CKEditor 4.16.1

Fixed Issues:

  • #4617: Fixed: Autocomplete is not accessible in inline editors.
  • #4493: Fixed: The drop-down label does not reflect the current value of the drop-down.
  • #1572: Fixed: A paragraph before or after a widget cannot be removed. Thanks to bunglegrind!
  • #4301: Fixed: Pasted content is overwritten when pasted in an initially empty editor with the div Enter mode.
  • #4351: Fixed: Incorrect values for RGBA/HSLA colors in Color Dialog.
  • #4509: Fixed: Incorrect handling of drag & drop inside widgets and nested editables.
  • #4611: [Android, iOS] Fixed: Incorrect hover styles for buttons in the toolbar on mobile devices.
  • #4652: Fixed: Event data set to false is treated as an event cancelation.

CKEditor 4.16.0

Security Updates:

  • Fixed ReDoS vulnerability in the Autolink plugin.

    Issue summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted URL-like text into the editor and press Enter or Space.

  • Fixed ReDoS vulnerability in the Advanced Tab for Dialogs plugin.

    Issue summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted text into the Styles dialog.

An upgrade is highly recommended!

New Features:

  • #2800: Unsupported image formats are now gracefully handled by the Paste from Word plugin on paste, additionally showing descriptive error messages.
  • #2800: Unsupported image formats are now gracefully handled by the Paste from LibreOffice plugin on paste, additionally showing descriptive error messages.
  • #3582: Introduced smart positioning of the Autocomplete panel used by the Mentions and Emoji plugins. The panel will now be additionally positioned related to the browser viewport to be always fully visible.
  • #4388: Added the option to remove an iframe created with the IFrame Dialog plugin from the sequential keyboard navigation using the tabindex attribute. Thanks to Timo Kirkkala!

Fixed Issues:

API Changes:

Other Changes:

CKEditor 4.15.1

Security Updates:

  • Fixed XSS vulnerability in the Color History feature reported by Mark Wade.

    Issue summary: It was possible to execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog.

An upgrade is highly recommended!

Fixed Issues:

API Changes:

Other Changes:

CKEditor 4.15.0

New features:

Fixed Issues:

CKEditor 4.14.1

Fixed Issues:

Other Changes:

Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check