I've seen postings about cross-site scripting vulnerabilities for version 4x. Does this apply to version 3x as well? We are currently on version 3.6.4. We are using 3x because we are on Drupal 7.34 and using the WYSIWYG Drupal module, which as far as i know doesn't support CKEditor version 4x. Sorry if this is a duplicate post, but I've exhausted my search ideas.
Thanks!
Security fixes are back
Security fixes are back-ported to version 3.x, so just update to the latest in the 3.x line (CKEditor 3.6.6.2) and you should be fine.
You can also simply use the official CKEditor for Drupal module which is based on CKEditor 4 and as such, updated regularly. When using the 3.x line you are missing on a few great features like widgets, advanced content filter, many new plugins etc.
Documentation Manager, CKSource
See CKEditor 5 docs, CKEditor 4 docs, CKEditor 3 docs, CKFinder 3 docs, CKFinder 2 docs for help.
Visit the new CKEditor SDK for samples showcasing editor features to try out and download!
Anna,
Anna,
Thanks for that quick response. We'll look at updating to 3.6.6.2.
Your suggestion for using the Drupal module is good to know. However, I believe regardless of whether we use the CKEditor module or our current WYSIWYG module, we must still download the the CKEditor "library" files separately and configure the module to work with them. But it will be worth investigating to see those features that WYSIWYG doesn't have.
Thanks again!