#4979: Added cache key in #4761 started to breaking relative links for external CSS resources. The fix had been reverted and will be corrected in the upcoming release.
CKEditor 4.17
Security Updates:
Fixed XSS vulnerability in the core module reported by William Bowling.
Issue summary: The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.
Fixed XSS vulnerability in the core module reported by Maurice Dauer.
Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.
You can read more details in the relevant security advisory and contact us if you have more questions.
An upgrade is highly recommended!
Highlights:
Adobe ended support of Flash Player on December 31, 2020 and blocked Flash content from running in Flash Player beginning January 12, 2021.
We have decided to deprecate and remove the Flash plugin from CKEditor 4 to help protect users' systems and discourage using insecure software.
New Features:
#3433: Marked required fields in dialogs with asterisk (*) symbol.
#4374: Integrated the Maximize plugin with browser's History API.
#4461: Introduced the possibility to delay editor initialization while it is in a detached DOM element.
#4462: Introduced support for reattaching editor container element to DOM.
#4612: Allow pasting images as Base64 from clipboard in all browsers except IE.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LibreTexts/ckeditor-binder-plugin/network/alerts).
Bumps ckeditor4 from 4.16.1 to 4.17.0.
Changelog
Sourced from ckeditor4's changelog.
... (truncated)
Commits
1690c8f
Added CKEditor 4.17.0 standard-all.b2758d4
Added CKEditor 4.16.2 standard-all.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LibreTexts/ckeditor-binder-plugin/network/alerts).