Issue
- We plan to update the CKeditor version due to several vulnerabilities including XSS.
- https://security.snyk.io/package/npm/ckeditor4/4.17.1
- https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4171
Environment
- Liferay DXP 7.3 Update 6 and below
Resolution
- This issue is fixed by upgrading CKeditor to 4.18.0 or above.
- com.liferay.frontend.editor.ckeditor.web is the Liferay module which is responsible for CKeditor and version 4.0.51 and above has upgraded CKeditor from 4.17.1 to 4.18.0. This was implemented in Liferay 7.3 Update 7.
- The CKditor upgrade was done under LPS-149452 and was released in dxp-7-7310. You can request a hotfix including LPS-149452 or update to Liferay 7.3 Update 7 or above.
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In