Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

WebJars: Upgrade CKEDITOR from 4.16.1 to 4.21.0

Description

The CKeditor hasn’t been updated for a while and scanners like hostedscan report security vulnerabilities in Sakai 22.x because the editor version.

This provides two PRs, one for master and one for 22.x, the paths have changed and this will save time.

https://ckeditor.com/cke4/release-notes

Versions prior to 4.21.0 are affected by some security issues https://security.snyk.io/package/npm/ckeditor4 newer Sakai releases may require an editor update.

Attachments

6
  • 08 Jun 2023, 09:42 PM
  • 08 Jun 2023, 09:06 AM
  • 08 Jun 2023, 09:06 AM
  • 07 Jun 2023, 07:02 PM
  • 07 Jun 2023, 06:48 PM
  • 26 May 2023, 11:48 AM

Activity

Show:

Andrea Schmidt October 28, 2023 at 2:40 PM

Earle enabled the property on 22x for testing (SAK-47049) and it is working to upload to the server on 22x: https://qa22-mysql.nightly.sakaiproject.org/, build: 0b849168 , so am setting this to verified.

Andrea Schmidt June 11, 2023 at 6:49 PM

Agreed

Adam Marshall June 11, 2023 at 6:49 PM
Edited

It sounds like I should NOT report this as a bug because it’s been set like this on purpose but as Miguel suggests, we should not be offering the upload option if it’s not going to work.

I’m happy to create a Jira: “Dont offer the option to upload if ‘content.direct.upload.enabled' is set to false”. Tip me the wink if I should.

Miguel Pellicer June 9, 2023 at 7:38 AM

Probably related to https://sakaiproject.atlassian.net/browse/SAK-47049, not sure, but if it’s disabled I feel we shouldn’t show the option.

Andrea Schmidt June 8, 2023 at 9:34 PM
Edited

are https://sakaiproject.atlassian.net/browse/SAK-47957 and https://sakaiproject.atlassian.net/browse/SAK-47049 related to this upload issue?

It was disabled on purpose on 22x.
Also, I’m not able to reproduce this on Win10: Edge on https://trunk-maria.nightly.sakaiproject.org/

I was able to successfully upload an image and send it to the server. The image is actually in the hidden instructor-uploads folder. Test was done as an instructor. So I think this is not a failure.

Fixed

Details

Priority

Affects versions

Fix versions

23 Status

QA Verification Pass

22 Status

Verified

Components

Assignee

Reporter

Created May 26, 2023 at 10:26 AM
Updated October 28, 2023 at 2:40 PM
Resolved May 26, 2023 at 9:06 PM
Configure

Flag notifications