CKEditor 4.18 browser bugfix and security patches
We are happy to announce another major release of CKEditor 4. CKEditor 4.18 comes with important security fixes for the HTML processing core module and dialog plugin. It also includes important bug fix for Paste From Word plugin in the latest version of Chrome. We have also decided to make the WebSpellChecker Dialog plugin obsolete due to its end of life. Check out CKEditor 4.18 and find out, what was improved!
# Security fixes
We keep on striving to deliver the best, most secure editing solution for our users. Fast and reliable response to security threats effects in more frequent versions being released, one of which is the current 4.18
A potential Regular expression Denial of Service vulnerability in the CKEditor 4 dialog plugin was discovered by the CKEditor 4 team during our standard security audit. The vulnerability allowed to abuse a dialog input validator regular expression, which could cause a significant performance drop (CVE-2022-24729). The current release patches this vulnerability.
It is always strongly advised to update your copy of CKEditor 4 promptly to avoid any potential risk.
# Important changes
# Browser bug fixed
Chrome 98 introduced a bug causing incorrect pixel units calculation in the Paste From Word plugin resulting in the invalid size of some features like table borders. We decided to patch this issue by updating the convertToPx method mitigating the issue.
# WebSpellChecker Dialog support ended
Web Spell Checker ended support of WebSpellChecker Dialog on December 31st, 2021. This means the plugin is not supported any longer. Therefore, we decided to deprecate and remove the WebSpellChecker Dialog plugin from CKEditor 4 presets.
# Release notes
CKEditor is available under Open Source and Commercial licenses. Full details can be found on our license page.