concretecms: This CKEditor 4.22.1 (Standard) version is not secure. Consider upgrading to the latest one, 4.24.0-lts.
Affected Version of Concrete CMS
9.2.5
Description
When editing text in a content block, a warning is shown “This CKEditor 4.22.1 (Standard) version is not secure. Consider upgrading to the latest one, 4.24.0-lts.”
Screenshot
How to reproduce
Edit a basic content block.
Possible Solution
Upgrade to 4.24.0-lts
Temporary solution (CSS)
/* hide CKEditor warning */ .cke_notification.cke_notification_warning { display: none; }
Additional Context
About this issue
- Original URL
- State: closed
- Created 5 months ago
- Reactions: 1
- Comments: 16 (12 by maintainers)
Commits related to this issue
- Address #11931 in v8 — committed to concretecms/concretecms by aembler 5 months ago
- Fix #11931 — committed to aembler/concretecms by aembler 5 months ago
- Merge pull request #11937 from concretecms/fix-ckeditor-stupidity Address #11931 in v8 — committed to concretecms/concretecms by aembler 5 months ago
- Merge pull request #11938 from aembler/fix-ckeditor-notice-v9 Fix #11931 — committed to concretecms/concretecms by aembler 5 months ago
I wanted to make sure we got all the facts. Here is our official response:
https://forums.concretecms.org/t/ckeditor-4-22-1-and-concrete-cms-security-updates/6941
In the meantime, you can fix this on your sites by editing
application/config/generated_overrides/site.php, and adding the following configuration code:We will add this asap to the next release. To be clear, it is CKEditor’s own license that prevents from updating to CKEditor 5.
This is such gross behavior. Absolutely horrendous.
We have to add
versionCheck: falseto the ckeditor configuration - see https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-versionCheck+1 but also seeing this in 8.5.14