Issue summary: The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. See security advisory for more details.
You can read more details in the relevant security advisory and contact us if you have more questions.
An upgrade is highly recommended!
- #4777: Fixed: HTML comments in widgets not processed correctly.
- #4733: Fixed: Link prevent duplicate anchors in text with styles.
#3819: [Chrome] Fixed: After removing one of the two consecutive spaces, the
character appears in the editor instead of a space.
- #4666: [IE] Introduce CSS.escape polyfill. Thanks to limingli0707!
- #3638: Fixed: Opening the same dialog twice causes it to become hidden under the dialog's page cover.
- #4247: Fixed: Color Button's incorrect rendering on the first opening.
- #4555: Fixed: Font styles with attributes are not applied correctly when used multiple times over the same selection.
#4782: [Firefox] Fixed:
TypeErroris thrown when switching to Source View and back while Autocomplete plugin is enabled.