FEDORA-2019-ae7f274d24 created by siwinski 10 months ago for Fedora 29
stable

CKEditor 4.11.2

Fixed Issues:

  • #2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks.
  • #2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the wrapping table.
  • #2451: Fixed: The Remove Format plugin changes selection.
  • #2546: Fixed: The separator in the toolbar moves when buttons are focused.
  • #2506: Fixed: Enhanced Image throws a type error when an empty <figure> tag with an image class is upcasted.
  • #2650: Fixed: Table dialog validator fails when the getValue()function is defined in the global scope.
  • #2690: Fixed: Decimal characters are removed from the inside of numbered lists when pasting content using the Paste from Word plugin.
  • #2205: Fixed: It is not possible to add new list items under an item containing a block element.
  • #2411, #2438 Fixed: Apply numbered list option throws a console error for a specific markup.
  • #2430 Fixed: Color Button and List Block items are draggable.

Other Changes:

  • Updated the WebSpellChecker (WSC) plugin:
    • #52 Fixed: Clicking "Finish Checking" without a prior action would hang the Spell Checking dialog.
  • #2603: Corrected the GPL license entry in the package.json file.

CKEditor 4.11.1

Fixed Issues:

  • #2571: Fixed: Clicking the categories in the Emoji dropdown panel scrolls the entire page.

CKEditor 4.11

Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by maxarr.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

New Features:

  • #2062: Added the emoji dropdown that allows the user to choose the emoji from the toolbar and search for them using keywords.
  • #2154: The Link plugin now supports phone number links.
  • #1815: The Auto Link plugin supports typing link completion.
  • #2478: Link can be inserted using the <kbd>Ctrl</kbd>/<kbd>Cmd</kbd> + <kbd>K</kbd> keystroke.
  • #651: Text pasted using the Paste from Word plugin preserves indentation in paragraphs.
  • #2248: Added support for justification in the BBCode plugin. Thanks to Matěj Kmínek!
  • #706: Added a different cursor style when selecting cells for the Table Selection plugin.
  • #2072: The UI Button plugin supports custom aria-haspopup property values. The Menu Button aria-haspopup value is now menu, the Panel Button and Rich Combo aria-haspopup value is now listbox.
  • #1176: The Balloon Panel can now be attached to a selection instead of an element.
  • #2202: Added the contextmenu_contentsCss configuration option to allow adding custom CSS to the Context Menu.

Fixed Issues:

  • #1477: Fixed: On destroy, Balloon Toolbar does not destroy its content.
  • #2394: Fixed: Emoji dropdown does not show up with repeated symbols in a single line.
  • #1181: [Chrome] Fixed: Opening the context menu in a read-only editor results in an error.
  • #2276: [iOS] Fixed: Button state does not refresh properly.
  • #1489: Fixed: Table contents can be removed in read-only mode when the Table Selection plugin is used.
  • #1264 Fixed: Right-click does not clear the selection created with the Table Selection plugin.
  • #586 Fixed: The required attribute is not correctly recognized by the Form Elements plugin dialog. Thanks to Roli Züger!
  • #2380 Fixed: Styling HTML comments in a top-level element results in extra paragraphs.
  • #2294 Fixed: Pasting content from Microsoft Outlook and then bolding it results in an error.
  • #2035 [Edge] Fixed: Permission denied is thrown when opening a Panel instance.
  • #965 Fixed: The config.forceSimpleAmpersand option does not work. Thanks to Alex Maris!
  • #2448: Fixed: The [Escape HTML Entities] plugin with custom additional entities configuration breaks HTML escaping.
  • #898: Fixed: Enhanced Image long alternative text protrudes into the editor when the image is selected.
  • #1113: [Firefox] Fixed: Nested contenteditable elements path is not updated on focus with the Div Editing Area plugin.
  • #1682 Fixed: Hovering the Balloon Toolbar panel changes its size, causing flickering.
  • #421 Fixed: Expandable Button puts the (Selected) text at the end of the label when clicked.
  • #1454: Fixed: The onAbort method of the Upload Widget is not called when the loader is aborted.
  • #1451: Fixed: The context menu is incorrectly positioned when opened with <kbd>Shift</kbd>+<kbd>F10</kbd>.
  • #1722: CKEDITOR.filter.instances is causing memory leaks.
  • #2491: Fixed: The Mentions plugin is not matching diacritic characters.
  • #2519: Fixed: The Accessibility Help dialog should display all available keystrokes for a single command.

API Changes:

Other Changes:

  • #1713: Removed the redundant lang.title entry from the Clipboard plugin.

CKEditor 4.10.1

Fixed Issues:

  • #2114: Fixed: Autocomplete cannot be initialized before instanceReady.
  • #2107: Fixed: Holding and releasing the mouse button is not inserting an autocomplete suggestion.
  • #2167: Fixed: Matching in Emoji plugin is not case insensitive.
  • #2195: Fixed: Emoji shows the suggestion box when the colon is preceded with other characters than white space.
  • #2169: [Edge] Fixed: Error thrown when pasting into the editor.
  • #1084 Fixed: Using the "Automatic" option with Color Button on a text with the color already defined sets an invalid color value.
  • #2271: Fixed: Custom color name not used as a label in the Color Button plugin. Thanks to Eric Geloen!
  • #2296: Fixed: The Color Button plugin throws an error when activated on content containing HTML comments.
  • #966: Fixed: Executing editor.destroy() during the file upload throws an error. Thanks to Maksim Makarevich!
  • #1719: Fixed: <kbd>Ctrl</kbd>/<kbd>Cmd</kbd> + <kbd>A</kbd> inadvertently focuses inline editor if it is starting and ending with a list. Thanks to theNailz!
  • #1046: Fixed: Subsequent new links do not include the id attribute. Thanks to Nathan Samson!
  • #1348: Fixed: Enhanced Image plugin aspect ratio locking uses an old width and height on image URL change.
  • #1791: Fixed: Image and Enhanced Image plugins can be enabled when Easy Image is present.
  • #2254: Fixed: Image ratio locking is too precise for resized images. Thanks to Jonathan Gilbert!
  • #1184: [IE8-11] Fixed: Copying and pasting data in read-only mode throws an error.
  • #1916: [IE9-11] Fixed: Pressing the <kbd>Delete</kbd> key in read-only mode throws an error.
  • #2003: [Firefox] Fixed: Right-clicking multiple selected table cells containing empty paragraphs removes the selection.
  • #1816: Fixed: Table breaks when <kbd>Enter</kbd> is pressed over the Table Selection plugin.
  • #1115: Fixed: The <font> tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.
  • #727: Fixed: Custom styles may be invisible in the Styles Combo plugin.
  • #988: Fixed: ACF-enabled custom elements prefixed with object, embed, param are removed from the editor content.

API Changes:

CKEditor 4.10

New Features:

  • #1751: Introduced the Autocomplete feature that consists of the following plugins:
  • #1703: Introduced the Mentions plugin providing smart completion feature for custom text matches based on user input starting with a chosen marker character.
  • #1746: Introduced the Emoji plugin providing completion feature for emoji ideograms.
  • #1761: The Auto Link plugin now supports email links.

Fixed Issues:

  • #1458: [Edge] Fixed: After blurring the editor it takes 2 clicks to focus a widget.
  • #1034: Fixed: JAWS leaves forms mode after pressing the <kbd>Enter</kbd> key in an inline editor instance.
  • #1748: Fixed: Missing CKEDITOR.dialog.definition.onHide API documentation. Thanks to sunnyone!
  • #1321: Fixed: Ideographic space character (\u3000) is lost when pasting text.
  • #1776: Fixed: Empty caption placeholder of the Image Base plugin is not hidden when blurred.
  • #1592: Fixed: The Image Base plugin caption is not visible after paste.
  • #620: Fixed: The config.forcePasteAsPlainText option is not respected in internal and cross-editor pasting.
  • #1467: Fixed: The resizing cursor of the Table Resize plugin appearing in the middle of a merged cell.

API Changes:

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker (WSC) plugins:
    • Language dictionary update: Added support for the Uzbek Latin language.
    • Languages no longer supported as additional languages: Manx - Isle of Man (gv_GB) and Interlingua (ia_XR).
    • Extended and improved language dictionaries: Georgian and Swedish. Also added the missing word "Ensure" to the American, British and Canada English language.
    • #141 Fixed: SCAYT throws "Uncaught Error: Error in RangyWrappedRange module: createRange(): Parameter must be a Window object or DOM node".
    • #153 [Chrome] Fixed: Correcting a word in the widget in SCAYT moves focus to another editable.
    • #155 [IE8] Fixed: SCAYT throws an error and does not work.
    • #156 [IE10] Fixed: SCAYT does not seem to work.
    • Fixed: After some text is dragged and dropped, the markup is not refreshed for grammar problems in SCAYT.
    • Fixed: Request to FastCGI fails when the user tries to replace a word with non-English characters with a proper suggestion in WSC.
    • [Firefox] Fixed: <kbd>Ctrl</kbd>+<kbd>Z</kbd> removes focus in SCAYT.
    • Grammar support for default languages was improved.
    • New application source URL was added in SCAYT.
    • Removed green marks and legend related to grammar-supported languages in the Languages tab of SCAYT. Grammar is now supported for almost all the anguages in the list for an additional fee.
    • Fixed: JavaScript error in the console: "Cannot read property 'split' of undefined" in SCAYT and WSC.
    • [IE10] Fixed: Markup is not set for a specific case in SCAYT.
    • Fixed: Accessibility issue: No alt attribute for the logo image in the About tab of SCAYT.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-ae7f274d24

This update has been submitted for testing by siwinski.

10 months ago

This update has been pushed to testing.

10 months ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

9 months ago

This update has been submitted for batched by siwinski.

9 months ago

This update has been submitted for stable by bodhi.

9 months ago

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
10 months ago
in testing
10 months ago
in stable
9 months ago
BZ#1569829 CVE-2018-9861 ckeditor: Cross-site scripting (XSS) vulnerability when using image2 plugin [fedora-all]
0
0
BZ#1597924 ckeditor-4.11.2 is available
0
0
BZ#1651704 CVE-2018-17960 ckeditor: XSS involving a source-mode paste [fedora-all]
0
0

Automated Test Results