--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2021-2f9b2cf4af
2021-09-29 00:48:30.971489
--------------------------------------------------------------------------------
Name : ckeditor
Product : Fedora EPEL 7
Version : 4.16.2
Release : 1.el7
URL :
http://ckeditor.com/
Summary : WYSIWYG text editor to be used inside web pages
Description :
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG editor,
which means that the text being edited on it looks as similar as possible to
the results users have when publishing it. It brings to the web common editing
features found on desktop editing applications like Microsoft Word and
OpenOffice.
--------------------------------------------------------------------------------
Update Information:
## CKEditor 4.16.2 **Security Updates:** * Fixed XSS vulnerability in the
[
Clipboard](https://ckeditor.com/cke4/addon/clipboard) plugin reported by [Anton
Subbotin](https://github.com/skavans). Issue summary: The vulnerability
allowed to abuse paste functionality using malformed HTML, which could result in
injecting arbitrary HTML into the editor. See [security advisory](https://github
.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg) for more
details. * Fixed XSS vulnerability in the
[
Widget](https://ckeditor.com/cke4/addon/widget) plugin reported by [Anton
Subbotin](https://github.com/skavans). Issue summary: The vulnerability
allowed to abuse undo functionality using malformed
[
Widget](https://ckeditor.com/cke4/addon/widget) HTML, which could result in
executing JavaScript code. See [security
advisory](https://github.com/ckeditor/c
keditor4/security/advisories/GHSA-6226-h7ff-ch6c) for more details. * Fixed XSS
vulnerability in the [Fake
Objects](https://ckeditor.com/cke4/addon/fakeobjects)
plugin reported by [Mika
Kulmala](https://github.com/kulmik). Issue
summary: The vulnerability allowed to inject malformed [Fake
Objects](https://ckeditor.com/cke4/addon/fakeobjects) HTML, which could result
in executing JavaScript code. See [security
advisory](https://github.com/ckedito
r/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc) for more details. You can
read more details in the relevant security advisory and [contact
us](security(a)cksource.com) if you have more questions. **An upgrade is highly
recommended!** Fixed Issues: *
[#4777](https://github.com/ckeditor/ckeditor4/issues/4777): Fixed: HTML comments
in widgets not processed correctly. *
[#4733](https://github.com/ckeditor/ckeditor4/pull/4733): Fixed:
[
Link](https://ckeditor.com/cke4/addon/link) prevent duplicate anchors in text
with styles. *
[#4728](https://github.com/ckeditor/ckeditor4/issues/4728): Fixed: Multiple
anchors in one line and multi-line with text style. *
[#3863](https://github.com/ckeditor/ckeditor4/issues/3863): Fixed: Multiple
anchors in single word with text style. *
[#3819](https://github.com/ckeditor/ckeditor4/issues/3819): [Chrome] Fixed:
After removing one of the two consecutive spaces, the ` ` character appears
in the editor instead of a space. *
[#4666](https://github.com/ckeditor/ckeditor4/pull/4666): [IE] Introduce
CSS.escape polyfill. Thanks to [
limingli0707](https://github.com/limingli0707)!
* [#681](https://github.com/ckeditor/ckeditor4/issues/681): Fixed: Table
elements (td, tr, th, ..) with an id that starts with dot (.) causes javascript
runtime err. * [#641](https://github.com/ckeditor/ckeditor4/issues/641):
Fixed: UploadImage Plugin Widgets not working in IE, Opera, Safari, PhantomJS. *
[#3638](https://github.com/ckeditor/ckeditor4/issues/3638): Fixed: Opening the
same dialog twice causes it to become hidden under the dialog's page cover. *
[#4247](https://github.com/ckeditor/ckeditor4/issues/4247): Fixed: [Color
Button](https://ckeditor.com/cke4/addon/colorbutton)'s incorrect rendering on
the first opening. * [#4555](https://github.com/ckeditor/ckeditor4/issues/4555):
Fixed: [
Font](https://ckeditor.com/cke4/addon/font) styles with attributes are
not applied correctly when used multiple times over the same selection. *
[#4782](https://github.com/ckeditor/ckeditor4/issues/4782): [Firefox] Fixed:
`TypeError` is thrown when switching to Source View and back while
[
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) plugin is enabled.
## CKEditor 4.16.1 Fixed Issues: *
[#4617](https://github.com/ckeditor/ckeditor4/issues/4617): Fixed:
[
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) is not accessible
in inline editors. * [#4493](https://github.com/ckeditor/ckeditor4/issues/4493):
Fixed: The [
drop-down](https://ckeditor.com/cke4/addon/richcombo) label does not
reflect the current value of the drop-down. *
[#1572](https://github.com/ckeditor/ckeditor4/issues/1572): Fixed: A paragraph
before or after a [
widget](https://ckeditor.com/cke4/addon/widget) cannot be
removed. Thanks to [
bunglegrind](https://github.com/bunglegrind)! *
[#4301](https://github.com/ckeditor/ckeditor4/issues/4301): Fixed: Pasted
content is overwritten when pasted in an initially empty editor with the [`div`
Enter
mode](https://ckeditor.com/docs/ckeditor4/latest/features/enterkey.html).
* [#4351](https://github.com/ckeditor/ckeditor4/issues/4351): Fixed: Incorrect
values for RGBA/HSLA colors in [Color
Dialog](https://ckeditor.com/cke4/addon/colordialog). *
[#4509](https://github.com/ckeditor/ckeditor4/issues/4509): Fixed: Incorrect
handling of drag & drop inside [
widgets](https://ckeditor.com/cke4/addon/widget)
and nested editables. *
[#4611](https://github.com/ckeditor/ckeditor4/issues/4611): [Android, iOS]
Fixed: Incorrect hover styles for buttons in the toolbar on mobile devices. *
[#4652](https://github.com/ckeditor/ckeditor4/issues/4652): Fixed: [Event
data](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_eventInfo.h...
set to `false` is treated as an event cancelation. *
[#4659](https://github.com/ckeditor/ckeditor4/issues/4659): Fixed: [`CKEDITOR.ht
mlParser`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_htmlPa...
ml) does not treat `--!>` as a comment end tag correctly. ## CKEditor 4.16
**Security Updates:** * Fixed ReDoS vulnerability in the
[
Autolink](https://ckeditor.com/cke4/addon/autolink) plugin. Issue
summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by
persuading a victim to paste a specially crafted URL-like text into the editor
and press <kbd>Enter</kbd> or <kbd>Space</kbd>. * Fixed ReDoS
vulnerability in
the [Advanced Tab for
Dialogs](https://ckeditor.com/cke4/addon/dialogadvtab)
plugin. Issue summary: It was possible to execute a ReDoS-type attack
inside CKEditor 4 by persuading a victim to paste a specially crafted text into
the Styles dialog. **An upgrade is highly recommended!** New Features: *
[#2800](https://github.com/ckeditor/ckeditor4/issues/2800): Unsupported image
formats are now gracefully handled by the [Paste from
Word](https://ckeditor.com/cke4/addon/pastefromword) plugin on paste,
additionally showing descriptive error messages. *
[#2800](https://github.com/ckeditor/ckeditor4/issues/2800): Unsupported image
formats are now gracefully handled by the [Paste from
LibreOffice](https://ckeditor.com/cke4/addon/pastefromlibreoffice) plugin on
paste, additionally showing descriptive error messages. *
[#3582](https://github.com/ckeditor/ckeditor4/issues/3582): Introduced smart
positioning of the [
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete)
panel used by the [
Mentions](https://ckeditor.com/cke4/addon/mentions) and
[
Emoji](https://ckeditor.com/cke4/addon/emoji) plugins. The panel will now be
additionally positioned related to the browser viewport to be always fully
visible. * [#4388](https://github.com/ckeditor/ckeditor4/issues/4388): Added the
option to remove an iframe created with the [IFrame
Dialog](https://ckeditor.com/cke4/addon/iframe) plugin from the sequential
keyboard navigation using the `tabindex` attribute. Thanks to [Timo
Kirkkala](https://github.com/kirkkala)! Fixed Issues: *
[#1134](https://github.com/ckeditor/ckeditor4/issues/1134): [Safari] Fixed:
[Paste from
Word](https://ckeditor.com/cke4/addon/pastefromword) does not embed
images. * [#2800](https://github.com/ckeditor/ckeditor4/issues/2800): Fixed: No
images are imported from Microsoft Word when the content is pasted via the
[Paste from
Word](https://ckeditor.com/cke4/addon/pastefromword) plugin if there
is at least one image of unsupported format. *
[#4379](https://github.com/ckeditor/ckeditor4/issues/4379): [Edge] Fixed:
Incorrect detection of the [high contrast
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_a11y.html#high-
contrast-mode). * [#4422](https://github.com/ckeditor/ckeditor4/issues/4422):
Fixed: Missing space between the button name and the keyboard shortcut inside
the button label in the [high contrast
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_a11y.html#high-
contrast-mode). * [#2208](https://github.com/ckeditor/ckeditor4/issues/2208):
[IE] Fixed: The [
Autolink](https://ckeditor.com/cke4/addon/autolink) plugin
duplicates the native browser implementation. *
[#1824](https://github.com/ckeditor/ckeditor4/issues/1824): Fixed: The
[
Autolink](https://ckeditor.com/cke4/addon/autolink) plugin should require the
[
Link](https://ckeditor.com/cke4/addon/link) plugin. *
[#4253](https://github.com/ckeditor/ckeditor4/issues/4253): Fixed: The [Editor
Placeholder](https://ckeditor.com/cke4/addon/editorplaceholder) plugin throws an
error during the editor initialization with [`config.fullPage`](https://ckeditor
.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-fullPage) enabled when
there is no `<body>` tag in the editor content. *
[#4372](https://github.com/ckeditor/ckeditor4/issues/4372): Fixed: The
[
Autogrow](https://ckeditor.com/cke4/addon/autogrow) plugin changes the editor's
width when used with an absolute [`config.width`](https://ckeditor.com/docs/cked
itor4/latest/api/CKEDITOR_config.html#cfg-width) value. API Changes: *
[#4358](https://github.com/ckeditor/ckeditor4/issues/4358): Introduced the [`CKE
DITOR.tools.color`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDIT...
s_color.html) class which adds colors validation and methods for converting
colors between various formats: named colors, HEX, RGB, RGBA, HSL and HSLA. *
[#3782](https://github.com/ckeditor/ckeditor4/issues/3782): Moved the [`CKEDITOR
.plugins.pastetools.filters.word.images`](https://ckeditor.com/docs/ckeditor4/la
test/api/CKEDITOR_plugins_pastetools_filters_word_images.html) filters to the [`
CKEDITOR.plugins.pastetools.filters.image`](https://ckeditor.com/docs/cke...
latest/api/CKEDITOR_plugins_pastetools_filters_image.html) namespace. *
[#4297](https://github.com/ckeditor/ckeditor4/issues/4297): All [`CKEDITOR.plugi
ns.pastetools.filters`](https://ckeditor.com/docs/ckeditor4/latest/api/CK...
plugins_pastetools_filters.html) are now available under the [`CKEDITOR.pasteToo
ls`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR.html#property-
pasteTools) alias. * [#4394](https://github.com/ckeditor/ckeditor4/issues/4394):
Introduced [`CKEDITOR.ajax`](https://ckeditor.com/docs/ckeditor4/latest/api/CKED
ITOR_ajax.html) specialized loading methods for loading binary ([`CKEDITOR.ajax.
loadBinary()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_aj...
#method-loadBinary)) and text ([`CKEDITOR.ajax.loadText()`](https://ckeditor.com
/docs/ckeditor4/latest/api/CKEDITOR_ajax.html#method-loadText)) data. Other
Changes: * The [
WebSpellChecker](https://ckeditor.com/cke4/addon/wsc) (WSC)
plugin is now disabled by default in [Standard and Full
presets](https://ckeditor.com/cke4/presets). It can be enabled via [`extraPlugin
s`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-
extraPlugins) configuration option. ## CKEditor 4.15.1 **Security Updates:**
* Fixed XSS vulnerability in the [Color History
feature](https://ckeditor.com/do
cs/ckeditor4/latest/features/colorbutton.html#color-history) reported by [Mark
Wade](https://github.com/mark-wade). Issue summary: It was possible to
execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a
specially crafted HTML code into the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton) dialog. **An upgrade is
highly recommended!** Fixed Issues: *
[#4293](https://github.com/ckeditor/ckeditor4/issues/4293): Fixed: The [`CKEDITO
R.inlineAll()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR.h...
hod-inlineAll) method tries to initialize inline editor also on elements with an
editor already attached to them. *
[#3961](https://github.com/ckeditor/ckeditor4/issues/3961): Fixed: The [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin prevents editing of
merged cells. * [#3649](https://github.com/ckeditor/ckeditor4/issues/3649):
Fixed: Applying a [block
format](https://ckeditor.com/docs/ckeditor4/latest/features/format.html) should
remove existing block styles. *
[#4282](https://github.com/ckeditor/ckeditor4/issues/4282): Fixed: The [script l
oader](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_scriptLoad...
) does not execute callback for scripts already loaded when called for the
second time. Thanks to [Alexander
Korotkevich](https://github.com/aldoom)! *
[#4273](https://github.com/ckeditor/ckeditor4/issues/4273): Fixed: A memory leak
in the [`CKEDITOR.domReady()`](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR.html#method-domReady) method connected with not removing `load` event
listeners. Thanks to [
rohit1](https://github.com/rohit1)! *
[#1330](https://github.com/ckeditor/ckeditor4/issues/1330): Fixed: Incomplete
CSS margin parsing if an `auto` or `0` value is used. *
[#4286](https://github.com/ckeditor/ckeditor4/issues/4286): Fixed: The [Auto
Grow](https://ckeditor.com/cke4/addon/autogrow) plugin causes the editor width
to be set to `0` on editor resize. *
[#848](https://github.com/ckeditor/ckeditor4/issues/848): Fixed: Arabic text not
being "bound" correctly when pasting. Thanks to [Thomas
Hunkapiller](https://github.com/devoidfury) and [J. Ivan Duarte
Rodr��guez](https://github.com/jidrone-mbm)! API Changes: *
[#3649](https://github.com/ckeditor/ckeditor4/issues/3649): Added a new [`styles
Remove`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor.h...
nt-stylesRemove) editor event. Other Changes: *
[#4262](https://github.com/ckeditor/ckeditor4/issues/4262): Removed the global
reference to the `stylesLoaded` variable. Thanks to [Levi
Carter](https://github.com/swiftMessenger)! * Updated the [Export to
PDF](https://ckeditor.com/cke4/addon/exportpdf) plugin to `1.0.1` version:
* Improved external CSS support for [classic
editor](https://ckeditor.com/docs/ckeditor4/latest/examples/classic.html) by
handling exceptions and displaying convenient [error messages](https://ckeditor.
com/docs/ckeditor4/latest/guide/dev_errors.html#exportpdf-stylesheets-
incaccessible). ## CKEditor 4.15 New features: *
[#3940](https://github.com/ckeditor/ckeditor4/issues/3940): Introduced the
`colorName` property for customizing foreground and background styles in the
[Color
Button](https://ckeditor.com/cke4/addon/colorbutton) plugin via the [`con
fig.colorButton_foreStyle`](https://ckeditor.com/docs/ckeditor4/latest/ap...
TOR_config.html#cfg-colorButton_foreStyle) and [`config.colorButton_backStyle`](
https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-
colorButton_backStyle) configuration options. *
[#3793](https://github.com/ckeditor/ckeditor4/issues/3793): Introduced the
[Editor
Placeholder](https://ckeditor.com/cke4/addon/editorplaceholder) plugin.
* [#1795](https://github.com/ckeditor/ckeditor4/issues/1795): The colors picked
from the [Color
Dialog](https://ckeditor.com/cke4/addon/colordialog) are now
stored in the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton)
palette and can be reused easily. *
[#3783](https://github.com/ckeditor/ckeditor4/issues/3783): The colors used in
the document are now displayed as a part of the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton) palette. Fixed Issues: *
[#4060](https://github.com/ckeditor/ckeditor4/issues/4060): Fixed: The content
inside a [
widget](https://ckeditor.com/cke4/addon/widget) nested editable is
escaped twice. * [#4183](https://github.com/ckeditor/ckeditor4/issues/4183):
[Safari] Fixed: Incorrect image dimensions when using the [Easy
Image](https://ckeditor.com/cke4/addon/easyimage) plugin alongside the [IFrame
Editing
Area](https://ckeditor.com/cke4/addon/wysiwygarea) plugin. *
[#3693](https://github.com/ckeditor/ckeditor4/issues/3693): Fixed: Incorrect
default values for several [Color
Button](https://ckeditor.com/cke4/addon/colorbutton) configuration variables in
the API documentation. *
[#3795](https://github.com/ckeditor/ckeditor4/issues/3795): Fixed: Setting the [
`config.dataIndentationChars`](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR_config.html#cfg-dataIndentationChars) configuration option to an empty
string is ignored and replaced by a tab (`\t`) character. Thanks to [Thomas
Grinderslev](https://github.com/Znegl)! *
[#4107](https://github.com/ckeditor/ckeditor4/issues/4107): Fixed: Multiple
[
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) instances cause
keyboard navigation issues. *
[#4041](https://github.com/ckeditor/ckeditor4/issues/4041): Fixed: The[`selectio
n.scrollIntoView`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITO...
election.html#method-scrollIntoView) method throws an error when the editor
selection is not set. *
[#3361](https://github.com/ckeditor/ckeditor4/issues/3361): Fixed: Loading
multiple [custom editor
configurations](https://ckeditor.com/docs/ckeditor4/late
st/api/CKEDITOR_config.html#cfg-customConfig) is prone to a race condition
between these. * [#4007](https://github.com/ckeditor/ckeditor4/issues/4007):
Fixed: Screen readers do not announce the [Rich
Combo](https://ckeditor.com/cke4/addon/richcombo) plugin is collapsed or
expanded. * [#4141](https://github.com/ckeditor/ckeditor4/issues/4141): Fixed:
The styles are incorrectly applied when there is a `<select>` element inside the
editor. ## CKEditor 4.14.1 Fixed Issues: *
[#2607](https://github.com/ckeditor/ckeditor4/issues/2607): Fixed: The
[
Emoji](https://ckeditor.com/cke4/addon/emoji) plugin SVG icons file is not
loaded in CORS context. *
[#3866](https://github.com/ckeditor/ckeditor4/issues/3866): Fixed: The [`config.
readOnly`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config...
fg-readOnly) configuration option not considered for startup read-only mode of
inline editor. * [#3931](https://github.com/ckeditor/ckeditor4/issues/3931):
[IE] Fixed: An error is thrown when pasting using the Paste button after
accepting the browser Clipboard Access Prompt dialog. *
[#3938](https://github.com/ckeditor/ckeditor4/issues/3938): Fixed: Cannot
navigate the [
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) panel
with the keyboard after switching to source mode. *
[#2823](https://github.com/ckeditor/ckeditor4/issues/2823): [IE] Fixed: Cannot
resize the last table column using the [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin. *
[#909](https://github.com/ckeditor/ckeditor4/issues/909): Fixed: The [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin does not work when
the editor is placed in an absolutely positioned container. Thanks to [Roland
Petto](https://github.com/arpi68)! *
[#1959](https://github.com/ckeditor/ckeditor4/issues/1959): Fixed: The [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin does not work in a
[
maximized](https://ckeditor.com/cke4/addon/maximize) editor when the [Div
Editing
Area](https://ckeditor.com/cke4/addon/divarea) feature is enabled.
Thanks to [Roland
Petto](https://github.com/arpi68)! *
[#3156](https://github.com/ckeditor/ckeditor4/issues/3156): Fixed:
[
Autolink](https://ckeditor.com/cke4/addon/autolink) [`config.autolink_urlRegex`
](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-
autolink_urlRegex) and [`config.autolink_emailRegex`](https://ckeditor.com/docs/
ckeditor4/latest/api/CKEDITOR_config.html#cfg-autolink_emailRegex) options are
not customizable. Thanks to [Sergiy
Dobrovolsky](https://github.com/serggoodwill)! *
[#624](https://github.com/ckeditor/ckeditor4/issues/624): Fixed:
[
Notification](https://ckeditor.com/cke4/addon/notification) does not work with
the [bottom toolbar
location](https://ckeditor.com/docs/ckeditor4/latest/api/CKE
DITOR_config.html#cfg-toolbarLocation). *
[#3000](https://github.com/ckeditor/ckeditor4/issues/3000): Fixed: [Auto
Embed](https://ckeditor.com/cke4/addon/autoembed) does not work with the [bottom
toolbar
location](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config
.html#cfg-toolbarLocation). *
[#1883](https://github.com/ckeditor/ckeditor4/issues/1883): Fixed: The [`editor.
resize()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor...
ethod-resize) method does not work with CSS units. *
[#3926](https://github.com/ckeditor/ckeditor4/issues/3926): Fixed: Dragging and
dropping a [
widget](https://ckeditor.com/cke4/addon/widget) sometimes produces
an error. * [#4008](https://github.com/ckeditor/ckeditor4/issues/4008): Fixed:
[Remove
Format](https://ckeditor.com/cke4/addon/removeformat) does not work with
a collapsed selection. *
[#3998](https://github.com/ckeditor/ckeditor4/issues/3998): Fixed: An error is
thrown when switching to the [source
mode](https://ckeditor.com/cke4/addon/sourcearea) using a custom
<kbd>Ctrl</kbd>
+ <kbd>Enter</kbd>
[
keystroke](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR_editor.html#method-setKeystroke) with the
[
Widget](https://ckeditor.com/cke4/addon/widget) plugin present. Other Changes:
* Updated [
WebSpellChecker](https://ckeditor.com/cke4/addon/wsc) (WSC) and
[
SpellCheckAsYouType](https://ckeditor.com/cke4/addon/scayt) (SCAYT) plugins:
* Fixed: Active [
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete)
panel causes active suggestions to be unnecessarily checked by the SCAYT spell
checking mechanism.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2021 Shawn Iwinski <shawn(a)iwin.ski> - 4.16.2-1
- Update to 4.16.2 (RHBZ #1847904)
-
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-... /
CVE-2021-37695 (RHBZ #1993490, 1993489)
- CVE-2021-33829 (RHBZ #1974731, 1974730)
-
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-... /
CVE-2021-32809 (RHBZ #1993487, 1993486)
-
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-... /
CVE-2021-32808 (RHBZ #1993484, 1993483)
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1847904 - ckeditor-4.16.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1847904
[ 2 ] Bug #1974730 - CVE-2021-33829 ckeditor: cross-site scripting allows remote
attackers to inject executable JavaScript code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1974730
[ 3 ] Bug #1974731 - CVE-2021-33829 ckeditor: cross-site scripting allows remote
attackers to inject executable JavaScript code [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1974731
[ 4 ] Bug #1993483 - CVE-2021-32808 ckeditor: widget feature vulnerability allowing to
execute JavaScript code using undo functionality [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1993483
[ 5 ] Bug #1993484 - CVE-2021-32808 ckeditor: widget feature vulnerability allowing to
execute JavaScript code using undo functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1993484
[ 6 ] Bug #1993486 - CVE-2021-32809 ckeditor: clipboard feature vulnerability allowing
to inject arbitrary HTML into the editor using paste functionality [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1993486
[ 7 ] Bug #1993487 - CVE-2021-32809 ckeditor: clipboard feature vulnerability allowing
to inject arbitrary HTML into the editor using paste functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1993487
[ 8 ] Bug #1993489 - CVE-2021-37695 ckeditor: fake objects feature vulnerability
allowing to execute JavaScript code using malformed HTML [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1993489
[ 9 ] Bug #1993490 - CVE-2021-37695 ckeditor: fake objects feature vulnerability
allowing to execute JavaScript code using malformed HTML [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1993490
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update ckeditor' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------