Hello, You can find more infos here -> https://bugs.sogo.nu/view.php?id=5920
Quentin -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ganael Laplanche Sent: vendredi 9 février 2024 10:26 To: [email protected] Subject: [SOGo] CKEditor 4.x insecure Hello, Latest Sogo release (5.9.1) embeds CKEditor 4.22.1, which is considered as insecure, see: https://ckeditor.com/ckeditor-4/#is-ckeditor-4-secure? "The final public security patches for CKEditor 4 were released on June 30, 2023. Please be aware this means the public versions of CKEditor 4 are no longer secure." Has Sogo team backported any patch to fix XSS flaws (it does not seem so: the latest commit related to CKEditor I can find is the integration of version 4.22.1 itself) ? Is there any plan to upgrade CKEditor to version 5 ? Best regards, -- Ganael Laplanche <[email protected]> Unix Systems Engineer @CentraleSupelec Rennes - DISI
