Release notes

CKEditor 4.9.2

Apr 18/2018

Security Updates:

Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein.

Issue summary: It was possible to execute XSS inside CKEditor using the <img> tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.

Download .zip Download .gzip

CKEditor 4.9.1

Mar 26/2018

Fixed Issues:

#1835: Fixed: Integration between CKFinder and File Browser plugin does not work.

Download .zip Download .gzip

CKEditor 4.9.0

Mar 14/2018

New Features:

#932: Introduced Easy Image feature for inserting images that are automatically rescaled, optimized, responsive and delivered through a blazing-fast CDN. Three new plugins were added to support it:
#1338: Keystroke labels are displayed for function keys (like F7, F8).
#643: The File Browser plugin can now upload files using XHR requests. This allows for setting custom HTTP headers using the config.fileTools_requestHeaders configuration option.
#1365: The File Browser plugin uses XHR requests by default.
#1399: Added the possibility to set CKEDITOR.config.startupFocus as start or end to specify where the editor focus should be after the initialization.
#1441: The Magic Line plugin line element can now be identified by the data-cke-magic-line="1" attribute.

Fixed Issues:

#595: Fixed: Pasting does not work on mobile devices.
#869: Fixed: Empty selection clears cached clipboard data in the editor.
#1419: Fixed: The Widget Selection plugin selects the editor content with the Alt+A key combination on Windows.
#1274: Fixed: Balloon Toolbar does not match a single selected image using the contextDefinition.cssSelectormatcher.
#1232: Fixed: Balloon Toolbar buttons should be registered as focusable elements.
#1342: Fixed: Balloon Toolbar should be re-positioned after the change event.
#1426: [IE8-9] Fixed: Missing Balloon Toolbar background in the Kama skin. Thanks to Christian Elmer!
#1470: Fixed: Balloon Toolbar is not visible after drag and drop of a widget it is attached to.
#1048: Fixed: Balloon Panel is not positioned properly when a margin is added to its non-static parent.
#889: Fixed: Unclear error message for width and height fields in the Image and Enhanced Image plugins.
#859: Fixed: Cannot edit a link after a double-click on the text in the link.
#1013: Fixed: Paste from Word does not work correctly with the config.forcePasteAsPlainText option.
#1356: Fixed: Border parse function does not allow spaces in the color value.
#1010: Fixed: The CSS border shorthand property was incorrectly expanded ignoring the border-color style.
#1535: Fixed: Widget mouseover border contrast is insufficient.
#1516: Fixed: Fake selection allows removing content in read-only mode using the Backspace and Delete keys.
#1570: Fixed: Fake selection allows cutting content in read-only mode using the Ctrl/Cmd + X keys.
#1363: Fixed: Paste notification is unclear and it might confuse users.

API Changes:

#1346: Balloon Toolbar context manager API is now available in the pluginDefinition.init method of the requiringplugin.
#1530: Added the possibility to use custom icons for buttons.

Other Changes:

Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
- SCAYT scayt_minWordLength configuration option now defaults to 3 instead of 4.
- SCAYT default number of suggested words in the context menu changed to 3.
- #90: Fixed: Selection is lost on link creation if SCAYT highlights the word.
- Fixed: SCAYT crashes when the browser localStorage is disabled.
- [IE11] Fixed: Unable to get property type of undefined or null reference error in the browser console when SCAYT is disabled/enabled.
- #46: Fixed: Editing is blocked when remote spell checker server is offline.
- Fixed: User Dictionary cannot be created in WSC due to You already have the dictionary error.
- Fixed: Words with apostrophe ' on the replacement make the WSC dialog inaccessible.
- Fixed: SCAYT/WSC causes the Uncaught TypeError error in the browser console.
#1337: Updated the samples layout with the new CKEditor 4 logo and color scheme.
#1591: CKBuilder and language tools are now downloaded over HTTPS. Thanks to August Detlefsen!

Download .zip Download .gzip

CKEditor 4.8.0

Dec 13/2017

Important Notes:

#1249: Enabled the Upload Image plugin by default in standard and full presets. Also, it will no longer log an error in case of missing config.imageUploadUrl property.

New Features:

#933: Introduced Balloon Toolbar plugin.
#662: Introduced image inlining for the Paste from Word plugin.
#468: [Edge] Introduced support for the Clipboard API.
#607: Manually inserted Hex color is prefixed with a hash character (#) if needed. It ensures a valid Hex color value is used when setting the table cell border or background color with the Color Dialog window.
#584: Font size and Family and Format drop-downs are not toggleable anymore. Default option to reset styles added.
#856: Introduced the CKEDITOR.tools.keystrokeToArray method. It converts a keystroke into its string representation, returning every key name as a separate array element.
#1053: Introduced the CKEDITOR.tools.object.merge method. It allows to merge two objects, returning the new object with all properties from both objects deeply cloned.
#1073: Introduced the CKEDITOR.tools.array.every method. It invokes a given test function on every array element and returns true if all elements pass the test.

Fixed Issues:

#796: Fixed: A list is pasted from OneNote in the reversed order.
#834: [IE9-11] Fixed: The editor does not save the selected state of radio buttons inserted by the Form Elementsplugin.
#704: [Edge] Fixed: Using Ctrl/Cmd + Z breaks widget structure.
#591: Fixed: A column is inserted in a wrong order inside the table if any cell has a vertical split.
#787: Fixed: Using Cut inside a nested table does not cut the selected content.
#842: Fixed: List style not restored when toggling list indent level in the Indent List plugin.
#711: Fixed: Dragging widgets should only work with the left mouse button.
#862: Fixed: The "Object Styles" group in the Styles Combo plugin is visible only if the whole element is selected.
#994: Fixed: Typo in the CKEDITOR.focusManager.focus API documentation. Thanks to benjy!
#1014: Fixed: The Table Tools Cell Properties dialog is now Advanced Content Filter aware — it is not possible to change the cell width or height if corresponding styles are disabled.
#877: Fixed: A list with custom bullets with exotic characters crashes the editor when pasted from Word.
#605: Fixed: Inline widgets do not preserve trailing spaces.
#1008: Fixed: Shorthand Hex colors from the config.colorButton_colors option are not correctly highlighted in the Color Button Text Color or Background Color panel.
#1094: Fixed: Widget definition upcast methods are called for every element.
#1057: Fixed: The Notification plugin overwrites Web Notifications API due to leakage to the global scope.
#1068: Fixed: Upload widget paste listener ignores changes to the uploadWidgetDefinition.
#921: Fixed: [Edge] CKEditor erroneously perceives internal copy and paste as type "external".
#1213: Fixed: Multiple images uploaded using Upload Image plugin are randomly duplicated or mangled.
#532: Fixed: Removed an outdated user guide link from the About dialog.
#1221: Fixed: Invalid CSS loaded by Balloon Panel plugin when config.skin is loaded using a custom path.
#522: Fixed: Widget selection is not removed when widget is inside table cell with Table Selection plugin enabled.
#1027: Fixed: Cannot add multiple images to the table with Table Selection plugin in certain situations.
#1069: Fixed: Wrong shape processing by Paste from Word plugin.
#995: Fixed: Hyperlinked image gets inserted twice by Paste from Word plugin.
#1287: Fixed: Widget plugin throws exception if included in editor build but not loaded into editor's instance.

API Changes:

#1097: Widget upcast methods are now called in the widget definition's context.
#1118: Added the show option in the balloonPanel.attach method, allowing to attach a hidden Balloon Panelinstance.
#1145: Added the skipNotifications option to the CKEDITOR.fileTools.uploadWidgetDefinition, allowing to switch off default notifications displayed by upload widgets.

Other Changes:

#815: Removed Node.js dependency from the CKEditor build script.
#1041, #1131: Updated URLs pointing to CKSource and CKEditor resources after the launch of new websites.

Download .zip Download .gzip

CKEditor 4.7.3

Sep 13/2017

New Features:

#568: Added possibility to adjust nested editables' filters using the CKEDITOR.filter.disallowedContentproperty.

Fixed Issues:

#554: Fixed: change event not fired when typing the first character after pasting into the editor. Thanks to Daniel Miller!
#566: Fixed: The CSS border shorthand property with zero width (border: 0px solid #000;) causes the table to have the border attribute set to 1.
#779: Fixed: The Remove Format plugin removes elements with language definition inserted by the Languageplugin.
#423: Fixed: The Paste from Word plugin pastes paragraphs into the editor even if CKEDITOR.config.enterModeis set to CKEDITOR.ENTER_BR.
#719: Fixed: Image inserted using the Enhanced Image plugin can be resized when the editor is in read-only mode.
#577: Fixed: The "Delete Columns" command provided by the Table Tools plugin throws an error when trying to delete columns.
#867: Fixed: Typing into a selected table throws an error.
#817: Fixed: The Save plugin does not work in Source Mode.

Other Changes:

Updated the WebSpellChecker plugin:
- #40: Fixed: IE10 throws an error when spell checking is started.
#800: Added the CKEDITOR.dom.selection.isCollapsed method which is a simpler way to check if the selection is collapsed.
#830: Added an option to define which dialog tab should be shown by default when creating CKEDITOR.dialogCommand.

Download .zip Download .gzip