Details
-
Type: Task
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
-
Fix Version/s: EE-4.3.0.GA_P06, EE-3.3.0.GA_P12
-
Component/s: ACE-Components
-
Labels:None
-
Environment:Any
Description
For our previous patch release, we updated our CKEditor code to version 4.22.1, which is the last version of the non-LTS CKEditor 4 line. Since then a number of vulnerabilities have been found and the respective fixes have been applied to the CKEditor 4 LTS, which is now at version 4.25.0. Since we don't use the LTS variant of CKEditor 4, we have to apply these security updates manually to our existing code. This JIRA is to apply those fixes.
More specific details about these vulnerabilities can be found on this page:
https://security.snyk.io/package/npm/ckeditor4/4.22.1
More specific details about these vulnerabilities can be found on this page:
https://security.snyk.io/package/npm/ckeditor4/4.22.1
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion