We are happy to announce the release of CKEditor 4.5.11. Although it is a minor release, it contains two new features (including a long overdue one!) and some important bug fixes, like a fix for image pasting in Microsoft Edge. Read on for more information!
Link Plugin Improvements: Display Text
Thanks to Ryan Guill, since version 4.5.11 it will now be possible to specify the text displayed within the link. The new Display Text field added to the Link plugin dialog allows the user to provide or modify the text that is linked. What's interesting is that this new feature works on multiple elements, too!
As a matter of fact, this feature seems to have been badly missed since a long time and it is another amazing example of the community stepping in when some editor improvement somehow goes off the radar of the core team. Thanks again, Ryan!
Enhanced Image Plugin Improvement: Target Attribute
The Enhanced Image plugin that lets you create captioned image widgets also got a small improvement: from now it will have support for the link target attribute. You can now use the Target tab of the Link dialog to set the image to, for example, open its link in a new window or tab.
In addition to these new features, this release also contains a few important bug fixes. Pasting images directly from clipboard will now finally work in Microsoft Edge, too. Additionally, an annoying bug where closing a dialog in a <div>-based editor would cause the content to be scrolled in Blink-based browsers was fixed. Last but not least, another issue with unwanted scrolling in Edge when focusing the editor was also corrected.
We have fixed a minor security issue - a
target="_blank" vulnerability reported by James Gaskell (a BIG thank you!).
If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or malicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
An upgrade is recommended.
Check out the What's New? page for the full list of changes.