Request to update CKEditor to 4.24.0

[olirogers]

Hi,

We use this library at the latest version available 4.21.0.

CKEditor 4.24.0 was released in February and contains fixes for a couple of vulnerabilities, CVE-2024-24816 and CVE-2024-24815.

Please could this package be updated to the new version? I tried to find instructions on how to do this and submit a PR but came up short!

I don't think I have permissions to create this as a Jira issue.

Thanks,

Oli

[cor3000]

as far as I understand:
ckeditor 4.24.0 LTS is "behind a paywall" (they call it Extended Support Model), so this cannot be integrated by ZK directly and needs to be licensed separately and patched by each individual user (themselves or by contacting ZK Support for assistance)

there's also a smalltalk article about ckeditor 5 integration into ZK
https://www.zkoss.org/wiki/Small_Talks/2023/December/ZK_Meets_CKEditor_5:_Personalized,_Collaborative,_and_AI-powered

[jeanher]

Yes, as cor3000 mentioned, ckeditor/cksource has changed its licensing and CKEditor 4.24.0 (and CKEditor v5) require commercial licenses. Due to this change, we can no longer upgrade ZK CKEditor directly.

If you wish to access 4.24.0, please contact CKEditor to obtain an appropriate license. After getting the license, if you require a ZK wrapper to apply to your ZK project, please contact us at info@zkoss.org to request professional support services.

You can also consider getting CKEditor 5 and a ZK CKEditor 5 wrapper - still, you would need to obtain an appropriate license from CKEditor.