CKEditor 4.16.2 with browser improvements and security fixes
We are happy to announce another maintenance release of CKEditor 4. Several browser-related issues were revisited and some other important bug fixes were introduced, too. Also, important security patches were rolled out. And to top all the changes, a React 2.0.0 integration was recently released. Check out CKEditor 4.16.2 and find out, what was improved!
# Security issues fixed
A security vulnerability in the Clipboard plugin (CVE-2021-32809) was fixed. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.
Even though these are low impact issues, an upgrade is highly recommended!
# Browser compatibility issues
We have introduced several amendments and enhancements targeted at various browsers, ensuring cross-platform compatibility to provide the most accessible editing experience available.
Invalid handling of whitespaces in Chrome was fixed. After removing one of the two consecutive spaces, the non-breaking space (
) character appeared in the editor instead of a space. This was a highly requested fix and now it works as expected and doesn’t cause any more formatting issues in the CKEditor 4 output.
The v4.16.2 release introduces a mechanism forCSS selectors escaping (
CSS.escape() polyfill) for all supported Internet Explorer versions. This solved an issue with table elements such as
th with an
# Important fixes
Based on community feedback and best practices in web development, we always try to modernize the CKEditor 4 API to make working with it a pleasure for any editor or developer.
# Incorrectly doubled anchors
A small but annoying bug was fixed for the text anchors. It happened if there were styles (eg. bold) applied to the text that served as an anchor. After the anchor link was edited, the anchor itself got duplicated. We have ensured this behavior no longer happens.
# HTML comments fix
While using the source editing mode it could sometimes happen that the HTML comments present in the widgets would get messed up. It could lead to producing invalid HTML code or even losing some of the widget data stored in these HTML comments. As of v4.16.2 this error has been eliminated.
# Other fixes
There were also some more bug fixes introduced with the current release. For a full list of changes and enhancements to CKEditor 4, see the changelog.
# React 2.0.0 integration
We are also happy to announce the release of the native integration of CKEditor 4 with React. The v2.0.0 release brings support for React v17.x, support for React hooks and TypeScript support and typings.
You can learn more about this integration in a dedicated release blog post.
# Release notes
CKEditor is available under Open Source and Commercial licenses. Full details can be found on our license page.