Security Updates:
-
[Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell.
Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
An upgrade is recommended.
New Features:
-
#14747: The Enhanced Image caption now supports the link
targetattribute. - #7154: Added support for the "Display Text" field to the Link dialog. Thanks to Ryan Guill!
Fixed Issues:
- #13362: [Blink, WebKit] Fixed: Active widget element is not cached when it is losing focus and it is inside an editable element.
- #13755: [Edge] Fixed: Pasting images does not work.
- #13548: [IE] Fixed: Clicking the elements path disables Cut and Copy icons.
- #13812: Fixed: When aborting file upload the placeholder for image is left.
-
#14659: [Blink] Fixed: Content scrolled to the top after closing the dialog in a
<div>-based editor. -
#14825: [Edge] Fixed: Focusing the editor causes unwanted scrolling due to dropped support for the
setActivemethod.