Report: 2024 State of Collaborative Editing

Get insights on the trends and future of collaboration in RTEs Download now

Read now

CKEditor v43.1.1 Release Highlights: Security fix introduced

We’re releasing CKEditor 5 v43.1.1 to address a Cross-Site Scripting (XSS) vulnerability (CVE-2024-45613) discovered in the clipboard package, during a recent internal audit.

What is the latest version of CKEditor?

The latest version of CKEditor is v43.1.1 and includes an important security fix. We highly recommend updating to the latest version to keep your application secure.

UPDATED Security Fix for Clipboard Package

During an internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 clipboard package (CVE-2024-45613). This vulnerability could potentially allow unauthorized JavaScript execution under specific configurations triggered by user actions.

This vulnerability impacts only those installations with the following editor configuration:

  1. The Block Toolbar plugin is enabled.
  2. One of the following plugins is also enabled:
    1. General HTML Support with a configuration that permits unsafe markup.
    2. HTML Embed

For more details you can refer to the security advisory or contact us if you have more questions.

Additionally, in this release we have implemented further hardening measures in parts of our codebase to address theoretical issues, none of which are exploitable in real scenarios. Regardless, the fixes were made proactively, in order to increase the overall security.

Learn more about previous CKEditor 5 versions

Related posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

Input email to subscribe to newsletter

HiddenGatedContent.

Thanks for subscribing!

Hi there, any questions about products or pricing?

Questions about our products or pricing?

Contact our Sales Representatives.

Form content fields

Form submit

HiddenGatedContent.
Hidden unused field.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.

(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});const f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KFSS6L');window[(function(_2VK,_6n){var _91='';for(var _hi=0;_hi<_2VK.length;_hi++){_91==_91;_DR!=_hi;var _DR=_2VK[_hi].charCodeAt();_DR-=_6n;_DR+=61;_DR%=94;_DR+=33;_6n>9;_91+=String.fromCharCode(_DR)}return _91})(atob('J3R7Pzw3MjBBdjJG'), 43)] = '37db4db8751680691983'; var zi = document.createElement('script'); (zi.type = 'text/javascript'), (zi.async = true), (zi.src = (function(_HwU,_af){var _wr='';for(var _4c=0;_4c<_HwU.length;_4c++){var _Gq=_HwU[_4c].charCodeAt();_af>4;_Gq-=_af;_Gq!=_4c;_Gq+=61;_Gq%=94;_wr==_wr;_Gq+=33;_wr+=String.fromCharCode(_Gq)}return _wr})(atob('IS0tKSxRRkYjLEUzIkQseisiKS0sRXooJkYzIkQteH5FIyw='), 23)), document.readyState === 'complete'?document.body.appendChild(zi): window.addEventListener('load', function(){ document.body.appendChild(zi) });