Feeling Lucky
?
Release Blocker
NPM Resource Changed
PR-4.4-dev
[#42239] - [4.4] Update TinyMCE to 5.10.8
- Fixed in Code Base
- 2 Nov 2023
- Medium
- Build: 4.4-dev
- # 42239
- Diff
- SniperSister:4.4-tinymce-update
User tests: Successful: Unsuccessful:
Summary of Changes
Updating TinyMCE to 5.10.8 to fix a mXSS vulnerability, see:
GHSA-v65r-p3vv-jjfv
Testing Instructions
Apply patch, run npm install to download the updated Tiny version, test the editor.
Version 5.10.8 - October 19, 2023
Fixed
Specific HTML content caused mXSS when using undo/redo.
Specific HTML content caused mXSS when using the getContent and setContent APIs with the format: 'raw' option, which also affected the resetContent API and the draft restoration feature of the Autosave plugin.
Notification messages containing HTML were not properly XSS sanitized before being displayed.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | NPM Change |
| Title |
|
||||||
| Title |
|
||||||
heelc29
- comment
- 28 Oct 2023
Plugin manifest version should be updated too.
| Labels |
Added:
Release Blocker
NPM Resource Changed
PR-4.4-dev
|
||
| Category | NPM Change | ⇒ | NPM Change Front End Plugins |
Fedik
- comment
- 31 Oct 2023
I have tested this item ✅ successfully on a8980bb
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42239.
| Status | Pending | ⇒ | Ready to Commit |
Fedik
- comment
- 31 Oct 2023
r2c
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42239.
| Labels |
Added:
?
|
||
laoneo
- comment
- 2 Nov 2023
Merging as there is currently an issue with mysql 5.7 on appveyor.
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-11-02 10:03:05 |
| Closed_By | ⇒ | laoneo | |
| Labels |
Added:
?
Removed: ? |
||
laoneo
- comment
- 2 Nov 2023
Thanks!
I have tested this item ✅ successfully on 285febb
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42239.