tracker issue : CF-4126448

select a category, or use search below
(searches all categories and all time range)
Title:

FCKeditor version is out of date

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Peter Freitag / Peter Freitag (Peter Freitag)

Created: 03/09/2016

Components: AJAX, UI Components

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Beta2_v12 /

Priority/Frequency: Major / Unknown

Locale/System: English / Win All

Vote Count: 1

Listed in the version 2016.0.02.299200 Issues Fixed doc
Verification notes: verified_fixed on September 30, 2019 using build 2016.0.02.299200 
Problem Description: The version of FCKeditor included with Raijin is 2.6.4.1, the current version of FCKeditor is 2.6.10 which includes several security updates.

FCKeditor should be updated to 2.6.10 or it should be upgraded to CKeditor since FCKeditor is "unsupported software" now according to the author.

Even if the all the security updates do not pertain to CF, the core version should be updated to give people reviewing security of a CF server some idea that it is not vulnerable to the issues.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126448

External Customer Info:
External Company: Foundeo Inc.
External Customer Name: Peter Freitag
External Customer Email: PETE@FOUNDEO.COM
External Test Config:

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Fix By Milestone newValue: Post Release oldValue: Alpha oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-02-29 12:57:21.0 action: updated fieldName: Fix By Product Milestone newValue: HF2 oldValue: Alpha oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-02-29 12:57:21.0 action: updated fieldName: Priority newValue: 3 oldValue: 0 oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-02-16 04:57:54.0 action: updated fieldName: Reason newValue: Blank oldValue: Blank oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-01-21 02:47:27.0 action: updated fieldName: Fix By Product Milestone newValue: Alpha oldValue: Blank oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-01-21 02:47:27.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-01-21 02:47:27.0 action: updated fieldName: Owner newValue: awdhesh oldValue: suchsing oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-01-21 02:47:27.0 action: updated fieldName: Fix By Milestone newValue: Alpha oldValue: Blank oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-01-21 02:47:27.0
Comment by CFwatson U.
4100 | March 09, 2016 02:07:57 AM GMT
Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-20 22:04:57.0
Comment by CFwatson U.
4101 | March 09, 2016 02:07:58 AM GMT
Guide and manage this update with Shreyansh.
Comment by Awdhesh K.
4102 | March 21, 2016 04:54:57 AM GMT
Hi Adobe, I see this ticket is Open/ToTest/Fixed. What is the fix? 1) FCKeditor updated to 2.6.10 -or- 2) FCKeditor upgraded to CKeditor (if so, which version?) Thanks!, -Aaron
Comment by External U.
4103 | May 11, 2016 02:04:27 AM GMT
+1 - Preferably upgrade to CKeditor.
Vote by External U.
4109 | May 11, 2016 02:05:03 AM GMT
Agree that at the core the most up to date version should be available, but if you are using cftextarea, don't forget you can use the basepath attribute to point to an updated library.
Comment by External U.
4104 | May 11, 2016 05:20:07 AM GMT
Hi Aaron, We have upgraded FCKeditor to CKeditor version 4.5.7, which will be available with HF2. Thanks, Dattanand Bhat
Comment by Dattanand M.
4105 | May 18, 2016 04:29:39 AM GMT
CKEditor 4.5.9 has been out for a while so your implementation is already out of date.
Comment by External U.
4106 | May 19, 2016 04:48:50 PM GMT
test note
Comment by CFwatson U.
4107 | June 07, 2016 04:18:30 AM GMT
The fix for this bug is available as part of the early-access build for ColdFusion 2016 Update 2.
Comment by CFwatson U.
4108 | June 07, 2016 04:25:10 AM GMT
Hi Adobe, I've verified this is fixed in CF2016 Update 2 (build 2016.0.02.299200). Thanks!, -Aaron
Comment by Aaron N.
31471 | September 30, 2019 07:13:41 AM GMT