CKEditor 4.5.11 Released

Posted by Wojtek on Releases
Wojtek photo

CKEditor 4.5.11 Release Blog Post Image

We are happy to announce the release of CKEditor 4.5.11. Although it is a minor release, it contains two new features (including a long overdue one!) and some important bug fixes, like a fix for image pasting in Microsoft Edge. Read on for more information!

Link Plugin Improvements: Display Text

Thanks to Ryan Guill, since version 4.5.11 it will now be possible to specify the text displayed within the link. The new Display Text field added to the Link plugin dialog allows the user to provide or modify the text that is linked. What's interesting is that this new feature works on multiple elements, too!

Link Plugin Improvements Animated GIF

As a matter of fact, this feature seems to have been badly missed since a long time and it is another amazing example of the community stepping in when some editor improvement somehow goes off the radar of the core team. Thanks again, Ryan!

Enhanced Image Plugin Improvement: Target Attribute

The Enhanced Image plugin that lets you create captioned image widgets also got a small improvement: from now it will have support for the link target attribute. You can now use the Target tab of the Link dialog to set the image to, for example, open its link in a new window or tab.

CKEditor Fixes

In addition to these new features, this release also contains a few important bug fixes. Pasting images directly from clipboard will now finally work in Microsoft Edge, too. Additionally, an annoying bug where closing a dialog in a <div>-based editor would cause the content to be scrolled in Blink-based browsers was fixed. Last but not least, another issue with unwanted scrolling in Edge when focusing the editor was also corrected.

Pasting images directly into Edge Animated GIF

Security Fix

We have fixed a minor security issue - a target="_blank" vulnerability reported by James Gaskell (a BIG thank you!). 

If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or malicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.

An upgrade is recommended.

Changelog

Check out the What's New? page for the full list of changes.

More Info and Download

See the CKEditor 4.5.11 release blog post for more detailed information about the new version. You can download the latest release here.

Enter the Discussion and Post Your Comment

Post a comment