Hello,
You can find more infos here -> https://bugs.sogo.nu/view.php?id=5920
Quentin
-Original Message-
From: users-requ...@sogo.nu On Behalf Of Ganael
Laplanche
Sent: vendredi 9 février 2024 10:26
To: users@sogo.nu
Subject: [SOGo] CKEditor 4.x insecure
Hello,
Latest Sogo release (5.9.1) embeds CKEditor 4.22.1, which is considered as
insecure, see:
https://ckeditor.com/ckeditor-4/#is-ckeditor-4-secure?
"The final public security patches for CKEditor 4 were released on June 30,
2023. Please be aware this means the public versions of CKEditor 4 are no
longer secure."
Has Sogo team backported any patch to fix XSS flaws (it does not seem
so: the latest commit related to CKEditor I can find is the integration of
version 4.22.1 itself) ?
Is there any plan to upgrade CKEditor to version 5 ?
Best regards,
--
Ganael Laplanche
Unix Systems Engineer @CentraleSupelec Rennes - DISI
