Version 3.4.3

Released: Jun 11, 2018

Fixed Issues

  • Fixed file upload issue in the latest version of Microsoft Edge (v42).
  • Fixed text selection issue in CKFinder UI.
  • Fixed URL generation in backends that use the Proxy command.
  • Upgraded the ImageProcessor library to the latest version.

New Features

  • PHP only Added support for Unix symbolic links in the local filesystem backend adapter.
  • Added possibility to set license details per request.

Version 3.4.2 (ASP.NET)

Released: Aug 04, 2017

Fixed Issues

  • Fixed issues with resolving base path when ckfinder.js is loaded with query string parameters.
  • Fixed PDF preview for files with "pdf" extension written in uppercase.
  •  Fixed baseUrl option which was ignored by some backend adapters.
  • Fixed URL generation for resized images in backends that use the Proxy command.

Localization Updates

  • Added: Azerbaijani, Uzbek (Cyrillic and Latin versions).
  • Updated: Vietnamese.

Version 3.4.2 (PHP)

Released: Jun 26, 2017

Fixed Issues

  • Fixed issues with resolving base path when ckfinder.js is loaded with query string parameters.
  • Fixed PDF preview for files with "pdf" extension written in uppercase.
  • PHP only Updated AWS SDK to version 3.
  • PHP only Updated Dropbox API to version 2.

Localization Updates

  • Added: Azerbaijani, Uzbek (Cyrillic and Latin versions).
  • Updated: Vietnamese.

Version 3.4.1

Released: Oct 28, 2016

New Features

  •  Added support for FTP storage.

Fixed Issues

  •  Improved Thumbnail command performance.

Localization Updates

  • Updated: Greek and Turkish.

Version 2.6.2.1

Released: Oct 11, 2016

  • Fixed issues with remembering last used folder and user settings not being saved.

Version 3.4.0

Released: Sep 20, 2016

New Features

  • The settings:change:GROUP:NAME event has new param: previousValue.
  • Added the Compact View for displaying files in columns (not supported in IE9).
  • The defaultViewType configuration option accepts new value: compact.
  • Added width parameter for columns defined for List View in listView:columns event.
  • Added "OK" button to information dialogs (those created using dialog:info request).
  •  Improved configuration validation.
  •  Added progress tracking for time-consuming operations.
  •  Added support for IIS virtual directories in local storage adapter.

Fixed Issues

  • Added the missing command:before:FileUploadcommand:ok:FileUpload and command:error:FileUpload events for uploading files.
  • Fixed focus in settings panel when changing view type.
  • Fixed double toolbar:reset:Main:folder event in compact mode when user selects folder in files pane.
  • Fixed keyboard navigation for disabled context menu items.
  • Removed possibility to invoke Delete File command by keyboard inside folder with ACL FILE_DELETE set to false.
  • Removed possibility to invoke Rename File command by keyboard inside folder with ACL FILE_RENAME set to false.
  • Fixed drag&drop uploads on List View.
  • Updated Javascript code prettifier for samples
  • PHP only Fixed file permission issue occurring during file upload on some IIS server configurations.
  •  Fixed HTML file extension matching.
  •  Fixed URL generation for resized images in backends that use Proxy command.
  •  Added missing file size field to SaveImage command response.
  •  Improved thumbnail caching.

Localization Updates

  • Added: Swiss German and Ukrainian.
  • Updated: Chinese, Czech, Esperanto, French, German, Kurdish, Latvian, Polish, Russian, Slovakian, Spanish and Turkish.

Version 3.3.1 (ASP.NET)

Released: Jul 28, 2016

Fixed Issues

  •  Fixed performance issue for folders with more than 1000 files.

Version 2.6.2

Released: Jun 06, 2016

  • Fixed issues with HTML5 upload in popup mode in Internet Explorer.

Version 3.3 (ASP.NET)

Released: May 12, 2016

New Features

  •  Added a stable version of the ASP.NET connector.
  •  Added support for Microsoft Azure Storage.
  •  Added support for Amazon S3 Storage.

Version 2.6.1

Released: Apr 15, 2016

  • Fixed minor self-XSS vulnerability.

Version 3.3

Released: Mar 09, 2016

New Features

  • Added support for Microsoft Azure Storage.

Backward Incompatible Changes

  • Language files have undergone a major reorganization. Obsolete keys were removed.
  • Events related to rendering columns in the files pane were changed:listView:file:column:NAME,listView:folder:column:NAME

Fixed Issues

  • Performance improvements for rendering the files pane with thousands of items.
  • Thumbnail slider enabled in list view when loading CKFinder.
  • Choosing files with double click does not fetch the file URL for some remote backends.
  • Invalid time when parsing time in the 12-hour clock system.
  • PHP only Image Edit: Saving an image that exceedsmaxWidth/maxHeight throws an error.

Localization Updates

  • Added: Bosnian.
  • Updated: Brazilian Portuguese, Czech, Esperanto, French, German, Italian, Kurdish, Latvian, Persian, Polish, Russian, Spanish and Swedish.

Version 3.2.1

Released: Jan 20, 2016

  • In widget mode (in Internet Explorer/Edge only) the CSRF protection was too strict and did not allow for actions that should be allowed.

Version 2.6.0.1

Released: Dec 21, 2015

  • ASP onlyApplication failed to work due to incorrect "Return" keyword.

Version 3.2 (view blog post)

Released: Dec 10, 2015

New Feature: Automatic CSRF Protection

A feature that previously required custom coding and setting proper configuration options is now automatically enabled in CKFinder 3 and requires no manual setup. The built-in CSRF protection additionally improves the security of authenticated users: when a malicious website contains a link, a form button or some JavaScript that is intended to perform unwanted action using the credentials of a logged-in user who visits the malicious site, CKFinder will now detect and block such attempts

Other New Features

Fixed Issues

  • Individual settings views have a proper name in the view:NAME event instead of a single Setting.
  • Compact mode: Keyboard navigation in breadcrumbs is inverted for RTL languages.
  • Fixed an issue that prevented to move or copy over 250 files on a default PHP installation.
  • Fixed wrong error message for an empty file name.
  • Fixed detection of swipe direction when opening panels on touch screen devices.
  • Compact mode: Focus on filter box is lost when typing.
  • Thumbnails are not refreshed after editing an image.
  • Files filter is not refreshed after clicking a folder.
  • Focus is lost after moving files.
  • The toolbar is unnecessarily rendered when lazy loading of a folder finishes and a file was selected.

Version 2.6 (view blog post)

Released: Dec 10, 2015

Security Updates

  • Fixed DOM XSS and reflected XSS vulnerabilities.

New Feature: Automatic CSRF Protection

A feature that previously required custom coding and setting proper configuration options is now automatically enabled in CKFinder 2 and requires no manual setup. The built-in CSRF protection additionally improves the security of authenticated users: when a malicious website contains a link, a form button or some JavaScript that is intended to perform unwanted action using the credentials of a logged-in user who visits the malicious site, CKFinder will now detect and block such attempts

Other New Features and Major Changes

  • A new Bootstrap skin has been added.
  • The flash upload component used to handle multiple file uploads in old version of Internet Explorer (IE9 and IE8) has been removed.
    As a result, the file upload feature will now fallback to a single file upload on browsers without HTML5 File API support.

Fixed Issues

  • Fixed: Using up arrow key in List View to move between files did not work.

Version 3.1 (view blog post)

Released: Nov 02, 2015

Security Updates

As a result of security testing and hacking that we did on CKFinder 3 we discovered some potential security concerns in the server-side part of the application. These issues affected actions that only authenticated users could perform solely in locations specified in your CKFinder backends configuration, but since in some cases it was possible to skip ACL checks or file extension checks, an upgrade is highly recommended.

New Features

  • Improved accessibility. Added compatibility with screen readers.
  • Reworked keyboard navigation in the entire application. Implemented custom Tab key support to resolve inconsistency between browsers.
  • Added the Keyboard Shortcuts dialog window — press ? to open it.
  • Greatly improved application performance when loading files from remote locations (e.g. Amazon S3).
  • Improved performance by reducing the number of situations when the entire files pane is reloaded.
  • Improved performance by caching files on subsequent clicks of the folder.
  • Added Microsoft Edge compatibility.
  • Added preview of PDF files in the gallery.
  • Added drag and drop support for files onto folders and breadcrumbs in compact mode.
  • Added busy dialog and progress tracking for time-consuming operations.
  • Added Proxy command support. It is now possible to view files stored outside the document root or in remote backends in the gallery.
  • PHP only Added the Proxy command and the corresponding useProxyCommand backend configuration option.
  • Reworked the Choose Scaled dialog window.
  • Edit Image feature now warns against closing without saving changes.
  • Added the folder:getIcon request.
  • Removed Maximize/Minimize buttons in popup mode as the browser provides native controls for it.
  • PHP only Improved performance by caching file previews.
  • PHP only Added the cache option that configures cache lifetime for various CKFinder components.
  • PHP only Added the tempDirectory option that configures the path to the temporary files folder used by CKFinder.
  • PHP only Added the sessionWriteClose option that configures whether the connector should close write access to the session to avoid performance issues.
  • PHP only Added the Operation command that tracks the progress of operation in time-consuming connector commands.

Backward Incompatible Changes

Fixed Issues

  • Compact mode: Breadcrumb was hidden when entering a folder with many files.
  • Compact mode: There was no way to enter a folder on Android.
  • Compact mode: Broken border around CKFinder when viewing the top level folder with resource types.
  • Edit Image: Loading an image was not working when the domain name contained a dash character.
  • Edit Image: Context menu item was enabled when the user had no permissions to edit the file.
  • Edit Image: Resize option was not available in compact mode.
  • Edit Image: Reset button should have been disabled if there was nothing to reset.
  • Edit Image: Fixed validation of provided values in the edit image controls.
  • Edit Image: There was no information about failing to save a file.
  • Edit Image: It was possible to crop an area bigger than the edited image.
  • Edit Image: Fixed progress bar behavior.
  • Filter input: Clearing filter input did not result in showing all files in IE9.
  • Filter input: Filter should remember its state if it is still active.
  • Focusing elements: Focus in context menu and toolbar did not cycle.
  • Focusing elements: Focus was lost after resizing an image.
  • Focusing elements: Focus was not remembered when returning to the files pane.
  • Focusing elements: Pressing Tab should focus the first item in a component (file, folder, toolbar button), not the container.
  • Focusing elements: Lock focus chain within the settings panel.
  • Scrolling files: Scrolling on mobile devices was troublesome and sometimes did not work at all.
  • Scrolling files: Files were unnecessarily selected on scroll on mobile devices.
  • Thumbnails: Problem with thumbnails in widgets/popups when connectorPath did not include the domain.
  • Thumbnails: Thumbnails loaded with a significant delay for a larger number of files.
  • Thumbnails: Thumbnails were not refreshed in certain scenarios.
  • iOS/Safari: Thumbnails were not shown.
  • iOS/Safari: Popup sample did not work.
  • iOS/Safari: The configured height of the widget was ignored, instead CKFinder height depended on the number of files inside.
  • iOS/Safari: Downloading files did not work.
  • Setting global configuration did not work for widgets and popups.
  • There was no Close button available after file upload.
  • It should not be possible to move dialog windows.
  • Fixed various UI glitches in the RTL interface.
  • Video or image sometimes overlapped file preview controls in file preview.
  • Delete files confirmation dialog did not appear when the files pane was scrolled.
  • Changed the confusing empty folder message in the read-only mode.
  • Removed the notification about correctly uploaded file in IE9.
  • Resolved an issue with validating license names that started with www[0-9] or that contained upper case letters.
  • In certain scenarios not all available toolbar buttons were shown in CKFinder.
  • Fixed the look of the "More" drop-down in the toolbar.
  • PHP only Empty directory key in the backend definition resulted in a double slash in the file URL.

Localization Updates

  • Added: Basque, Kurdish.
  • Updated: Brazilian Portuguese, Chinese, Croatian, Czech, Danish, Esperanto, Estonian, French, German, Greek, Hungarian, Italian, Korean, Norwegian, Persian, Polish and Russian.

Version 2.5.1 (view blog post)

Released: Nov 02, 2015

  • Fixed: CKFinder shows a blank window when opened in a popup on Safari 8+.
  • PHP onlySecurity release, updating is highly recommended. Authenticated users could manipulate files located in folders configured as “hidden”, on web servers hosted on Windows platforms.
  • Java onlySecurity release, updating is highly recommended. Authenticated users could manipulate files located in folders configured as “hidden”, on web servers hosted on Windows platforms.
  • Java only Init command now returns resourceTypes added dynamically in prepareConfigurationForRequest method.
  • Java only Added the possiblity to dynamically change ACL settings in prepareConfigurationForRequest method.
  • Java only It is now possible to specify userfiles folder outside document root.
  • Java only Fixed: ImageResize plugin sometimes failed to save resized images.
  • Java only Fixed: CKFinder will now automatically reload config.xml after adding any changes to it.
  • Removed obsolete integration samples for FCKeditor and CKEditor 3.x.
  • Reworked CKEditor 4.x integration sample - added an example on how to support drag&drop file uploads and pasting images from clipboard.

Version 3.0 (view blog post)

Released: Jul 02, 2015

A brand new version of CKFinder, currently available only for PHP. For an overview of new features, see theannouncement about CKFinder 3.0 for PHP.

  • New architecture based on jQuery, jQuery Mobile, Backbone, Marionette, and RequireJS.
  • Built-in image editor.
  • Customizable skins compatible with jQuery UI Themeroller.
  • Full responsiveness, great mobile support.
  • Cloud storage support (Amazon S3, Dropbox) and FTP connector.

Version 2.5.0.1 (view blog post)

Released: Jun 09, 2015

  • ASP.NET onlySecurity release (ASP.NET version only):
    • Due to insufficient checks in the ASP.NET connector, an authenticated user using the built-in DownloadFile command could download any file from the server (with an extension allowed in defined resource types, as well as without any extension), when providing an absolute path to the file.
  • ColdFusion only Fixed: Missing thumbnails for images with uppercase extension.

Version 2.5.0 (view blog post)

Released: Apr 21, 2015

  • Fixed: Opening settings panel after opening/closing flashupload panel caused JavaScript exception.
  • Fixed: Selection issues when double-clicking the file.
  • Fixed: getSelectedfiles no longer returns duplicated entries.
  • Added the possibility to access inselectActionFunction custom attributes passed in elements returned by theGetFiles command.
  • Added the possibility to define custom plugins that provide additional toolbar buttons by settingtoolbarButtons property in defined plugins.
  • Added the possibility to pass extra parameters to popup methods withconfig.popupFeatures andconfig.popupTitle.
  • Added changes required byCKEditor 4.5.0.
  • ColdFusion only Fixed: ImageResize plugin no longer breaks in Railo.

Version 2.4.3 (view blog post)

Released: Nov 25, 2014

  • Java onlySecurity release (Java version only):
    • Improved sanitization, which could have lead to XSS or unhandled Java exceptions.
    • ImageResize plugin allowed for checking size of an image outside "userfiles" folder.
    • Dependency updates.

Version 2.4.2 (view blog post)

Released: Aug 14, 2014

  • Updated syntax highlighting component used in the fileeditor plugin. Added languages support: markdown, restructured text, java, less, sass, scss, perl, python, ruby and sql.
  • Changed default thumbnail delay to 100ms.
  • Fixed: Loading thumbnails is terribly slow when there are many files in a folder.
  • Fixed: Using "Search" while the folder was loading could result in a JavaScript error.
  • Fixed: External script loading in popup does not work in Internet Explorer.
  • Fixed: Editing of text files broken in Chrome 31 and higher.
  • Fixed: Too early thumb render on uploading multiple files.
  • Fixed: Issues with HTML5 upload in IE11 "tile mode" when in popup.
  • Fixed: Issues when calling CKFinder popup twice.
  • Fixed: CKFinder with thumbs disabled - icons are not shown.
  • Fixed: IE9: SCRIPT1002: Syntax error.
  • Updated translations: Italian, Turkish.
  • Java only Fixed: CKFinder doesn't allow custom error messages being returned after uploading file.
  • Java only Fixed: Java 1.5 support in watermark plugin.
  • Java only Fixed: CKFinder doesn't allow uploads of certain images even if their extension is allowed (jpc,jp2,jpx,jb2,psd,swc,tiff,tif,wbmp).

Version 2.4.1

Released: Jan 4, 2014

  • PHP only Fixed: empty filename when non-UTF-8 character is found on nginx with PHP 5.4
  • ASP.NET only Fixed: CKFinder did not return a proper information about child folders of resource type when ACL was set

Version 2.4 (view blog post)

Released: Aug 14, 2013

  • AddedSearch box in the toolbar that performs search of those files matching the searched string in the current folder.
  • Java only AddedWatermark plugin that (if enabled) adds a watermark to uploaded images.
  • Fixed: Images can be overwritten on resizing.
  • Fixed: File extension is now hidden when "Create new image" checkbox is unselected in Image Resize dialog.
  • Fixed: When the file name was too long it overlapped the image in Lightbox preview.
  • Fixed: Display issues in Internet Explorer 10 and Internet Explorer 11.
  • Fixed: It was impossible to upload files in IE10/IE11 when CKFinder was running in a popup.
  • Fixed: Classic upload for popup sample did not work in IE9.
  • Fixed: Dialog windows could not be opened after opening CKFinder twice in a popup.
  • Fixed: Various "access denied" errors appeared from time to time in IE when CKFinder was running in a popup.
  • Fixed: CKFinderAPI.disableFolderContextMenuOption() did not work for "createSubFolder"/"renameFolder" items.
  • Fixed: In some cases, and empty (undefined) error message was shown to the user when an error occured.
  • Updated colorbox library used by the gallery plugin to the latest version, compatible with latest versions of jQuery.
  • PHP only Fixed paths resolving by resolveUrl() function.
  • ASP.NET only Fixed: IE sends full Path instead of just uploaded file name when in intranet.
  • Java only Updated Thumbnailator to the latest stable version. Current version is 0.4.5.
  • Java only Fixed: can't remove file with utf-8 name on Java server.
  • Java only Fixed: Java connector now allows 0 values in imgWidth and imgHeight configuration options.
  • Java only Fixed: Explode deployment doesn't work for JBOSS 6.
  • Java only Fixed: JBOSS doesn't return error messages.
  • Java only Fixed: UTF-8 doesn't work with Java Connector on Glassfish 3.0 / 3.1.
  • Java only Fixed: Weblogic doesn't return error messages.
  • Java only Fixed: Weblogic can return null for mime type.
  • Java only Fixed: Method getFullConfigPath() doesn't work on Weblogic.
  • Java only Fixed: NullPointerException is thrown with Java Connector and some XML parsers.
  • Java only Fixed: Java Connector now supports Tomcat 5.5-7, Jetty 7-9, Glassfish 3.0-3.1, JBoss 6-7, Weblogic 11g-12c.
  • Java only Fixed: Java Connector documentation was updated.

Version 2.3.1.2 (ASP)

Released: Jul 06, 2013

  • ASP only Compatibility with 64bit version of Persits dll.
  • ASP onlyImageResize plugin was broken.

Version 2.3.1.1 (ASP)

Released: Jul 05, 2013

  • ASP only Removed code in the configuration file that was including a missing zip plugin, causing an error.

Version 2.3.1 (view blog post)

Released: Jan 04, 2013

  • Security release:
    • It was possible to perform DOS attack by users authorized to use the sever connector and with permissions to upload files (ASP, PHP, ColdFusion).
    • It was possible to cause Denial of Service to files and folders on certain servers (like Apache) by users authorized to use the sever connector and with permissions to create folders. The attack was possible only inside a folder to which user had "create folder" permissions.
  • Added new translation: Serbian.
  • Updated translations: Catalan, Chinese, Japanese.
  • Folders that start with a dot character are now disallowed by default.
  • Fixed auto-renaming of files with multiple extensions:foo.tar.gz will be renamed tofoo(1).tar.gz on second upload.
  • Maximize did not work when CKFinder was added withappendTo()
  • ASP.NET only IntroducedCheckDoubleExtension configuration option.
  • ASP only Avoid infinite loop if the configuration for thumbnails is removed instead of disabled.
  • Java only Thumbnails were sometimes not available

Version 2.3 (view blog post)

Released: Aug 22, 2012

  • Added the newMaximize plugin.
  • Multiple file selection: copying / moving / deleting / selecting multiple files is now possible.
  • When no other selection function defined, double clicking a file will now execute the View command.
  • File editor plugin was upgraded to useCodeMirror 2.C# support was added.
  • It is now possible to select a file on startup by using theconfig.startupPath configuration.
  • Added a new configuration option,config.sidebarWidth, to change the initial width of the sidebar (where the folders pane is located) with ease.
  • The name of the file is now displayed when hovering over a file.
  • Added a new API method,api.addFolderDropMenuOption, to add new options to the menu that opens once files are dropped into a folder.
  • Added an option for plugins to specify if a toolbar button should be disabled when basket is empty.
  • Added new translation: Catalan.
  • Updated translations: Hebrew.
  • Fixed:IE 10: Compatibility with latest beta version.
  • Fixed: Thumbnails of custom sizes are now displayed correctly at the files list.
  • Fixed: Files from the right resource type will be shown at the second opening of CKFinder via CKEditor.
  • Fixed: Impossible to set height of CKFinder when usingSetupCKEditor().
  • Fixed: Extension is now uneditable in the ImageResize dialog window.
  • Fixed: HittingF5 andCTRL+R inside a CKFinder popup will not close the window.
  • Fixed: IE will not show an error on the console when opening Developer Tools when inside the popup.
  • Fixed: Theonbeforeunload event of the host document will now be preserved.
  • Fixed: The "Resize" dialog window looks better on Webkit.
  • Fixed: The thumbnail inside the "Resize" dialog window is now limited in size.
  • Fixed: An hidden CKFinder instance will now have correct height when shown.
  • Fixed: Theconfig.rememberLastFolder configuration now works when opening CKFinder as a popup.
  • Fixed: In forced IE7 compatibility mode, IE8 did not display dialogs correctly.
  • Fixed: It is now possible to use a callback for the Basket's context menu and toolbar labels, as well as custom language strings.
  • Fixed: Layout may appear broken after upload.
  • Fixed: Thumbnails were left in the old location when files were moved.
  • PHP only Added the new Zip plugin, that can create and extract zip archives and allows to download a folder or multiple files as a zip package.
  • PHP only Dropped support for PHP 4.x.
  • ASP only Fixed: Space character was wrongly encoded when uploading a file using quick uploads.
  • ASP only Fixed: Avoid error if Sessions are disabled at IIS.
  • ASP.NET only Fixed: SelectFunctionData and SelectThumbnailFunctionData properties were not available.
  • ASP.NET only Fixed: Corrected the ASP.NET source code folder structure for included plugins.
  • ASP.NET only Fixed: ArrayIndexOutOfBounds was sometimes thrown when file was uploaded.
  • ColdFusion only Fixed: Slow thumbnail generation in ColdFusion 8 and higher.
  • ColdFusion only Fixed: Image quality was not respected during thumbnail generation in ColdFusion 8 and higher.
  • ColdFusion only Corrected the default mapping for CKFinder_Connector to avoid error: "Could not find the ColdFusion component or interface CKFinder_Connector.CommandHandler.XmlCommandHandlerBase".
  • Java only Updated Thumbnailator to the latest stable version. Thumbnailator is now loaded from Maven Central Repository.

Version 2.2.2 (view blog post)

Released: Jul 03, 2012

  • Fixed: The new Chrome 20 is again causing issues withfinder.popup(). The new fix should work for all future versions of Chrome.

Version 2.2.1 (view announcement)

Released: Apr 04, 2012

  • Fixed:finder.popup() does not work in Chrome 18.

Version 2.2 (view blog post)

Released: Mar 29, 2012

Security Release: fixed filtering of unsafe characters for IIS6 web server.

  • HTML5 multiple file uploads introduced.
  • Files can now be uploaded by using thedrag&drop in Firefox and Chrome.
  • Added aread-only mode (config.readOnly), which if enabled, lets the user browse the files but not upload or modify them.
  • CKFinder now supports common lightbox plugins by default when viewing files, and will use Colorbox to show images if no other lightbox plugin is loaded.
  • "Upload" button in the toolbar now remains active after a file has been uploaded if the Upload Pane is still open.
  • Improved formatting of file sizes.
  • Plugin definition now contains a newconnectorResponse property which can use raw data sent from the server inside plugins.
  • Added support for full URLs in theSetupCKEditor() method.
  • Configuration objects passed to theSetupCKEditor() method are now in fact being used.
  • Improved support for Android and iOS tablets.
  • Updated translations: Slovak; minor updates in all other localizations.
  • Fixed: Permission denied to set property Window.onbeforeunload.
  • Fixed: ckfinder_v1.js:SetupCKEditor() andSetupFCKeditor() methods are causing a JavaScript error.
  • Fixed: IE, Opera: Double clicking a file causes CKFinder to try to close the browser tab.
  • Fixed: IE, Opera: CKFinder closes the browser tab after the tab which linked to it was closed.
  • Fixed: IE, Opera: CKFinder tries to close the browser tab after pressing the F5 key (Refresh).
  • Fixed: When CKFinder is integrated with CKEditor, the URL that is sent back from the Upload tab after a successful file upload is not being encoded properly.
  • Fixed: It is impossible to view a file with a special character in its name.
  • Fixed: IE8: Selecting a file requires a double click instead of a single one.
  • Fixed: High Contrast mode detection.
  • Fixed: Flash uploader is unable to deal with unexpected errors.
  • ASP only Fixed: Always sort folders instead of rely on default sorting by the OS.
  • PHP only Fixed: Incorrect encoding of file names returned after the file upload.
  • PHP only Added: Support full URLs in resolveUrl() to resolve to correct $baseDir.
  • Java only Fixed: Removing unsafe characters from file names.

Version 2.1.1 (view blog post)

Released: Jan 05, 2012

  • Sorting by file extension is now available.
  • Clear Basket button is now only active when applicable.
  • Added support for skins in custom paths (config.skin).
  • Added a new API method to destroy an instance (api.destroy()).
  • Added an option to specify additional parameters for server requests (config.connectorInfo).
  • Added new translations: Bulgarian, Croatian, Esperanto, Gujarati, Hindi, Romanian, Vietnamese, Welsh.
  • Updated translations: Brazilian Portuguese, Chinese Simplified, Czech, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Italian, Lithuanian, Norwegian Bokmal, Norwegian Nynorsk, Persian, Polish, Russian, Slovenian, Spanish, Swedish, Turkish.
  • Added Czech version of CKFinder User's Guide ("Help").
  • A callback function (config.callback) can now also be defined in the configuration file.
  • Added RTL support for skins.
  • Improved RTL support in the Flash upload component.
  • Fixed: The Flash uploader used wrong URL to send files when CKFinder had an ID attribute assigned (as a result, the upload was never marked as completed).
  • Fixed: Added protection against thumbnail caching. CKFinder was displaying an old thumbnail when a user deleted a file and then a file with the same name was uploaded.
  • Fixed: [Opera] Double clicking on a folder opens the browser's context menu.
  • Fixed: It was impossible to re-enable a disabled context menu command.
  • Fixed: config.id is now available for reading within custom configuration.
  • Fixed: [Firefox] JavaScript error when reloading the page where CKFinder is used as a popup.
  • Fixed: [IE, Chrome] Focus is lost after closing a dialog window.
  • Fixed: The startupPath option did not work.
  • Fixed: Unable to use CKFinder inside modal dialogs due to inability to properly destroy the previous instance.
  • PHP only Fixed: When cookie contains an array, clicking the Upload button resulted in an error.
  • PHP only Fixed: The Watermark plugin (and the AfterFileUpload hook) did not work.
  • PHP only Fixed: Uploading files did not work when memory_limit was set to -1.
  • ColdFusion only Fixed: The Watermark plugin (and the AfterFileUpload hook) did not work.
  • ASP only Windows Authentication support: theserver must be configured to forward the credentials.
  • ASP only Fixed: Return correct MIME type for jpg images.
  • Java only Fixed: The config.resourceType setting was not respected.
  • Java only Fixed: Extra content was added to larger files when they were being downloaded or edited.

Version 2.1 (view blog post)

Released: Sep 13, 2011

  • Added support for multiple uploads using the Flash component.
  • Improved rendering of thumbnails. Thumbnails are now loaded dynamically, only when the file is visible. A configurable delay between requesting each thumbnail is available: config.thumbnailDelay.
  • Added support for file upload using HTML5 FormData.
  • Added an option to set the base user interface color: config.uiColor.
  • File upload requires less clicks.
  • Improved keyboard navigation and actions.
  • Compatibility with mobile devices (Android and iOS).
  • Added an option to show an arrow icon that will launch the context menu: config.showContextMenuArrow.
  • Updated translations: Brazilian Portuguese, Chinese Simplified, Dutch, Finnish, Hebrew, Italian, Polish, Spanish.
  • Added new translations: Estonian, Lithuanian, Persian, Turkish.
  • CKFinder User's Guide ("Help") rewritten and fully updated for English and Polish.
  • Improved error handling when receiving an invalid XML response from the server connector.
  • Added an option to show the OS icons in Firefox: config.useNativeIcons.
  • Added an option to specify the path to the custom server connector: config.connectorPath.
  • Fixed: The "Download" option returns an improperly encoded filename.
  • Fixed: The dialog window used during the copying/pasting operations was broken in IE7.
  • Fixed: The Folders Pane was too small in Internet Explorer 9 in compatibility mode.
  • Fixed: English text in dialog window titles was flipped when using an RTL language.
  • Fixed: View image command opens the file in the same window in Internet Explorer.
  • Fixed: Opening context menu triggers folder reload.
  • Fixed: Invalid paths in popup(s) samples.
  • Fixed: CKFinder was sometimes throwing an "Object doesn't support this property or method" error in Internet Explorer.
  • Fixed: Thumbnails were not created if a folder or file name contains a single quote character.
  • Fixed: Disable upload button for iOS.
  • Java only Fixed: CKFinder was sometimes unable to load error messages from .jar files.
  • ASP.NET only Fixed: Incompatibility with FIPS-compliant servers.
  • ASP.NET only Fixed: Out of memory error when creating thumbnails.
  • PHP only Modified the default settings in the configuration file for the Images resource type.
  • PHP only Fixed: CKFinder did not work in Internet Explorer when there was a file with a name that contained some strange characters.

Version 2.0.2 (view blog post)

Released: Feb 16, 2011

  • Added new translation: Finnish.
  • Added a way to programmatically close a popup window:closePopup().
  • Updated syntax highlighting component used in the fileeditor plugin.
  • Fixed compatibility issues with IE9 RC.
  • Fixed: CKFinder does not scroll correctly to the uploaded file.
  • Fixed: Invalid height of the editing window in the File Editor dialog window.
  • Fixed: CKFinder.dom.element.getWindows method is not available.
  • Fixed: [Opera] Context menu does not work in the files pane.
  • Fixed: When CKFinder is opened in a popup window, after pressing the Cancel button CKFinder asks for confirmation in a wrong window.
  • Fixed: Download does not work in IE8 in a popup window.
  • Fixed: It is impossible to upload a file when CKFinder is running in a popup window.
  • Fixed: File editor does not work in a popup window.
  • PHP only Fixed: CKFinder loses PNG image transparency on thumbnails.
  • PHP only Fixed: thumbnails are corrupted when files calling ob_start() are included in config.php.

Version 2.0.1 (view blog post)

Released: Aug 17, 2010

  • Default view settings are now configurable.
  • Minimum height for CKFinder has been set to 200px.
  • CKFINDER.version and CKFINDER.revision variables are now available.
  • Updated and added new translations: French, Hebrew, Japanese, Russian.
  • Callback function can now be defined also in the configuration file.
  • CKFinder will now remember client settings in a cookie.
  • Files are now selected automatically after upload.
  • Fixed: Permission denied error in IE 8 when using CKFinder in a popup.
  • Fixed: Upload progress bar was broken in FF 3.5+.
  • Fixed: CKFinder does not work in a frameset.
  • Fixed: RTL support in the files pane.
  • Fixed: SSL support in IE6 and Firefox 3.0.
  • Fixed: application ID was not passed to the server connector.
  • Fixed: CKFinder.setupCKEditor was not working when null was passed as the first argument.
  • Fixed: dialogs in an iframe in IE8 quirks mode are renedered incorrectly.
  • Fixed: dialogs in IE in quirks mode looked bad.
  • Fixed: right click triggered drag&drop in Safari.
  • Fixed: content was selected during resizing in Safari.
  • Fixed: dialog borders in V1 skin in IE6.
  • Fixed: "Empty folder" message disappeared after changing files view mode.
  • Fixed: context menu in Firefox on a Mac does not work.
  • Fixed: changing file extension caused issues with renaming file for the second time.
  • Fixed issue with caching thumbnails.
  • ColdFusion only Fixed: AVG was reporting a virus in ckfinder.js.
  • ColdFusion only Fixed: DownloadFile command in ColdFusion was not working properly.
  • ASP only Debug mode was not working.
  • ASP.NET only Fixed: AfterFileUpload event was not available in ASP.NET
  • ASP.NET only Fixed session dependency bug (CKFinder will now work fine when session state is not enabled).

Version 2.0 (view blog post)

Released: May 28, 2010

Abrand new release of CKFinder!

  • New user interface.
  • Moving & copying files is now supported, simply drag & drop a file to the destination folder.
  • Improved accessibility.
  • Powerful JavaScript API, check theDeveloper's Guide for more information.
  • Support for server side plugins.
  • Virtual "Basket" folder to work easier with a set of files.
  • Image resize plugin - resize images, create thumbnails in just a few seconds!
  • File editor plugin - edit files online, no need to download them and upload back to the server.

Version 1.4.3 (view blog post)

Released: Feb 18, 2010

  • New translations available: Hungarian, Norwegian.
  • PHP only New configuration option added to force ASCII names for files and folders.
  • ColdFusion only Fixed problems with returning incorrect URL during quick uploads when baseUrl was set to a full URL.
  • ColdFusion only Temporary files are now correctly deleted after upload.
  • ASP.NET only Corrected the default thumbnails directory.

Version 1.4.2 (view blog post)

Released: Jan 11, 2010

  • New translations available: Czech, Dutch, Greek, Slovene.
  • Fixed issues with receiving ajax calls when XML response was sent along with white characters.
  • Fixed issues with uploading files containing some special characters.
  • Integration with CKEditor failed if a full URL including the domain was specified.
  • Improved CKEditor compatibility: CKFinder will now use same user language as CKEditor.
  • Improved error handling when loading files/folders fails.
  • Fixed compatibility with Firefox 3.6 and the lack of onreadystatechange event.
  • ASP.NET only Solved problems with losing session variables when folder is deleted (added HTTP module that disables FCN).
  • ASP.NET only Fixed problems with returning "Unknown Error" when file system permissions are insufficient.
  • ASP.NET only Improved error reporting when running in debug mode.
  • PHP only Added easy integration with CKEditor in CKFinder class (SetupCKEditor/SetupCKEditorObject methods).
  • PHP only Fixed issues with invalid .htaccess in the userfiles directory when PHP was running as CGI.
  • PHP only Fixed problems with downloading large files.
  • PHP only Fixed invalid code causing problems with generating thumbnails.
  • PHP only Checking size of uploaded file didn't work in PHP4 when CheckSizeAfterScaling was disabled.
  • PHP only Calling the resize of images without preserving the ratio failed.
  • ColdFusion only Fixed problems with creating thumbnails in ColdFusion 9.
  • ColdFusion only Increased default ApplicationTimeout.

Version 1.4.1.1 (view blog post)

Released: Oct 02, 2009

  • Fixed problems with uploading files in Google Chrome.

Version 1.4.1

Released: Sep 25, 2009

  • New translations available: Danish, Swedish.
  • CKEditor compatibility: fixed issues with selecting thumbnails.
  • ColdFusion only CKEditor compatibility: fixed issues with quick uploads.

Version 1.4 (view blog post)

Released: Aug 20, 2009

  • CKEditor is now supported.
  • Upload progress bar is shown for Firefox 3.5
  • New translation available: French.
  • ColdFusion only Fixed compatibility with BlueDragon.
  • ColdFusion only Changed the way how thumbnails are created in ColdFusion 8.

Version 1.3.4

Released: May 15, 2009

  • ColdFusion only Fixed security issue in the server connector (CKFinder for ColdFusion).

Version 1.3.3

Released: May 15, 2009

  • ColdFusion only Fixed "Invalid CFML construct error" in ColdFusion 7 (and earlier).

Version 1.3.2

Released: May 15, 2009

  • Long filenames caused wrong resize of the panes in IE.
  • New translations available: Latvian and Portuguese (Brazilian).
  • New help files translations available: Polish and Spanish.
  • PHP onlyColdFusion only Fixed handling of duplicate ACL entries for the same resource type and path.

Version 1.3.1

Released: Dec 16, 2008

  • PHP only Fixed problem with image validation during uploads of .swf files.

Version 1.3 (view blog post)

Released: Dec 16, 2008

  • Attention: New feature added that may cause compatibility issues in rare situations. The number of arguments passed from CKFinder to the "SelectFunction" has changed. In the second argument, an object with additional data is now passed.
  • Added control over the startup path. It is now possible to point CKFinder into selected resource type/folder.
  • Improved thumbnails support: it is now possible to define a custom function that will be triggered when thumbnail is selected (SelectThumbnailFunction).
  • New configuration option added to access thumbnails directly, if enabled, thumbnail requests are passed to the connector only if one should be created.
  • Improved protection against caching of thumbnails by browser.
  • Introduced RememberLastFolder setting - if enabled, CKFinder will remember the last used folder.
  • Improved the routine to show all the errors sent by the server connectors.
  • Improved the control over popup mode - it is now possible to disable auto-closing of CKFinder window.
  • Added support for passing CKFinder settings as an object in the javascript integration class.
  • Added example explaining how to open CKFinder in selected folder.
  • Fixed security issues in the server connector.
  • ASP.NET only Improved the quality of resized images if quality is set to over 80.
  • ASP.NET only Fixed issues with thumbnail generation ("String was not recognized as a valid DateTime").
  • ASP.NET only Resized gif and bmp images are not being changed into png anymore.
  • ASP.NET only Fixed the issue with generating png image from a jpg file if the extension was in uppercase.
  • PHP only Fixed issues with invalid .htaccess in the userfiles directory when PHP was running as CGI
  • PHP only Added BMP thumbnails support.
  • PHP only Fixed issue where cleaning output buffering triggered custom error handler.
  • ColdFusion only Added sample Application.cfc and Application.cfm files in the root directory.
  • ColdFusion only CKFinder now works fine when debugging is enabled.
  • ColdFusion only Fixed problems with creating thumbnails of files with uppercase extension.
  • ASP only Thumbnails were not generated for images with "jpeg" extension.
  • ASP only Improved the parsing of max size for file uploads.
  • ASP only Fixed problems with uploads>1Mb if the checkSizeAfterScaling setting was enabled
  • ASP only Fixed problem with debug option in some situations
  • ASP only Improve handling of the error if the upload is bigger than the limit allowed by the server
  • ASP only Added another image component library: Shotgraph. You must have a full registered version, the demo doesn't even allow resizing.
  • ASP only If the extension was in uppercase, the asp.net resizing did generate png files instead of jpg files.
  • ASP only The thumbnails of bmp and gif files were really png files.
  • ASP only If the component was set to "auto" the autodetection routine did left one empty file for each request in the temp folder. You can delete all the ckfindertemp files. Note: For better performance, set the component that you want to use instead of letting it as "Auto".
  • ASP only If the CKFinder was protected with Basic Authentication, the calls to Asp.Net did fail. Automatically reuse the authentication.
  • ASP only Added support to use the Asp.Net image resizing even if the server runs in a non-standard port.

Version 1.2.3 (view announcement)

Released: May 16, 2008

Fixed Bugs:

  • Fixed security issues in server connector (directory traversal attack vulnerability).
  • When uploading files, a JavaScript error was being thrown if an error occurred during the upload process.

Version 1.2.2

Released: Mar 23, 2008

Fixed Bugs:

  • PHP only Fixed issues with sending requests when output buffering is enabled

Version 1.2.1

Released: Mar 18, 2008

Fixed Bugs:

  • PHP only Fixed issues with chmoding files and folders due to empty umask() calls
  • PHP only Corrected require_once calls, CKFinder now works when "." is not in include_path

Version 1.2 (view blog post)

Released: Mar 14, 2008

New Features and Improvements:

  • CKFinder is now fully localizable. The German, Italian, Polish and Spanish localization is included.
  • Icons are now displayed for files in List view.
  • Custom dialog boxes are now being used to avoid issues with popup blockers.
  • New configuration option added to hide specific folders and files.
  • New configuration option added to check size of uploaded image after scaling.
  • ASP only New image component added: briz.AspThumb.
  • ASP only Added option to set image component to "None" (and disable that way all image related operations).
  • ASP only Provided a way to work with Asp.Net servers in Medium Trust.
  • ASP only Fixed some details to improve debugging and give proper error messages for unexpected errors.
  • ASP only Removed the OWC option due to its bad quality.
  • ColdFusion only New configuration option added to define temporary directory.
  • The UI will now reflect changes in the ACL when the Refresh button is used.
  • File extensions are now checked in the client side before uploading.
  • The [+] icons is now shown in the root folders only if subfolders are available.
  • Attention:PHP only Permissions applied with the chmod command are now configurable.
  • Attention:ColdFusion only Permissions applied with the mode attribute are now configurable.

Fixed Bugs

  • Creating and removing a folder with the same name was causing an error.
  • The # character is now properly encoded in the URL returned by CKFinder if that character is present in the file name.
  • ASP only Fixed compatibility with Asp.Net 1.1.
  • ASP only Fixed the scaling option for the Image2 component.
  • ColdFusion only Fixed the issue with sending the correct url when absolute baseUrl was given.
  • ColdFusion only Fixed filtering of the resource types when type is set in the url.
  • PHP only Fixed problems with file uploads when open_basedir was enabled.

Version 1.1 (view blog post)

Released: Jan 11, 2008

New Features and Improvements:

  • Attention:ASP.NET only The ckfinder.config file has been replaced with config.ascx, which now uses pure C# syntax instead of XML. It makes it possible to add any kind of code in the settings, giving much more flexibility. Previous configuration files must be "translated" to the new format.
  • Attention: Some additional security features have been introduced, changing the behavior present on previous versions:
    • The CheckAuthentication() function has been introduced in the configuration file. It must return "true" to CKFinder to work. Pay attention to the comments you will find there.
    • Allowed/denied extensions list is now used to filter displayed files. In previous versions it was used only to restrict file uploads
    • In the default config file, the allowed extensions list is now defined instead of denied extensions list (white list approach).
    • Automatic detection of invalid image files on upload.
    • Disabling the upload if HTML is found inside specific files to prevent against UXSS.
  • Introduced CKFinder for ASP and CKFinder for ColdFusion.
  • Full server side source code is now available.
  • CKFinder is now compatible with Safari 3 (WebKit based browsers) and Opera 9.5.
  • CKFinder is now fully compatible with FCKeditor 2.5, including QuickUpload support.
  • New configuration option added to set maximum dimension of uploaded images.
  • Improved speed of thumbnails loading by CKFinder. HTTP code 304 is being sent whenever possible.
  • An alert message is now displayed when the "View" popup is blocked by the browser.
  • Dozens of small fixes and enhancements.

Fixed Bugs

  • Fixed incompatibility issues with IE 5.5/6 ("The page cannot be displayed").
  • Fixed IE6 incompatibility with the "Navigate sub-frames across multiple domains" security setting.
  • PHP only Removed potential problems with umask & creating directories. Directories are now chmoded to 0755 after creation.
  • PHP only No errors when memory_get_usage() function is undefined.
  • Fixed the issue with the calculation of the size of thumbnails.
  • ASP.NET only Improved error handling. Error messages are now properly displayed instead of error 110.
  • CKFinder now gracefully handles situations, where the connector response is broken.
  • Fixed the issue with getting files after renaming a folder.
  • PHP only Fixed the issue with setting maxSize. It was ignored previously.
  • PHP only It works with error_reporting set to E_STRICT.
  • PHP only Fixed small issues with PHP4 and thumbnails generation.
  • Thumbnails are not retrieved if no FileView permission in the folder.

Version 1.0.1 (view announcement)

Released: Jul 18, 2007

Fixed incompatibility issues with IE 5.5/6.

Version 1.0 (view announcement)

Released: Jul 14, 2007

First public release.

Trusted by

Adobe
Citi
IBM
Microsoft
Oracle
Disney
Siemens
AT&T
NBC