Released: Jan 27, 2015
Download .zip or .gzip
#12825: Fixed: Preventing the Table Resize plugin from operating on elements outside the editor. Thanks to Paul Martin!
#12157: Fixed: Lost text formatting on pressing Tab when the config.tabSpaces configuration option value was greater than zero.
#12777: Fixed: The table-layout CSS property should be reset by skins. Thanks to vita10gy!
#12812: Fixed: An uncaught security exception is thrown when Line Utilities are used in an inline editor loaded in a cross-domain iframe. Thanks to Vitaliy Zurian!
#12735: Fixed: config.fillEmptyBlocks should only apply when outputting data.
#10032: Fixed: Paste from Word filter is executed for every paste after using the button.
#12597: [Blink/Webkit] Fixed: Multi-byte Japanese characters entry not working properly after Shift+Enter.
#12387: Fixed: An error is thrown if a skin does not have the chameleon property defined and config.uiColor is defined.
#12747: [IE8-10] Fixed: Opening a drop-down for a specific selection when the editor is maximized results in incorrect drop-down panel position.
#12850: [IEQM] Fixed: An error is thrown after focusing the editor.
Released: Nov 25, 2014
Download .zip or .gzip
Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
#12501: Allowed dashes in element names in the string format of allowed content rules.
#12550: Added the <main> element to the CKEDITOR.dtd.
#12506: [Safari] Fixed: Cannot paste into inline editor if the page has user-select: none style. Thanks to shaohua!
#12683: Fixed: Filter fails to remove custom tags. Thanks to timselier!
#12489 and #12491: Fixed: Various issues related to restoring the selection after performing operations on filler character. See the fixed cases.
#12621: Fixed: Cannot remove inline styles (bold, italic, etc.) in empty lines.
#12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
#11647: Fixed: The editor.blur event is not fired on first blur after initializing the inline editor on an already focused element.
#12601: Fixed: Strikethrough button tooltip spelling.
#12546: Fixed: The Preview tab in the Document Properties dialog window is always disabled.
#12300: Fixed: The editor.change event fired on first navigation key press after typing.
#12141: Fixed: List items are lost when indenting a list item with content wrapped with a block element.
#12515: Fixed: Cursor is in the wrong position when undoing after adding an image and typing some text.
#12484: [Blink/Webkit] Fixed: DOM is changed outside the editor area in a certain case.
#12688: Improved the tests of the styles system and fixed two minor issues.
#12403: Fixed: Changing the font style should not lead to nesting it in the previous style element.
#12609: Fixed: Incorrect config.magicline_putEverywhere name used for a Magic Line all-encompassingconfig.magicline_everywhere configuration option.