Joomla! Issue Tracker | Joomla! CMS #42240 - [5.0] Update TinyMCE to 6.7.2

? Release Blocker NPM Resource Changed PR-5.0-dev

Fixed in Code Base
31 Oct 2023
Medium
Build: 5.0-dev
# 42240
Diff
SniperSister:5.0-tinymce-update

Pending

User tests: Successful: Unsuccessful:

SniperSister
28 Oct 2023

Summary of Changes

Updating TinyMCE to 6.7.2 to fix a mXSS vulnerability, see:
GHSA-v65r-p3vv-jjfv

Testing Instructions

Apply patch, run npm install to download the updated Tiny version, test the editor.


6.7.2 - 2023-10-25
Fixed
The function getModifierState did not work on events passed through the editor as expected.

Indenting or outdenting a list item that contained non list item siblings after it would result in those siblings being removed.

Removed use of async for editor rendering which caused visual blinking when reloading the editor in-place.

Toggling a list that contained a list item element — <li> — which, in turn, contained another list item element as its first child, removed other content within the first list item element.

6.7.1 - 2023-10-19
Fixed
Specific HTML content caused mXSS when using undo/redo.

Specific HTML content caused mXSS when using the getContent and setContent APIs with the format: 'raw' option, which also affected the resetContent API and the draft restoration feature of the Autosave plugin.

Notification messages containing HTML were not properly XSS sanitized before being displayed.

a81ed20 28 Oct 2023

Update tinymce to 6.7.2

SniperSister - open - 28 Oct 2023

SniperSister - change - 28 Oct 2023

Status

New

⇒

Pending

joomla-cms-bot - change - 28 Oct 2023

Category

NPM Change

⇒

NPM Change Front End Plugins

SniperSister - comment - 28 Oct 2023

Good catch @heelc29 , done!

brianteeman - comment - 28 Oct 2023

Usually we post the changelog in the first post to help testers especially as in this case we are jumping two releases.


6.7.2 - 2023-10-25
Fixed
The function getModifierState did not work on events passed through the editor as expected.

Indenting or outdenting a list item that contained non list item siblings after it would result in those siblings being removed.

Removed use of async for editor rendering which caused visual blinking when reloading the editor in-place.

Toggling a list that contained a list item element — <li> — which, in turn, contained another list item element as its first child, removed other content within the first list item element.

6.7.1 - 2023-10-19
Fixed
Specific HTML content caused mXSS when using undo/redo.

Specific HTML content caused mXSS when using the getContent and setContent APIs with the format: 'raw' option, which also affected the resetContent API and the draft restoration feature of the Autosave plugin.

Notification messages containing HTML were not properly XSS sanitized before being displayed.

SniperSister - change - 28 Oct 2023

The description was changed

SniperSister - edited - 28 Oct 2023

Fedik - test_item - 31 Oct 2023 - Tested successfully

Fedik - comment - 31 Oct 2023

I have tested this item ✅ successfully on cb295dc

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42240.}

Fedik - change - 31 Oct 2023

Status

Pending

⇒

Ready to Commit

Fedik - comment - 31 Oct 2023

r2c

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42240.}

HLeithner - close - 31 Oct 2023

HLeithner - merge - 31 Oct 2023

HLeithner - change - 31 Oct 2023

Status	Ready to Commit	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2023-10-31 12:33:59
Closed_By		⇒	HLeithner
Labels	Added: ?

HLeithner - comment - 31 Oct 2023

thanks

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#42240] - [5.0] Update TinyMCE to 6.7.2

Summary of Changes

Testing Instructions

Add a Comment