@ckeditor/ckeditor5-ui
Advanced tools
Changelog
41.3.1 (April 16, 2024)
We are happy to announce the release of CKEditor 5 v41.3.1.
The release addresses a vulnerability identified in the protobuf.js package (CVE-2023-36665), used within our @ckeditor/ckeditor5-operations-compressor package for real-time collaboration.
Our analysis confirms that this vulnerability does not affect CKEditor 5. None of the vulnerable code in the protobuf.js package is utilized in CKEditor 5, as we use protobuf’s minimal build type.
This release primarily aims to ensure that our customers using real-time collaboration features do not encounter unnecessary security alerts from their scanning tools. We are committed to maintaining the highest security standards, and this update reflects our ongoing efforts to safeguard user environments proactively.
TemplateDefinition#data type in the @ckeditor/ckeditor5-template config. Now, it should be possible to define a string or a function returning a string instead of just a function returning a string.Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
Readme
This package implements a simple UI framework and CKEditor 5's standard UI library.
Check out the editor toolbar demo and block toolbar demo in CKEditor 5 documentation.
See the @ckeditor/ckeditor5-ui package page in CKEditor 5 documentation.
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md file or https://ckeditor.com/legal/ckeditor-oss-license.
FAQs
The UI framework and standard UI library of CKEditor 5.
The npm package @ckeditor/ckeditor5-ui receives a total of 334,806 weekly downloads. As such, @ckeditor/ckeditor5-ui popularity was classified as popular.
We found that @ckeditor/ckeditor5-ui demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.