@ckeditor/ckeditor5-core
Advanced tools
Changelog
41.3.1 (April 16, 2024)
We are happy to announce the release of CKEditor 5 v41.3.1.
The release addresses a vulnerability identified in the protobuf.js package (CVE-2023-36665), used within our @ckeditor/ckeditor5-operations-compressor package for real-time collaboration.
Our analysis confirms that this vulnerability does not affect CKEditor 5. None of the vulnerable code in the protobuf.js package is utilized in CKEditor 5, as we use protobuf’s minimal build type.
This release primarily aims to ensure that our customers using real-time collaboration features do not encounter unnecessary security alerts from their scanning tools. We are committed to maintaining the highest security standards, and this update reflects our ongoing efforts to safeguard user environments proactively.
TemplateDefinition#data type in the @ckeditor/ckeditor5-template config. Now, it should be possible to define a string or a function returning a string instead of just a function returning a string.Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
Readme
This package implements CKEditor 5's core editor architecture – a set of classes and interfaces which glue everything together.
For general introduction see the Overview of CKEditor 5 framework guide and then the core editor architecture guide.
Additionally, see the @ckeditor/ckeditor5-core package page in CKEditor 5 documentation for even more information.
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md file or https://ckeditor.com/legal/ckeditor-oss-license.
FAQs
The core architecture of CKEditor 5 – the best browser-based rich text editor.
The npm package @ckeditor/ckeditor5-core receives a total of 426,303 weekly downloads. As such, @ckeditor/ckeditor5-core popularity was classified as popular.
We found that @ckeditor/ckeditor5-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.