Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKEditor CVE for plugins #2425

Closed
dasgarner opened this issue Feb 24, 2021 · 1 comment
Closed

CKEditor CVE for plugins #2425

dasgarner opened this issue Feb 24, 2021 · 1 comment
Assignees
@maurofmferrao
Labels
enhancement An improvement to an existing feature
Projects
Xibo CMS
Milestone
3.0.0-rc2

Comments

@dasgarner
Copy link
Member

I am not sure we use these plugins anyway, but good to validate.

OP: https://community.xibo.org.uk/t/security-vulnerability-on-xibo-2-3-8-found/24543
@dasgarner dasgarner added this to the 2.3.9 milestone Feb 24, 2021
@dasgarner dasgarner added this to To do in Xibo CMS via automation Feb 24, 2021
@maurofmferrao maurofmferrao moved this from To do to Next in Xibo CMS Feb 24, 2021
@maurofmferrao maurofmferrao moved this from Next to In progress in Xibo CMS Feb 24, 2021
@maurofmferrao maurofmferrao moved this from In progress to Next in Xibo CMS Feb 25, 2021
@dasgarner dasgarner modified the milestones: 2.3.9, 3.0.0-rc2 Feb 25, 2021
@maurofmferrao
Copy link
Member

Advanced Tab for Dialogs plugin (CVE-2021-26271) - ReDoS in the Autolink plugin (CVE-2021-26272) are not being used by the current CKEDITOR 4.3 in the CMS, so we're not vulnerable to any of those CVEs.

For 3.0, we want to implement a newer version (latest 4 or even the CKEDITOR 5). The ideal scenario would be to have the package and plugins being installed with NPM, if that's possible, if not, we need to update a bundle and check if all the custom features ( like our red guideline ) are working for that version.

@maurofmferrao maurofmferrao moved this from Next to In progress in Xibo CMS Mar 1, 2021
@maurofmferrao maurofmferrao moved this from In progress to Next in Xibo CMS Mar 1, 2021
@maurofmferrao maurofmferrao moved this from Next to To do in Xibo CMS Mar 1, 2021
@maurofmferrao maurofmferrao moved this from To do to Next in Xibo CMS Mar 2, 2021
@maurofmferrao maurofmferrao moved this from Next to In progress in Xibo CMS Mar 2, 2021
@maurofmferrao maurofmferrao added the enhancement An improvement to an existing feature label Mar 4, 2021
@maurofmferrao maurofmferrao moved this from In progress to Review in progress in Xibo CMS Mar 4, 2021
maurofmferrao added a commit to maurofmferrao/xibo-cms that referenced this issue Mar 8, 2021
@maurofmferrao
CKEditor CVE for plugins
e4ab1fc 
resolves xibosignage/xibo#2425
Xibo CMS automation moved this from Review in progress to Done Mar 10, 2021
@dasgarner dasgarner moved this from Done to Released in Xibo CMS Mar 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maurofmferrao maurofmferrao

Labels
enhancement An improvement to an existing feature
Projects
No open projects
Xibo CMS
  
Released
Milestone
3.0.0-rc2
Development

No branches or pull requests
2 participants
@dasgarner @maurofmferrao