The CKSource team is happy to announce the release of CKFinder for Java 2.4.3. This version includes security patches for minor and medium security issues. The update only affects CKFinder for Java, so users of other platforms are not required to upgrade. Java users, however, are encouraged to update to this latest release.
- Improved sanitization, which could have lead to XSS or unhandled Java exceptions
- ImageResize plugin allowed for checking size of an image outside "userfiles" folder
- Dependency updates
Again, this update only affects users of CKFinder for Java.
See the whatsnew page for a list of changes.