended. Read on for more!

Keyboard Navigation & Focus Management

Accessibility and UX have always been a priority in our products, so this release includes several improvements in these areas. CKFinder 3.1 was also thoroughly tested in screen readers and its accessibility level is quite outstanding. We actually reworked keyboard navigation in the entire application and thus:

  • We identified and fixed all places of the application that were not accessible with keyboard.
  • We implemented custom Tab key support to resolve inconsistency between browsers.
  • We resolved an issue with Arrow keys navigation when viewing files in the gallery.
  • We resolved issues with disappearing focus after performing various operations, e.g. after deleting a file.
  • Focus is now correctly cycled between context menu items and toolbar buttons.
  • We adjusted the behavior of keyboard navigation to be compliant with accessibility requirements, e.g. when focusing a component, the first element inside the component is focused automatically:

CKFinder 3 toolbar focus

Keyboard Shortcuts Dialog

As a final step in improving keyboard navigation in CKFinder we introduced the new Keyboard Shortcuts dialog window. This dialog is opened by pressing ? on your keyboard and is a helpful reminder that explains how to navigate CKFinder with keyboard and use its features.

CKFinder 3.1 Keyboard Shortcuts dialog window

These shortcuts are also described in the new Keyboard Shortcuts documentation.

Performance Improvements

We put a lot of effort into speeding up CKFinder and the results were pretty successful:

  • Loading files from Amazon S3 buckets with hundreds of thousands of files has been significantly improved and now works several dozen times faster.
  • The number of cases when the entire files pane is refreshed was reduced by refreshing just the relevant files that have been altered by the executed operation - which results in a much better UX.
  • Thumbnails loading was sped up. Again, this has given us a significant performance gain, especially in case of using PHP sessions, and thumbnails may now load multiple times faster.
  • Graceful files refresh on subsequent clicks on a folder was implemented.
  • Caching of image previews was fixed. This should speed up viewing files in a gallery.

Microsoft Edge Support

CKFinder 3.1 is now fully compatible with Microsoft Edge, the latest browser available in Windows 10.

New Proxy Command

The server-side connector of CKFinder 3.1 introduces a new Proxy command that helps resolve some issues e.g. with accessing original files from remote backends by the Edit Image feature. Since a similar feature was frequently requested in the past, we connected it with backends and introduced a new optional backends configuration option: useProxyCommand. It can be used to proxy files stored outside the document root.

New PHP Configuration Options

CKFinder 3.1 adds a few PHP configuration settings for the server-side component:

  • The cache option configures cache lifetime for various CKFinder components.
  • The tempDirectory option sets the path to the temporary files folder used by CKFinder. It should resolve temporary directory access issues on some IIS installations.
  • The sessionWriteClose option defines whether the connector should close write access to the session to avoid performance issues.

Security Patches

We take security of our applications seriously and special focus is always put to this domain in our testing phase. As a result of some vigorous security testing and hacking that we did on CKFinder 3 we discovered some potential security concerns in the server-side part of the application. These issues affected actions that only authenticated users without sufficient permissions could perform solely in locations specified in your CKFinder backends configuration.

All identified issues are now fixed and an upgrade to CKFinder 3.1 is highly recommended.


CKFinder 3.1 includes two new localizations, Basque and Kurdish. Apart from that, Brazilian Portuguese, Chinese, Croatian, Czech, Danish, Esperanto, Estonian, French, German, Greek, Hungarian, Italian, Korean, Norwegian, Persian, Polish and Russian language versions were updated.

We would like to thank all contributors who helped us translate the CKFinder user interface - both the CKFinder team and the end-users are really grateful for your help!

The CKFinder localization process goes through a dedicated GitHub repository, so if you would like to help us translate CKFinder into your native language (and get a free license, too!), it will be most appreciated.

Other Fixes

CKFinder is a highly responsive application with great mobile support that we are constantly fine-tuning. This release includes several fixes for mobile environments such as iOS/Safari and Android. We also fixed a dozen of UI glitches in compact mode and in RTL interfaces. Last but not least, some changes were introduced to the very popular Edit Image feature.

The image below shows CKFinder 3.1 in compact mode, using the new Right-to-Left Kurdish localization.

CKFinder 3.1 RTL interface in compact mode

See the What’s New? page for a full list of changes.


Download CKFinder 3.1 for PHP now! Also available as a Symfony Bundle.

Reporting Issues and Feature Requests

If you miss anything in CKFinder, have ideas on how CKFinder could be improved, or found a bug, please do not hesitate to report an issue in the CKFinder issue tracker. The tracker is public, so not only can you submit your ideas, but you can also browse existing issues and add your comments there.

What's Next?

Alongside further development of the PHP version, the team has now started working on the ASP.NET (ETA: Q1/Q2 of 2016) and Java (ETA: Q2 of 2016) server-side connectors - it has already been announced that all customers who purchase a license after June 2015 will get a free upgrade to CKFinder 3.

The classic ASP/ColdFusion distributions of CKFinder will not be upgraded to version 3, however will still receive patches (including security fixes) until 2019.

Feedback Needed!

We are really enthusiastic about this new, major CKFinder version and its numerous new features. We will be happy to hear from you and thankful for any suggestions that will help us improve these features and tailor them to your expectations.


All CKFinder licenses come with a year of dedicated support straight from core CKFinder developers. You can also refer to StackOverflow for community support.

If you have enjoyed reading this, be sure to check out our other blog posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

We use cookies and other technologies to provide you with a better user experience.

Learn more

Hi there, any questions about products or pricing?

Any questions about our products or pricing?

Send us a quick message and one of our Sales Representatives will be in touch with you as soon as possible.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.