CKEditor 4.12.1

Fixed Issues:

• #3220: Fixed: Prevent Paste from Word filter from deleting Page Break elements on paste.

CKEditor 4.11.4

Fixed Issues:

• #589: Fixed: The editor causes memory leaks in create and destroy cycles.
• #1397: Fixed: Using the dialog to remove headers from a table with one header row only throws an error.
• #1479: Fixed: Justification for styled content in BR mode is disabled.
• #2816: Fixed: Enhanced Image resize handler is visible in read-only mode.
• #2874: Fixed: Enhanced Image resize handler is not created when the editor is initialized in read-only mode.
• #2775: Fixed: Clipboard paste buttons have wrong state when read-only mode is set by the mouse event listener with the Div Editing Area plugin.
• #1901: Fixed: Cannot open the context menu over a Widget with the <kbd>Shift</kbd>+<kbd>F10</kbd> keyboard shortcut.

Other Changes:

• Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
  • Language dictionary update: German language was extended with over 600k new words.
  • Language dictionary update: Swedish language was extended with over 300k new words.
  • Grammar support added for Australian and New Zealand English, Polish, Slovak, Slovenian and Austrian languages.
  • Changed wavy red and green lines that underline spelling and grammar errors to straight ones.
  • #55: Fixed: WSC does not use CKEDITOR.getUrl() when referencing style sheets.
  • #166: Fixed: SCAYT does not use CKEDITOR.getUrl() when referencing style sheets.
  • #56: [Chrome] Fixed: SCAYT/WSC throws errors when running inside a Chrome extension.
  • Fixed: After removing a dictionary, the words are not underlined and considered as incorrect.
  • Fixed: The Slovenian (sl_SL) language does not work.
  • Fixed: Quotes with code U+2019 (Right single quotation mark) are considered separators.
  • Fixed: Wrong error message formatting when the service ID is invalid.
  • Fixed: Absent languages in the Languages tab when using SCAYT with the Shared Spaces plugin.

CKEditor 4.11.3

Fixed Issues:

• #2721, #487: Fixed: The order of sublist items is reversed when a higher level list item is removed.
• #2527: Fixed: Emoji autocomplete order does not prioritize emojis with the name starting from the used string.
• #2572: Fixed: Icons in the Emoji dropdown navigation groups are not centered.
• #1191: Fixed: Items in the elements path are draggable.
• #2292: Fixed: Dropping a list with a link on the editor's margin causes a console error and removes the dragged text from editor.
• #2756: Fixed: The Auto Link plugin causes an error when typing in the source editing mode.
• #1986: Fixed: The Cell Properties dialog from the Table Tools plugin shows styles that are not allowed through config.allowedContent.
• #2565: [IE, Edge] Fixed: Buttons in the editor toolbar are activated by clicking them with the right mouse button.
• #2792: Fixed: A bug in the Copy Formatting plugin that caused the following issues:
  • #2780: Fixed: Undo steps disappear after multiple changes of selection.
  • #2470: [Firefox] Fixed: Widget's nested editable gets blurred upon focus.
  • #2655: [Chrome, Safari] Fixed: Widget's nested editable cannot be focused under certain circumstances.

CKEditor 4.11.2

Fixed Issues:

• #2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks.
• #2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the wrapping table.
• #2451: Fixed: The Remove Format plugin changes selection.
• #2546: Fixed: The separator in the toolbar moves when buttons are focused.
• #2506: Fixed: Enhanced Image throws a type error when an empty <figure> tag with an image class is upcasted.
• #2650: Fixed: Table dialog validator fails when the getValue() function is defined in the global scope.
• #2690: Fixed: Decimal characters are removed from the inside of numbered lists when pasting content using the Paste from Word plugin.
• #2205: Fixed: It is not possible to add new list items under an item containing a block element.
• #2411, #2438 Fixed: Apply numbered list option throws a console error for a specific markup.
• #2430 Fixed: Color Button and List Block items are draggable.

Other Changes:

• Updated the WebSpellChecker (WSC) plugin:
  • #52 Fixed: Clicking "Finish Checking" without a prior action would hang the Spell Checking dialog.
• #2603: Corrected the GPL license entry in the package.json file.

CKEditor 4.11.1

Fixed Issues:

• #2571: Fixed: Clicking the categories in the Emoji dropdown panel scrolls the entire page.

CKEditor 4.10.1

Fixed Issues:

• #2114: Fixed: Autocomplete cannot be initialized before instanceReady.
• #2107: Fixed: Holding and releasing the mouse button is not inserting an autocomplete suggestion.
• #2167: Fixed: Matching in Emoji plugin is not case insensitive.
• #2195: Fixed: Emoji shows the suggestion box when the colon is preceded with other characters than white space.
• #2169: [Edge] Fixed: Error thrown when pasting into the editor.
• #1084 Fixed: Using the "Automatic" option with Color Button on a text with the color already defined sets an invalid color value.
• #2271: Fixed: Custom color name not used as a label in the Color Button plugin. Thanks to Eric Geloen!
• #2296: Fixed: The Color Button plugin throws an error when activated on content containing HTML comments.
• #966: Fixed: Executing editor.destroy() during the file upload throws an error. Thanks to Maksim Makarevich!
• #1719: Fixed: <kbd>Ctrl</kbd>/<kbd>Cmd</kbd> + <kbd>A</kbd> inadvertently focuses inline editor if it is starting and ending with a list. Thanks to theNailz!
• #1046: Fixed: Subsequent new links do not include the id attribute. Thanks to Nathan Samson!
• #1348: Fixed: Enhanced Image plugin aspect ratio locking uses an old width and height on image URL change.
• #1791: Fixed: Image and Enhanced Image plugins can be enabled when Easy Image is present.
• #2254: Fixed: Image ratio locking is too precise for resized images. Thanks to Jonathan Gilbert!
• #1184: [IE8-11] Fixed: Copying and pasting data in read-only mode throws an error.
• #1916: [IE9-11] Fixed: Pressing the <kbd>Delete</kbd> key in read-only mode throws an error.
• #2003: [Firefox] Fixed: Right-clicking multiple selected table cells containing empty paragraphs removes the selection.
• #1816: Fixed: Table breaks when <kbd>Enter</kbd> is pressed over the Table Selection plugin.
• #1115: Fixed: The <font> tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.
• #727: Fixed: Custom styles may be invisible in the Styles Combo plugin.
• #988: Fixed: ACF-enabled custom elements prefixed with object, embed, param are removed from the editor content.

API Changes:

• #2249: Added the editor.plugins.detectConflict() method finding conflicts between provided plugins.

CKEditor 4.9.2

Security Updates:

• Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein.

  Issue summary: It was possible to execute XSS inside CKEditor using the <img> tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.

We would like to thank the Drupal security team for bringing this matter to our attention and coordinating the fix and release process!