CKFinder release notes

Version 3.7.0 (PHP)

Released: Apr 18, 2024

New Features

• Added support for WebP image format.
• Updated third-party dependencies.

Version 3.6.2 (Java)

Released: Feb 06, 2024

Fixed Issues

• Added support for the type parameter in the Init method, enabling CKFinder instances to properly limit the displayed resource types.

Version 3.6.1 (PHP)

Released: Oct 02, 2023

New Features

• Added support for PHP 8.2.

Fixed Issues

• Updated third-party libraries.
• Fixed issue with bitmap images whenmemory_limitwas disabled.

Version 3.6.1 (Java)

Released: Mar 20, 2023

New Features

• Added support for BMP image thumbnails and previews.
• Added Jakarta compatibility.

Backward Incompatible Changes

• Due to a breaking change made to ensure compatibility with Jakarta, we have introduced a new v4.0.0line of the Java ckfinder3dependency. This means that the version of the ckfinder3dependency in the v4.0.0line is no longer in sync with the version of the CKFinder frontend.

Version 3.6.0

Released: Dec 05, 2022

New Features

• Upgraded Flysystem to version 3.

Backward Incompatible Changes

• Custom storage API in PHP connector has undergone major changes. Any custom storage adapters must be refactored to becompliant with Flysystem 3.

Fixed Issues

• Fixed special characters escaping in hideFilesandhideFolders options.

Localization updates

• Updated: Arabic.

Version 3.5.3 (PHP)

Released: Dec 10, 2021

New Features

• Added support for PHP 8.1.

Fixed Issues

• Updated third-party libraries.
• Replaced deprecated method calls.

Version 3.5.2

Released: Jul 26, 2021

Fixed Issues

• Upgraded jQuery to version 3.6.0.
• Replaced Lodash with Underscore version 1.13.1.

Version 3.5.1.2 (ASP.NET)

Released: Mar 29, 2021

Fixed Issues

• Fixed type registration issues in a newer version of Autofac.

Version 3.5.1.2 (PHP)

Released: Mar 15, 2021

New Features

• Added support for PHP 8.
• Updated third-party libraries.

Version 3.5.1.1 (Java)

Released: Dec 09, 2020

Fixed Issues

• Fixed issues related to DirectoryStream not being properly closed at some places

Version 3.5.1.1 (ASP.NET)

Released: Jul 10, 2020

Fixed Issues

• Updated third-party libraries.

Version 3.5.1.1 (PHP)

Released: May 07, 2020

Fixed Issues

• Updated third-party libraries.
• Fixed race condition in the local filesystem adapter.

Localization updates

• Updated: Bosnian, Chinese, Japanese, Korean.

Version 3.5.1 (Java)

Released: Nov 13, 2019

The first release of CKFinder 3 for Java connector is version 3.5.1 and we consider it to be a stable release that is ready to be deployed to production environments. For an overview of the new Java connector features, see the blog post.

Version 3.5.1

Released: Sep 05, 2019

New Features

• Added support for uploading files without a file extension. Files without an extention have to be explicitly enabled in the resource types configuration.

Documentation Updates

• Added documentation that clarifies how to fully protect against content sniffing in web browsers.
• Added documentation that clarifies how to fully protect against content sniffing in web browsers.

Version 2.6.3

Released: Sep 05, 2019

Security Release

• Fixed file upload vulnerability reported by Joshua Provoste.
• Fixed logic responsible for uploading files without a file extension.
• Added documentationthat clarifies how to fully protect against content sniffing in web browsers.
• Added documentationthat clarifies how to fully protect against content sniffing in web browsers.
• Added documentationthat clarifies how to fully protect against content sniffing in web browsers.
• Added documentationthat clarifies how to fully protect against content sniffing in web browsers.
• Added documentationthat clarifies how to fully protect against content sniffing in web browsers.

Version 3.5.0

Released: Apr 09, 2019

Fixed Issues

• Fixed issues related to loading language files in a CORS-enabled environment.
• Fixed image editing in a CORS-enabled environment.
• Fixed contrast issues in the "Choose resized" dialog.
• Fixed an issue with downloading large files that occurred on some IIS configurations.
• Fixed an issue with the Proxy command on an S3 backend.

Localization Updates

• Updated: Japanese.

Version 3.4.5

Released: Nov 27, 2018

New Features

• New skin: Neko.
• The language files can now be loaded in a CORS-enabled environment.
• Improved the look & feel of the image preview view.

Fixed Issues

• Fixed performance issues in the folder tree view for folders that contain hundreds of subfolders.
• Fixed focus issues in Compact and List view.
• Fixed file panel auto scroll issue in Modal mode.
• Fixed navigation issues in Compact and List views.
• Refactored Amazon S3 adapter, so it is now possible to pass a custom instance ofAmazonS3Client.
• Fixed an issue with incorrect last file modification dates.

Backward Incompatible Changes

• Due to performance issues, theview:FolderTreeNodeevent is no longer emitted in the CKFinder JavaScript client.

Version 3.4.4

Released: Jul 09, 2018

Fixed Issues

• Fixed file selection issue that occurred when search filter was used.
• Fixed problem with dates on FTP adapter.
• Updated AWS SDK to version 3.

Localization Updates

• Updated: Chinese, Dutch, Finnish, Persian.

Version 3.4.3

Released: Jun 11, 2018

Fixed Issues

• Fixed file upload issue in the latest version of Microsoft Edge (v42).
• Fixed text selection issue in CKFinder UI.
• Fixed URL generation in backends that use the Proxy command.
• Upgraded the ImageProcessor library to the latest version.

New Features

• Added support for Unix symbolic links in the local filesystem backend adapter.
• Added possibility to set license details per request.

Version 3.4.2 (ASP.NET)

Released: Aug 04, 2017

Fixed Issues

• Fixed issues with resolving base path when ckfinder.js is loaded with query string parameters.
• Fixed PDF preview for files with "pdf" extension written in uppercase.
• Fixed baseUrl option which was ignored by some backend adapters.
• Fixed URL generation for resized images in backends that use the Proxy command.

Localization Updates

• Added: Azerbaijani, Uzbek (Cyrillic and Latin versions).
• Updated: Vietnamese.

Version 3.4.2 (PHP)

Released: Jun 26, 2017

Fixed Issues

• Fixed issues with resolving base path when ckfinder.js is loaded with query string parameters.
• Fixed PDF preview for files with "pdf" extension written in uppercase.
• Updated AWS SDK to version 3.
• Updated Dropbox API to version 2.

Localization Updates

• Added: Azerbaijani, Uzbek (Cyrillic and Latin versions).
• Updated: Vietnamese.

Version 3.4.1

Released: Oct 28, 2016

New Features

• Added support for FTP storage.

Fixed Issues

• Improved Thumbnail command performance.

Localization Updates

• Updated: Greek and Turkish.

Version 2.6.2.1

Released: Oct 11, 2016

• Fixed issues with remembering last used folder and user settings not being saved.

Version 3.4.0

Released: Sep 20, 2016

New Features

• The settings:change:GROUP:NAME event has new param: previousValue.
• Added the Compact View for displaying files in columns (not supported in IE9).
• The defaultViewType configuration option accepts new value: compact.
• Added width parameter for columns defined for List View in listView:columns event.
• Added "OK" button to information dialogs (those created using dialog:info request).
• Improved configuration validation.
• Added progress tracking for time-consuming operations.
• Added support for IIS virtual directories in local storage adapter.

Fixed Issues

• Added the missing command:before:FileUpload, command:ok:FileUpload and command:error:FileUpload events for uploading files.
• Fixed focus in settings panel when changing view type.
• Fixed double toolbar:reset:Main:folder event in compact mode when user selects folder in files pane.
• Fixed keyboard navigation for disabled context menu items.
• Removed possibility to invoke Delete File command by keyboard inside folder with ACL FILE_DELETE set to false.
• Removed possibility to invoke Rename File command by keyboard inside folder with ACL FILE_RENAME set to false.
• Fixed drag&drop uploads on List View.
• Updated Javascript code prettifier for samples
• Fixed file permission issue occurring during file upload on some IIS server configurations.
• Fixed HTML file extension matching.
• Fixed URL generation for resized images in backends that use Proxy command.
• Added missing file size field to SaveImage command response.
• Improved thumbnail caching.

Localization Updates

• Added: Swiss German and Ukrainian.
• Updated: Chinese, Czech, Esperanto, French, German, Kurdish, Latvian, Polish, Russian, Slovakian, Spanish and Turkish.

Version 3.3.1 (ASP.NET)

Released: Jul 28, 2016

Fixed Issues

• Fixed performance issue for folders with more than 1000 files.

Version 2.6.2

Released: Jun 06, 2016

• Fixed issues with HTML5 upload in popup mode in Internet Explorer.

Version 3.3 (ASP.NET)

Released: May 12, 2016

New Features

• Added a stable version of the ASP.NET connector.
• Added support for Microsoft Azure Storage.
• Added support for Amazon S3 Storage.

Version 2.6.1

Released: Apr 15, 2016

• Fixed minor self-XSS vulnerability.

Version 3.3

Released: Mar 09, 2016

New Features

• Added support for Microsoft Azure Storage.

Backward Incompatible Changes

• Language files have undergone a major reorganization. Obsolete keys were removed.
• Events related to rendering columns in the files pane were changed:listView:file:column:NAME,listView:folder:column:NAME

Fixed Issues

• Performance improvements for rendering the files pane with thousands of items.
• Thumbnail slider enabled in list view when loading CKFinder.
• Choosing files with double click does not fetch the file URL for some remote backends.
• Invalid time when parsing time in the 12-hour clock system.
• Image Edit: Saving an image that exceedsmaxWidth/maxHeightthrows an error.

Localization Updates

• Added: Bosnian.
• Updated: Brazilian Portuguese, Czech, Esperanto, French, German, Italian, Kurdish, Latvian, Persian, Polish, Russian, Spanish and Swedish.

Version 3.2.1

Released: Jan 20, 2016

• In widget mode (in Internet Explorer/Edge only) the CSRF protection was too strict and did not allow for actions that should be allowed.

Version 2.6.0.1

Released: Dec 21, 2015

• Application failed to work due to incorrect "Return" keyword.

Version 3.2 (view blog post)

Released: Dec 10, 2015

New Feature: Automatic CSRF Protection

A feature that previously required custom coding and setting proper configuration options is now automatically enabled in CKFinder 3 and requires no manual setup. The built-in CSRF protection additionally improves the security of authenticated users: when a malicious website contains a link, a form button or some JavaScript that is intended to perform unwanted action using the credentials of a logged-in user who visits the malicious site, CKFinder will now detect and block such attempts

Other New Features

• Added new view for files pane: a list view with file details.
• Added sorting of files in files pane by name, date and size.
• Added the listViewIconSize configuration option.
• Added the defaultSortBy configuration option.
• Added the defaultSortByOrder configuration option.
• Added the defaultViewType configuration option.
• Added the listView:columns event.
• Added the listView:file:column:NAME event.
• Added the listView:folder:column:NAME event.
• Added the resources:show:before event.
• Added the dialog:close:NAME event.
• Added the file:getActive request.
• Added the csrf:getToken request.
• Added the sendPostAsJson parameter to the command:send request.
• The view parameter for the page:create request is now optional.

Fixed Issues

• Individual settings views have a proper name in the view:NAME event instead of a single Setting.
• Compact mode: Keyboard navigation in breadcrumbs is inverted for RTL languages.
• Fixed an issue that prevented to move or copy over 250 files on a default PHP installation.
• Fixed wrong error message for an empty file name.
• Fixed detection of swipe direction when opening panels on touch screen devices.
• Compact mode: Focus on filter box is lost when typing.
• Thumbnails are not refreshed after editing an image.
• Files filter is not refreshed after clicking a folder.
• Focus is lost after moving files.
• The toolbar is unnecessarily rendered when lazy loading of a folder finishes and a file was selected.

Version 2.6 (view blog post)

Released: Dec 10, 2015

Security Updates

• Fixed DOM XSS and reflected XSS vulnerabilities.

New Feature: Automatic CSRF Protection

A feature that previously required custom coding and setting proper configuration options is now automatically enabled in CKFinder 2 and requires no manual setup. The built-in CSRF protection additionally improves the security of authenticated users: when a malicious website contains a link, a form button or some JavaScript that is intended to perform unwanted action using the credentials of a logged-in user who visits the malicious site, CKFinder will now detect and block such attempts

Other New Features and Major Changes

• A new Bootstrap skin has been added.
• The flash upload component used to handle multiple file uploads in old version of Internet Explorer (IE9 and IE8) has been removed.
  As a result, the file upload feature will now fallback to a single file upload on browsers without HTML5 File API support.

Fixed Issues

• Fixed: Using up arrow key in List View to move between files did not work.

Version 3.1 (view blog post)

Released: Nov 02, 2015

Security Updates

As a result of security testing and hacking that we did on CKFinder 3 we discovered some potential security concerns in the server-side part of the application. These issues affected actions that only authenticated users could perform solely in locations specified in your CKFinder backends configuration, but since in some cases it was possible to skip ACL checks or file extension checks, an upgrade is highly recommended.

New Features

• Improved accessibility. Added compatibility with screen readers.
• Reworked keyboard navigation in the entire application. Implemented custom Tab key support to resolve inconsistency between browsers.
• Added the Keyboard Shortcuts dialog window — press ? to open it.
• Greatly improved application performance when loading files from remote locations (e.g. Amazon S3).
• Improved performance by reducing the number of situations when the entire files pane is reloaded.
• Improved performance by caching files on subsequent clicks of the folder.
• Added Microsoft Edge compatibility.
• Added preview of PDF files in the gallery.
• Added drag and drop support for files onto folders and breadcrumbs in compact mode.
• Added busy dialog and progress tracking for time-consuming operations.
• Added Proxy command support. It is now possible to view files stored outside the document root or in remote backends in the gallery.
• Added the Proxy command and the corresponding useProxyCommand backend configuration option.
• Reworked the Choose Scaled dialog window.
• Edit Image feature now warns against closing without saving changes.
• Added the folder:getIcon request.
• Removed Maximize/Minimize buttons in popup mode as the browser provides native controls for it.
• Improved performance by caching file previews.
• Added the cache option that configures cache lifetime for various CKFinder components.
• Added the tempDirectory option that configures the path to the temporary files folder used by CKFinder.
• Added the sessionWriteClose option that configures whether the connector should close write access to the session to avoid performance issues.
• Added the Operation command that tracks the progress of operation in time-consuming connector commands.

Backward Incompatible Changes

• Context menu API has undergone major changes. See the updated context menu documentation.
• Toolbar API events toolbar:reset:NAME and toolbar:reset:NAME:EVENT - data.toolbar is now aBackbone.Collection, not an array.
• The file:getIcon request no longer has the extension parameter. Pass the file parameter instead.

Fixed Issues

• Compact mode: Breadcrumb was hidden when entering a folder with many files.
• Compact mode: There was no way to enter a folder on Android.
• Compact mode: Broken border around CKFinder when viewing the top level folder with resource types.
• Edit Image: Loading an image was not working when the domain name contained a dash character.
• Edit Image: Context menu item was enabled when the user had no permissions to edit the file.
• Edit Image: Resize option was not available in compact mode.
• Edit Image: Reset button should have been disabled if there was nothing to reset.
• Edit Image: Fixed validation of provided values in the edit image controls.
• Edit Image: There was no information about failing to save a file.
• Edit Image: It was possible to crop an area bigger than the edited image.
• Edit Image: Fixed progress bar behavior.
• Filter input: Clearing filter input did not result in showing all files in IE9.
• Filter input: Filter should remember its state if it is still active.
• Focusing elements: Focus in context menu and toolbar did not cycle.
• Focusing elements: Focus was lost after resizing an image.
• Focusing elements: Focus was not remembered when returning to the files pane.
• Focusing elements: Pressing Tab should focus the first item in a component (file, folder, toolbar button), not the container.
• Focusing elements: Lock focus chain within the settings panel.
• Scrolling files: Scrolling on mobile devices was troublesome and sometimes did not work at all.
• Scrolling files: Files were unnecessarily selected on scroll on mobile devices.
• Thumbnails: Problem with thumbnails in widgets/popups when connectorPath did not include the domain.
• Thumbnails: Thumbnails loaded with a significant delay for a larger number of files.
• Thumbnails: Thumbnails were not refreshed in certain scenarios.
• iOS/Safari: Thumbnails were not shown.
• iOS/Safari: Popup sample did not work.
• iOS/Safari: The configured height of the widget was ignored, instead CKFinder height depended on the number of files inside.
• iOS/Safari: Downloading files did not work.
• Setting global configuration did not work for widgets and popups.
• There was no Close button available after file upload.
• It should not be possible to move dialog windows.
• Fixed various UI glitches in the RTL interface.
• Video or image sometimes overlapped file preview controls in file preview.
• Delete files confirmation dialog did not appear when the files pane was scrolled.
• Changed the confusing empty folder message in the read-only mode.
• Removed the notification about correctly uploaded file in IE9.
• Resolved an issue with validating license names that started with www[0-9] or that contained upper case letters.
• In certain scenarios not all available toolbar buttons were shown in CKFinder.
• Fixed the look of the "More" drop-down in the toolbar.
• Empty directory key in the backend definition resulted in a double slash in the file URL.

Localization Updates

• Added: Basque, Kurdish.
• Updated: Brazilian Portuguese, Chinese, Croatian, Czech, Danish, Esperanto, Estonian, French, German, Greek, Hungarian, Italian, Korean, Norwegian, Persian, Polish and Russian.

Version 2.5.1 (view blog post)

Released: Nov 02, 2015

• Fixed: CKFinder shows a blank window when opened in a popup on Safari 8+.
• Security release, updating is highly recommended.Authenticated users could manipulate files located in folders configured as “hidden”, on web servers hosted on Windows platforms.
• Security release, updating is highly recommended.Authenticated users could manipulate files located in folders configured as “hidden”, on web servers hosted on Windows platforms.
• Init command now returns resourceTypes added dynamically in prepareConfigurationForRequest method.
• Added the possiblity to dynamically change ACL settings in prepareConfigurationForRequest method.
• It is now possible to specify userfiles folder outside document root.
• Fixed: ImageResize plugin sometimes failed to save resized images.
• Fixed: CKFinder will now automatically reload config.xml after adding any changes to it.
• Removed obsolete integration samples for FCKeditor and CKEditor 3.x.
• Reworked CKEditor 4.x integration sample - added an example on how to support drag&drop file uploads and pasting images from clipboard.

Version 3.0 (view blog post)

Released: Jul 02, 2015

A brand new version of CKFinder, currently available only for PHP. For an overview of new features, see theannouncement about CKFinder 3.0 for PHP.

• New architecture based on jQuery, jQuery Mobile, Backbone, Marionette, and RequireJS.
• Built-in image editor.
• Customizable skins compatible with jQuery UI Themeroller.
• Full responsiveness, great mobile support.
• Cloud storage support (Amazon S3, Dropbox) and FTP connector.

Version 2.5.0.1 (view blog post)

Released: Jun 09, 2015

• Security release (ASP.NET version only):
  • Due to insufficient checks in the ASP.NET connector, an authenticated user using the built-in DownloadFile command could download any file from the server (with an extension allowed in defined resource types, as well as without any extension), when providing an absolute path to the file.
• Fixed: Missing thumbnails for images with uppercase extension.

Version 2.5.0 (view blog post)

Released: Apr 21, 2015

• Fixed: Opening settings panel after opening/closing flashupload panel caused JavaScript exception.
• Fixed: Selection issues when double-clicking the file.
• Fixed: getSelectedfiles no longer returns duplicated entries.
• Added the possibility to access inselectActionFunctioncustom attributes passed in elements returned by theGetFilescommand.
• Added the possibility to define custom plugins that provide additional toolbar buttons by settingtoolbarButtonsproperty in defined plugins.
• Added the possibility to pass extra parameters to popup methods withconfig.popupFeaturesandconfig.popupTitle.
• Added changes required byCKEditor 4.5.0.
• Fixed: ImageResize plugin no longer breaks in Railo.

Version 2.4.3 (view blog post)

Released: Nov 25, 2014

• Security release (Java version only):
  • Improved sanitization, which could have lead to XSS or unhandled Java exceptions.
  • ImageResize plugin allowed for checking size of an image outside "userfiles" folder.
  • Dependency updates.

Version 2.4.2 (view blog post)

Released: Aug 14, 2014

• Updated syntax highlighting component used in the fileeditor plugin. Added languages support: markdown, restructured text, java, less, sass, scss, perl, python, ruby and sql.
• Changed default thumbnail delay to 100ms.
• Fixed: Loading thumbnails is terribly slow when there are many files in a folder.
• Fixed: Using "Search" while the folder was loading could result in a JavaScript error.
• Fixed: External script loading in popup does not work in Internet Explorer.
• Fixed: Editing of text files broken in Chrome 31 and higher.
• Fixed: Too early thumb render on uploading multiple files.
• Fixed: Issues with HTML5 upload in IE11 "tile mode" when in popup.
• Fixed: Issues when calling CKFinder popup twice.
• Fixed: CKFinder with thumbs disabled - icons are not shown.
• Fixed: IE9: SCRIPT1002: Syntax error.
• Updated translations: Italian, Turkish.
• Fixed: CKFinder doesn't allow custom error messages being returned after uploading file.
• Fixed: Java 1.5 support in watermark plugin.
• Fixed: CKFinder doesn't allow uploads of certain images even if their extension is allowed (jpc,jp2,jpx,jb2,psd,swc,tiff,tif,wbmp).

Version 2.4.1

Released: Jan 4, 2014

• Fixed: empty filename when non-UTF-8 character is found on nginx with PHP 5.4
• Fixed: CKFinder did not return a proper information about child folders of resource type when ACL was set

Version 2.4 (view blog post)

Released: Aug 14, 2013

• AddedSearch boxin the toolbar that performs search of those files matching the searched string in the current folder.
• AddedWatermark pluginthat (if enabled) adds a watermark to uploaded images.
• Fixed: Images can be overwritten on resizing.
• Fixed: File extension is now hidden when "Create new image" checkbox is unselected in Image Resize dialog.
• Fixed: When the file name was too long it overlapped the image in Lightbox preview.
• Fixed: Display issues in Internet Explorer 10 and Internet Explorer 11.
• Fixed: It was impossible to upload files in IE10/IE11 when CKFinder was running in a popup.
• Fixed: Classic upload for popup sample did not work in IE9.
• Fixed: Dialog windows could not be opened after opening CKFinder twice in a popup.
• Fixed: Various "access denied" errors appeared from time to time in IE when CKFinder was running in a popup.
• Fixed: CKFinderAPI.disableFolderContextMenuOption() did not work for "createSubFolder"/"renameFolder" items.
• Fixed: In some cases, and empty (undefined) error message was shown to the user when an error occured.
• Updated colorbox library used by the gallery plugin to the latest version, compatible with latest versions of jQuery.
• Fixed paths resolving by resolveUrl() function.
• Fixed: IE sends full Path instead of just uploaded file name when in intranet.
• Updated Thumbnailator to the latest stable version. Current version is 0.4.5.
• Fixed: can't remove file with utf-8 name on Java server.
• Fixed: Java connector now allows 0 values in imgWidth and imgHeight configuration options.
• Fixed: Explode deployment doesn't work for JBOSS 6.
• Fixed: JBOSS doesn't return error messages.
• Fixed: UTF-8 doesn't work with Java Connector on Glassfish 3.0 / 3.1.
• Fixed: Weblogic doesn't return error messages.
• Fixed: Weblogic can return null for mime type.
• Fixed: Method getFullConfigPath() doesn't work on Weblogic.
• Fixed: NullPointerException is thrown with Java Connector and some XML parsers.
• Fixed: Java Connector now supports Tomcat 5.5-7, Jetty 7-9, Glassfish 3.0-3.1, JBoss 6-7, Weblogic 11g-12c.
• Fixed: Java Connector documentation was updated.

Version 2.3.1.2 (ASP)

Released: Jul 06, 2013

• Compatibility with 64bit version of Persits dll.
• ImageResize plugin was broken.

Version 2.3.1.1 (ASP)

Released: Jul 05, 2013

• Removed code in the configuration file that was including a missing zip plugin, causing an error.

Version 2.3.1 (view blog post)

Released: Jan 04, 2013

• Security release:
  • It was possible to perform DOS attack by users authorized to use the sever connector and with permissions to upload files (ASP, PHP, ColdFusion).
  • It was possible to cause Denial of Service to files and folders on certain servers (like Apache) by users authorized to use the sever connector and with permissions to create folders. The attack was possible only inside a folder to which user had "create folder" permissions.
• Added new translation: Serbian.
• Updated translations: Catalan, Chinese, Japanese.
• Folders that start with a dot character are now disallowed by default.
• Fixed auto-renaming of files with multiple extensions:foo.tar.gzwill be renamed tofoo(1).tar.gzon second upload.
• Maximize did not work when CKFinder was added withappendTo()
• IntroducedCheckDoubleExtensionconfiguration option.
• Avoid infinite loop if the configuration for thumbnails is removed instead of disabled.
• Thumbnails were sometimes not available

Version 2.3 (view blog post)

Released: Aug 22, 2012

• Added the newMaximize plugin.
• Multiple file selection: copying / moving / deleting / selecting multiple files is now possible.
• When no other selection function defined, double clicking a file will now execute the View command.
• File editor plugin was upgraded to useCodeMirror 2.C#support was added.
• It is now possible to select a file on startup by using theconfig.startupPathconfiguration.
• Added a new configuration option,config.sidebarWidth, to change the initial width of the sidebar (where the folders pane is located) with ease.
• The name of the file is now displayed when hovering over a file.
• Added a new API method,api.addFolderDropMenuOption, to add new options to the menu that opens once files are dropped into a folder.
• Added an option for plugins to specify if a toolbar button should be disabled when basket is empty.
• Added new translation: Catalan.
• Updated translations: Hebrew.
• Fixed:IE 10: Compatibilitywith latest beta version.
• Fixed: Thumbnails of custom sizes are now displayed correctly at the files list.
• Fixed: Files from the right resource type will be shown at the second opening of CKFinder via CKEditor.
• Fixed: Impossible to set height of CKFinder when usingSetupCKEditor().
• Fixed: Extension is now uneditable in the ImageResize dialog window.
• Fixed: HittingF5andCTRL+Rinside a CKFinder popup will not close the window.
• Fixed: IE will not show an error on the console when opening Developer Tools when inside the popup.
• Fixed: Theonbeforeunloadevent of the host document will now be preserved.
• Fixed: The "Resize" dialog window looks better on Webkit.
• Fixed: The thumbnail inside the "Resize" dialog window is now limited in size.
• Fixed: An hidden CKFinder instance will now have correct height when shown.
• Fixed: Theconfig.rememberLastFolderconfiguration now works when opening CKFinder as a popup.
• Fixed: In forced IE7 compatibility mode, IE8 did not display dialogs correctly.
• Fixed: It is now possible to use a callback for the Basket's context menu and toolbar labels, as well as custom language strings.
• Fixed: Layout may appear broken after upload.
• Fixed: Thumbnails were left in the old location when files were moved.
• Added the new Zip plugin, that can create and extract zip archives and allows to download a folder or multiple files as a zip package.
• Dropped support for PHP 4.x.
• Fixed: Space character was wrongly encoded when uploading a file using quick uploads.
• Fixed: Avoid error if Sessions are disabled at IIS.
• Fixed: SelectFunctionData and SelectThumbnailFunctionData properties were not available.
• Fixed: Corrected the ASP.NET source code folder structure for included plugins.
• Fixed: ArrayIndexOutOfBounds was sometimes thrown when file was uploaded.
• Fixed: Slow thumbnail generation in ColdFusion 8 and higher.
• Fixed: Image quality was not respected during thumbnail generation in ColdFusion 8 and higher.
• Corrected the default mapping for CKFinder_Connector to avoid error: "Could not find the ColdFusion component or interface CKFinder_Connector.CommandHandler.XmlCommandHandlerBase".
• Updated Thumbnailator to the latest stable version. Thumbnailator is now loaded from Maven Central Repository.

Version 2.2.2 (view blog post)

Released: Jul 03, 2012

• Fixed: The new Chrome 20 is again causing issues withfinder.popup(). The new fix should work for all future versions of Chrome.

Version 2.2.1 (view announcement)

Released: Apr 04, 2012

• Fixed:finder.popup()does not work in Chrome 18.

Version 2.2 (view blog post)

Released: Mar 29, 2012

Security Release: fixed filtering of unsafe characters for IIS6 web server.

• HTML5 multiple file uploadsintroduced.
• Files can now be uploaded by using thedrag&dropin Firefox and Chrome.
• Added aread-only mode(config.readOnly), which if enabled, lets the user browse the files but not upload or modify them.
• CKFinder now supports common lightbox plugins by default when viewing files, and will use Colorbox to show images if no other lightbox plugin is loaded.
• "Upload" button in the toolbar now remains active after a file has been uploaded if the Upload Pane is still open.
• Improved formatting of file sizes.
• Plugin definition now contains a newconnectorResponseproperty which can use raw data sent from the server inside plugins.
• Added support for full URLs in theSetupCKEditor()method.
• Configuration objects passed to theSetupCKEditor()method are now in fact being used.
• Improved support for Android and iOS tablets.
• Updated translations: Slovak; minor updates in all other localizations.
• Fixed: Permission denied to set property Window.onbeforeunload.
• Fixed: ckfinder_v1.js:SetupCKEditor()andSetupFCKeditor()methods are causing a JavaScript error.
• Fixed: IE, Opera: Double clicking a file causes CKFinder to try to close the browser tab.
• Fixed: IE, Opera: CKFinder closes the browser tab after the tab which linked to it was closed.
• Fixed: IE, Opera: CKFinder tries to close the browser tab after pressing the F5 key (Refresh).
• Fixed: When CKFinder is integrated with CKEditor, the URL that is sent back from the Upload tab after a successful file upload is not being encoded properly.
• Fixed: It is impossible to view a file with a special character in its name.
• Fixed: IE8: Selecting a file requires a double click instead of a single one.
• Fixed: High Contrast mode detection.
• Fixed: Flash uploader is unable to deal with unexpected errors.
• Fixed: Always sort folders instead of rely on default sorting by the OS.
• Fixed: Incorrect encoding of file names returned after the file upload.
• Added: Support full URLs in resolveUrl() to resolve to correct $baseDir.
• Fixed: Removing unsafe characters from file names.

Version 2.1.1 (view blog post)

Released: Jan 05, 2012

• Sorting by file extension is now available.
• Clear Basket button is now only active when applicable.
• Added support for skins in custom paths (config.skin).
• Added a new API method to destroy an instance (api.destroy()).
• Added an option to specify additional parameters for server requests (config.connectorInfo).
• Added new translations: Bulgarian, Croatian, Esperanto, Gujarati, Hindi, Romanian, Vietnamese, Welsh.
• Updated translations: Brazilian Portuguese, Chinese Simplified, Czech, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Italian, Lithuanian, Norwegian Bokmal, Norwegian Nynorsk, Persian, Polish, Russian, Slovenian, Spanish, Swedish, Turkish.
• Added Czech version of CKFinder User's Guide ("Help").
• A callback function (config.callback) can now also be defined in the configuration file.
• Added RTL support for skins.
• Improved RTL support in the Flash upload component.
• Fixed: The Flash uploader used wrong URL to send files when CKFinder had an ID attribute assigned (as a result, the upload was never marked as completed).
• Fixed: Added protection against thumbnail caching. CKFinder was displaying an old thumbnail when a user deleted a file and then a file with the same name was uploaded.
• Fixed: [Opera] Double clicking on a folder opens the browser's context menu.
• Fixed: It was impossible to re-enable a disabled context menu command.
• Fixed: config.id is now available for reading within custom configuration.
• Fixed: [Firefox] JavaScript error when reloading the page where CKFinder is used as a popup.
• Fixed: [IE, Chrome] Focus is lost after closing a dialog window.
• Fixed: The startupPath option did not work.
• Fixed: Unable to use CKFinder inside modal dialogs due to inability to properly destroy the previous instance.
• Fixed: When cookie contains an array, clicking the Upload button resulted in an error.
• Fixed: The Watermark plugin (and the AfterFileUpload hook) did not work.
• Fixed: Uploading files did not work when memory_limit was set to -1.
• Fixed: The Watermark plugin (and the AfterFileUpload hook) did not work.
• Windows Authentication support: theserver must be configuredto forward the credentials.
• Fixed: Return correct MIME type for jpg images.
• Fixed: The config.resourceType setting was not respected.
• Fixed: Extra content was added to larger files when they were being downloaded or edited.

Version 2.1 (view blog post)

Released: Sep 13, 2011

• Added support for multiple uploads using the Flash component.
• Improved rendering of thumbnails. Thumbnails are now loaded dynamically, only when the file is visible. A configurable delay between requesting each thumbnail is available: config.thumbnailDelay.
• Added support for file upload using HTML5 FormData.
• Added an option to set the base user interface color: config.uiColor.
• File upload requires less clicks.
• Improved keyboard navigation and actions.
• Compatibility with mobile devices (Android and iOS).
• Added an option to show an arrow icon that will launch the context menu: config.showContextMenuArrow.
• Updated translations: Brazilian Portuguese, Chinese Simplified, Dutch, Finnish, Hebrew, Italian, Polish, Spanish.
• Added new translations: Estonian, Lithuanian, Persian, Turkish.
• CKFinder User's Guide ("Help") rewritten and fully updated for English and Polish.
• Improved error handling when receiving an invalid XML response from the server connector.
• Added an option to show the OS icons in Firefox: config.useNativeIcons.
• Added an option to specify the path to the custom server connector: config.connectorPath.
• Fixed: The "Download" option returns an improperly encoded filename.
• Fixed: The dialog window used during the copying/pasting operations was broken in IE7.
• Fixed: The Folders Pane was too small in Internet Explorer 9 in compatibility mode.
• Fixed: English text in dialog window titles was flipped when using an RTL language.
• Fixed: View image command opens the file in the same window in Internet Explorer.
• Fixed: Opening context menu triggers folder reload.
• Fixed: Invalid paths in popup(s) samples.
• Fixed: CKFinder was sometimes throwing an "Object doesn't support this property or method" error in Internet Explorer.
• Fixed: Thumbnails were not created if a folder or file name contains a single quote character.
• Fixed: Disable upload button for iOS.
• Fixed: CKFinder was sometimes unable to load error messages from .jar files.
• Fixed: Incompatibility with FIPS-compliant servers.
• Fixed: Out of memory error when creating thumbnails.
• Modified the default settings in the configuration file for the Images resource type.
• Fixed: CKFinder did not work in Internet Explorer when there was a file with a name that contained some strange characters.

Version 2.0.2 (view blog post)

Released: Feb 16, 2011

• Added new translation: Finnish.
• Added a way to programmatically close a popup window:closePopup().
• Updated syntax highlighting component used in the fileeditor plugin.
• Fixed compatibility issues with IE9 RC.
• Fixed: CKFinder does not scroll correctly to the uploaded file.
• Fixed: Invalid height of the editing window in the File Editor dialog window.
• Fixed: CKFinder.dom.element.getWindows method is not available.
• Fixed: [Opera] Context menu does not work in the files pane.
• Fixed: When CKFinder is opened in a popup window, after pressing the Cancel button CKFinder asks for confirmation in a wrong window.
• Fixed: Download does not work in IE8 in a popup window.
• Fixed: It is impossible to upload a file when CKFinder is running in a popup window.
• Fixed: File editor does not work in a popup window.
• Fixed: CKFinder loses PNG image transparency on thumbnails.
• Fixed: thumbnails are corrupted when files calling ob_start() are included in config.php.

Version 2.0.1 (view blog post)

Released: Aug 17, 2010

• Default view settings are now configurable.
• Minimum height for CKFinder has been set to 200px.
• CKFINDER.version and CKFINDER.revision variables are now available.
• Updated and added new translations: French, Hebrew, Japanese, Russian.
• Callback function can now be defined also in the configuration file.
• CKFinder will now remember client settings in a cookie.
• Files are now selected automatically after upload.
• Fixed: Permission denied error in IE 8 when using CKFinder in a popup.
• Fixed: Upload progress bar was broken in FF 3.5+.
• Fixed: CKFinder does not work in a frameset.
• Fixed: RTL support in the files pane.
• Fixed: SSL support in IE6 and Firefox 3.0.
• Fixed: application ID was not passed to the server connector.
• Fixed: CKFinder.setupCKEditor was not working when null was passed as the first argument.
• Fixed: dialogs in an iframe in IE8 quirks mode are renedered incorrectly.
• Fixed: dialogs in IE in quirks mode looked bad.
• Fixed: right click triggered drag&drop in Safari.
• Fixed: content was selected during resizing in Safari.
• Fixed: dialog borders in V1 skin in IE6.
• Fixed: "Empty folder" message disappeared after changing files view mode.
• Fixed: context menu in Firefox on a Mac does not work.
• Fixed: changing file extension caused issues with renaming file for the second time.
• Fixed issue with caching thumbnails.
• Fixed: AVG was reporting a virus in ckfinder.js.
• Fixed: DownloadFile command in ColdFusion was not working properly.
• Debug mode was not working.
• Fixed: AfterFileUpload event was not available in ASP.NET
• Fixed session dependency bug (CKFinder will now work fine when session state is not enabled).

Version 2.0 (view blog post)

Released: May 28, 2010

Abrand newrelease of CKFinder!

• New user interface.
• Moving & copying files is now supported, simply drag & drop a file to the destination folder.
• Improved accessibility.
• Powerful JavaScript API, check theDeveloper's Guidefor more information.
• Support for server side plugins.
• Virtual "Basket" folder to work easier with a set of files.
• Image resize plugin - resize images, create thumbnails in just a few seconds!
• File editor plugin - edit files online, no need to download them and upload back to the server.

Version 1.4.3 (view blog post)

Released: Feb 18, 2010

• New translations available: Hungarian, Norwegian.
• New configuration option added to force ASCII names for files and folders.
• Fixed problems with returning incorrect URL during quick uploads when baseUrl was set to a full URL.
• Temporary files are now correctly deleted after upload.
• Corrected the default thumbnails directory.

Version 1.4.2 (view blog post)

Released: Jan 11, 2010

• New translations available: Czech, Dutch, Greek, Slovene.
• Fixed issues with receiving ajax calls when XML response was sent along with white characters.
• Fixed issues with uploading files containing some special characters.
• Integration with CKEditor failed if a full URL including the domain was specified.
• Improved CKEditor compatibility: CKFinder will now use same user language as CKEditor.
• Improved error handling when loading files/folders fails.
• Fixed compatibility with Firefox 3.6 and the lack of onreadystatechange event.
• Solved problems with losing session variables when folder is deleted (added HTTP module that disables FCN).
• Fixed problems with returning "Unknown Error" when file system permissions are insufficient.
• Improved error reporting when running in debug mode.
• Added easy integration with CKEditor in CKFinder class (SetupCKEditor/SetupCKEditorObject methods).
• Fixed issues with invalid .htaccess in the userfiles directory when PHP was running as CGI.
• Fixed problems with downloading large files.
• Fixed invalid code causing problems with generating thumbnails.
• Checking size of uploaded file didn't work in PHP4 when CheckSizeAfterScaling was disabled.
• Calling the resize of images without preserving the ratio failed.
• Fixed problems with creating thumbnails in ColdFusion 9.
• Increased default ApplicationTimeout.

Version 1.4.1.1 (view blog post)

Released: Oct 02, 2009

• Fixed problems with uploading files in Google Chrome.

Version 1.4.1

Released: Sep 25, 2009

• New translations available: Danish, Swedish.
• CKEditor compatibility: fixed issues with selecting thumbnails.
• CKEditor compatibility: fixed issues with quick uploads.

Version 1.4 (view blog post)

Released: Aug 20, 2009

• CKEditoris now supported.
• Upload progress bar is shown for Firefox 3.5
• New translation available: French.
• Fixed compatibility with BlueDragon.
• Changed the way how thumbnails are created in ColdFusion 8.

Version 1.3.4

Released: May 15, 2009

• Fixed security issue in the server connector (CKFinder for ColdFusion).

Version 1.3.3

Released: May 15, 2009

• Fixed "Invalid CFML construct error" in ColdFusion 7 (and earlier).

Version 1.3.2

Released: May 15, 2009

• Long filenames caused wrong resize of the panes in IE.
• New translations available: Latvian and Portuguese (Brazilian).
• New help files translations available: Polish and Spanish.
• Fixed handling of duplicate ACL entries for the same resource type and path.

Version 1.3.1

Released: Dec 16, 2008

• Fixed problem with image validation during uploads of .swf files.

Version 1.3 (view blog post)

Released: Dec 16, 2008

• Attention:New feature added that may cause compatibility issues in rare situations. The number of arguments passed from CKFinder to the "SelectFunction" has changed. In the second argument, an object with additional data is now passed.
• Added control over the startup path. It is now possible to point CKFinder into selected resource type/folder.
• Improved thumbnails support: it is now possible to define a custom function that will be triggered when thumbnail is selected (SelectThumbnailFunction).
• New configuration option added to access thumbnails directly, if enabled, thumbnail requests are passed to the connector only if one should be created.
• Improved protection against caching of thumbnails by browser.
• Introduced RememberLastFolder setting - if enabled, CKFinder will remember the last used folder.
• Improved the routine to show all the errors sent by the server connectors.
• Improved the control over popup mode - it is now possible to disable auto-closing of CKFinder window.
• Added support for passing CKFinder settings as an object in the javascript integration class.
• Added example explaining how to open CKFinder in selected folder.
• Fixed security issues in the server connector.
• Improved the quality of resized images if quality is set to over 80.
• Fixed issues with thumbnail generation ("String was not recognized as a valid DateTime").
• Resized gif and bmp images are not being changed into png anymore.
• Fixed the issue with generating png image from a jpg file if the extension was in uppercase.
• Fixed issues with invalid .htaccess in the userfiles directory when PHP was running as CGI
• Added BMP thumbnails support.
• Fixed issue where cleaning output buffering triggered custom error handler.
• Added sample Application.cfc and Application.cfm files in the root directory.
• CKFinder now works fine when debugging is enabled.
• Fixed problems with creating thumbnails of files with uppercase extension.
• Thumbnails were not generated for images with "jpeg" extension.
• Improved the parsing of max size for file uploads.
• Fixed problems with uploads>1Mb if the checkSizeAfterScaling setting was enabled
• Fixed problem with debug option in some situations
• Improve handling of the error if the upload is bigger than the limit allowed by the server
• Added another image component library: Shotgraph. You must have a full registered version, the demo doesn't even allow resizing.
• If the extension was in uppercase, the asp.net resizing did generate png files instead of jpg files.
• The thumbnails of bmp and gif files were really png files.
• If the component was set to "auto" the autodetection routine did left one empty file for each request in the temp folder. You can delete all the ckfindertemp files. Note: For better performance, set the component that you want to use instead of letting it as "Auto".
• If the CKFinder was protected with Basic Authentication, the calls to Asp.Net did fail. Automatically reuse the authentication.
• Added support to use the Asp.Net image resizing even if the server runs in a non-standard port.

Version 1.2.3 (view announcement)

Released: May 16, 2008

Fixed Bugs:

• Fixed security issues in server connector (directory traversal attack vulnerability).
• When uploading files, a JavaScript error was being thrown if an error occurred during the upload process.

Version 1.2.2

Released: Mar 23, 2008

Fixed Bugs:

• Fixed issues with sending requests when output buffering is enabled

Version 1.2.1

Released: Mar 18, 2008

Fixed Bugs:

• Fixed issues with chmoding files and folders due to empty umask() calls
• Corrected require_once calls, CKFinder now works when "." is not in include_path

Version 1.2 (view blog post)

Released: Mar 14, 2008

New Features and Improvements:

• CKFinder is now fully localizable. The German, Italian, Polish and Spanish localization is included.
• Icons are now displayed for files in List view.
• Custom dialog boxes are now being used to avoid issues with popup blockers.
• New configuration option added to hide specific folders and files.
• New configuration option added to check size of uploaded image after scaling.
• New image component added: briz.AspThumb.
• Added option to set image component to "None" (and disable that way all image related operations).
• Provided a way to work with Asp.Net servers in Medium Trust.
• Fixed some details to improve debugging and give proper error messages for unexpected errors.
• Removed the OWC option due to its bad quality.
• New configuration option added to define temporary directory.
• The UI will now reflect changes in the ACL when the Refresh button is used.
• File extensions are now checked in the client side before uploading.
• The [+] icons is now shown in the root folders only if subfolders are available.
• Attention:Permissions applied with the chmod command are now configurable.
• Attention:Permissions applied with the mode attribute are now configurable.

Fixed Bugs

• Creating and removing a folder with the same name was causing an error.
• The # character is now properly encoded in the URL returned by CKFinder if that character is present in the file name.
• Fixed compatibility with Asp.Net 1.1.
• Fixed the scaling option for the Image2 component.
• Fixed the issue with sending the correct url when absolute baseUrl was given.
• Fixed filtering of the resource types when type is set in the url.
• Fixed problems with file uploads when open_basedir was enabled.

Version 1.1 (view blog post)

Released: Jan 11, 2008

New Features and Improvements:

• Attention:The ckfinder.config file has been replaced with config.ascx, which now uses pure C# syntax instead of XML. It makes it possible to add any kind of code in the settings, giving much more flexibility. Previous configuration files must be "translated" to the new format.
• Attention:Some additional security features have been introduced, changing the behavior present on previous versions:
  • The CheckAuthentication() function has been introduced in the configuration file. It must return "true" to CKFinder to work. Pay attention to the comments you will find there.
  • Allowed/denied extensions list is now used to filter displayed files. In previous versions it was used only to restrict file uploads
  • In the default config file, the allowed extensions list is now defined instead of denied extensions list (white list approach).
  • Automatic detection of invalid image files on upload.
  • Disabling the upload if HTML is found inside specific files to prevent against UXSS.
• Introduced CKFinder for ASP and CKFinder for ColdFusion.
• Full server side source code is now available.
• CKFinder is now compatible with Safari 3 (WebKit based browsers) and Opera 9.5.
• CKFinder is now fully compatible with FCKeditor 2.5, including QuickUpload support.
• New configuration option added to set maximum dimension of uploaded images.
• Improved speed of thumbnails loading by CKFinder. HTTP code 304 is being sent whenever possible.
• An alert message is now displayed when the "View" popup is blocked by the browser.
• Dozens of small fixes and enhancements.

Fixed Bugs

• Fixed incompatibility issues with IE 5.5/6 ("The page cannot be displayed").
• Fixed IE6 incompatibility with the "Navigate sub-frames across multiple domains" security setting.
• Removed potential problems with umask & creating directories. Directories are now chmoded to 0755 after creation.
• No errors when memory_get_usage() function is undefined.
• Fixed the issue with the calculation of the size of thumbnails.
• Improved error handling. Error messages are now properly displayed instead of error 110.
• CKFinder now gracefully handles situations, where the connector response is broken.
• Fixed the issue with getting files after renaming a folder.
• Fixed the issue with setting maxSize. It was ignored previously.
• It works with error_reporting set to E_STRICT.
• Fixed small issues with PHP4 and thumbnails generation.
• Thumbnails are not retrieved if no FileView permission in the folder.

Version 1.0.1 (view announcement)

Released: Jul 18, 2007

Fixed incompatibility issues with IE 5.5/6.

Version 1.0 (view announcement)

Released: Jul 14, 2007

First public release 💪