FEDORA-2018-e29c7d10da created by siwinski 4 years ago for Fedora 27


Security Updates

  • Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein.
    • Issue summary: It was possible to execute XSS inside CKEditor using the tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.


Fixed Issues

  • #1835: Fixed: Integration between CKFinder and File Browser plugin does not work.


New Features

  • #932: Introduced Easy Image feature for inserting images that are automatically rescaled, optimized, responsive and delivered through a blazing-fast CDN. Three new plugins were added to support it:
    • Easy Image
    • Cloud Services
    • Image Base
  • #1338: Keystroke labels are displayed for function keys (like F7, F8).
  • #643: The File Browser plugin can now upload files using XHR requests. This allows for setting custom HTTP headers using the config.fileTools_requestHeaders configuration option.
  • #1365: The File Browser plugin uses XHR requests by default.
  • #1399: Added the possibility to set CKEDITOR.config.startupFocus as start or end to specify where the editor focus should be after the initialization.
  • #1441: The Magic Line plugin line element can now be identified by the data-cke-magic-line="1" attribute.

Fixed Issues

  • #595: Fixed: Pasting does not work on mobile devices.
  • #869: Fixed: Empty selection clears cached clipboard data in the editor.
  • #1419: Fixed: The Widget Selection plugin selects the editor content with the Alt+A key combination on Windows.
  • #1274: Fixed: Balloon Toolbar does not match a single selected image using the contextDefinition.cssSelectormatcher.
  • #1232: Fixed: Balloon Toolbar buttons should be registered as focusable elements.
  • #1342: Fixed: Balloon Toolbar should be re-positioned after the change event.
  • #1426: [IE8-9] Fixed: Missing Balloon Toolbar background in the Kama skin. Thanks to Christian Elmer!
  • #1470: Fixed: Balloon Toolbar is not visible after drag and drop of a widget it is attached to.
  • #1048: Fixed: Balloon Panel is not positioned properly when a margin is added to its non-static parent.
  • #889: Fixed: Unclear error message for width and height fields in the Image and Enhanced Image plugins.
  • #859: Fixed: Cannot edit a link after a double-click on the text in the link.
  • #1013: Fixed: Paste from Word does not work correctly with the config.forcePasteAsPlainText option.
  • #1356: Fixed: Border parse function does not allow spaces in the color value.
  • #1010: Fixed: The CSS border shorthand property was incorrectly expanded ignoring the border-color style.
  • #1535: Fixed: Widget mouseover border contrast is insufficient.
  • #1516: Fixed: Fake selection allows removing content in read-only mode using the Backspace and Delete keys.
  • #1570: Fixed: Fake selection allows cutting content in read-only mode using the Ctrl/Cmd + X keys.
  • #1363: Fixed: Paste notification is unclear and it might confuse users.

API Changes

  • #1346: Balloon Toolbar context manager API is now available in the pluginDefinition.init method of the requiringplugin.
  • #1530: Added the possibility to use custom icons for buttons.

Other Changes

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
    • SCAYT scayt_minWordLength configuration option now defaults to 3 instead of 4.
    • SCAYT default number of suggested words in the context menu changed to 3.
    • #90: Fixed: Selection is lost on link creation if SCAYT highlights the word.
    • Fixed: SCAYT crashes when the browser localStorage is disabled.
    • [IE11] Fixed: Unable to get property type of undefined or null reference error in the browser console when SCAYT is disabled/enabled.
    • #46: Fixed: Editing is blocked when remote spell checker server is offline.
    • Fixed: User Dictionary cannot be created in WSC due to You already have the dictionary error.
    • Fixed: Words with apostrophe ' on the replacement make the WSC dialog inaccessible.
    • Fixed: SCAYT/WSC causes the Uncaught TypeError error in the browser console.
  • #1337: Updated the samples layout with the new CKEditor 4 logo and color scheme.
  • #1591: CKBuilder and language tools are now downloaded over HTTPS. Thanks to August Detlefsen!

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-e29c7d10da

This update has been submitted for testing by siwinski.

4 years ago

This update has been pushed to testing.

4 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for batched by siwinski.

4 years ago

This update has been submitted for stable by siwinski.

4 years ago

ckeditor-4.9.2-1.fc27 ejected from the push because u"Cannot find relevant tag for ckeditor-4.9.2-1.fc27. None of ['f27-updates', 'f27-updates-pending'] are in [u'f22-updates-testing', u'dist-6E-epel-testing', u'f21-updates-testing', u'f25-updates-testing', u'f24-updates-testing', u'epel7-testing', u'f27-modular-updates-testing', u'dist-5E-epel-testing', u'f23-updates-testing', u'f26-updates-testing', u'f28-updates-testing', u'f27-updates-testing', u'f28-modular-updates-testing']."

4 years ago

This update has been marked stable administratively. See

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1556589 ckeditor-4.9.2 is available

Automated Test Results