npm ckeditor5 41.3.1

latest releases: 0.0.0-nightly-20241114.0, 0.0.0-nightly-20241113.0, 0.0.0-nightly-20241112.0...
7 months ago

We are happy to announce the release of CKEditor 5 v41.3.1.

The release addresses a vulnerability identified in the protobuf.js package (CVE-2023-36665), used within our @ckeditor/ckeditor5-operations-compressor package for real-time collaboration.

Our analysis confirms that this vulnerability does not affect CKEditor 5. None of the vulnerable code in the protobuf.js package is utilized in CKEditor 5, as we use protobuf’s minimal build type.

This release primarily aims to ensure that our customers using real-time collaboration features do not encounter unnecessary security alerts from their scanning tools. We are committed to maintaining the highest security standards, and this update reflects our ongoing efforts to safeguard user environments proactively.

Bug fixes

  • template: Fixed the TemplateDefinition#data type in the @ckeditor/ckeditor5-template config. Now, it should be possible to define a string or a function returning a string instead of just a function returning a string.

Released packages

Check out the Versioning policy guide for more information.

Released packages (summary)

Other releases:

Don't miss a new ckeditor5 release

NewReleases is sending notifications on new releases.