Issue
- We plan to update the CKeditor version due to several vulnerabilities including XSS.
- https://security.snyk.io/package/npm/ckeditor4/4.17.1
- https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4171
Environment
- Liferay DXP 7.3 Update 6 and below
Resolution
- This issue is fixed by upgrading CKeditor to 4.18.0 or above.
- com.liferay.frontend.editor.ckeditor.web is the Liferay module which is responsible for CKeditor and version 4.0.51 and above has upgraded CKeditor from 4.17.1 to 4.18.0. This was implemented in Liferay 7.3 Update 7.
- The CKditor upgrade was done under LPS-149452 and was released in dxp-7-7310. You can request a hotfix including LPS-149452 or update to Liferay 7.3 Update 7 or above.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar