jero
February 7, 2024, 11:18pm
1
As of this morning, when editing a content block I’m seeing a popup security warning:
This CKEditor 4.22.1 version is not secure. Consider upgrading to the latest one , 4.24.0-lts.
This is on an 8.5.14 site.
A quick search reveals this:Release notes | CKEditor.com dated 7/2/24
Looks like the only fix being offered is in the paid-for LTS version of CKEditor.
Anybody else seeing this?
opened 07:45PM - 07 Feb 24 UTC
Type:Bug
### Affected Version of Concrete CMS
9.2.5
### Description
When editing… text in a content block, a warning is shown "This CKEditor 4.22.1 (Standard) version is not secure. Consider [upgrading to the latest one](https://ckeditor.com/ckeditor-4-support/), 4.24.0-lts."
### Screenshot
### How to reproduce
Edit a basic content block.
### Possible Solution
Upgrade to 4.24.0-lts
### Temporary solution (CSS)
`/* hide CKEditor warning */
.cke_notification.cke_notification_warning {
display: none;
}`
### Additional Context
https://ckeditor.com/cke4/release-notes
Yeah seeing this also on a version 8 site, I see someone posted a ‘Fix’ was to edit the config file and add config.versionCheck = false; but I can’t get it to work?@andrew has a working fix in the Github page posted by @jero
Steevb
February 8, 2024, 12:54pm
4
Got the same issue on three updated sites (9.2.5).
We have the same this morning on a bunch of sites. We’re getting it on 5.8.13 and 5.8.14 but older versions 8.5.4 seem fine. Just waiting for all the clients to start calling.
Have hundreds of websites concerned, so I just added, 'versionCheck' => false
to this file, line 143, to quickfix this problem, waiting for an official fix.
'baseFloatZIndex' => 1990, /* Must come below modal variable in variables.less */
'image2_captionedClass' => 'content-editor-image-captioned',
'image2_alignClasses' => [
'content-editor-image-left',
'content-editor-image-center',
'content-editor-image-right',
],
'toolbarGroups' => $this->config->get('editor.ckeditor4.toolbar_groups'),
'snippets' => $snippetsAndClasses->snippets,
'classes' => $snippetsAndClasses->classes,
'sitemap' => $this->allowSitemap()
];
$customOptions = $this->config->get('editor.ckeditor4.custom_config_options');
if (!is_array($customOptions)) {
$customOptions = [];
}
$options = json_encode($dynamicOptions + $customOptions + $defaultOptions);
$removeEmptyIcon = '$removeEmpty[\'i\']';
There seems to be more discussion going on here about this issue This CKEditor 4.22.1 (Standard) version is not secure. Consider upgrading to the latest one, 4.24.0-lts. · Issue #11931 · concretecms/concretecms · GitHub
andrew
February 13, 2024, 12:16am
8
Here is a lengthy summary of the issue – incidentally, this message should have disappeared for everyone even without these updates.
On February 7th, 2024, we received a bug report that the rich text editor in Concrete CMS 8 and 9 was displaying a strange and alarming warning:
This warning states “This CKEditor 4.22.1 (Standard) version is not secure. Consider upgrading to the latest one, 4.24.0-lts.”
Naturally, this has prompted concern and confusion from our customers and members in our community, and I feel it’s important to address it. Here’s what I know about this, what caused it, what it’s regarding specifically, ou…
1 Like