• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Manual update of CKEditor Coldfusion 2021

New Here ,
Nov 24, 2021 Nov 24, 2021

Copy link to clipboard

Copied

My internal security scans are still going nuts when scanning the Coldfusion server in regard to CKEditor.  Is there a manual way to upgrade from the installed 4.10 to at least the 4.16 version to plug a bunch of holes?  Or even better the current 4.17 version on the 4.X stack.

Views

1.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 28, 2021 Nov 28, 2021

Copy link to clipboard

Copied

Your worries are justified. Especially given the CKEditor vulnerability discovered some years ago. However, even if you could manually update CKEditor, I would discourage you from doing so. 

 

CKEditor is integrated in ColdFusion. There might be dependencies that you're unaware of. If you tampered with the CKEditor installation, you might break more things than you fix.

 

ColdFusion is a service. So, where necessary, the service-provider is best placed to do the update. Make a ColdFusion 2021 Feature Request.  After all, as the vulnerability proved, what you want is in Adobe's best interest. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Nov 30, 2021 Nov 30, 2021

Copy link to clipboard

Copied

We have the same issue.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 09, 2021 Dec 09, 2021

Copy link to clipboard

Copied

We are seeing this as an issue on our 2018 installations, as well.  Sorry to hear that manually moving up to a newer version isn't a practical solution.  With CKEditor at v5, and this an issue in 2021, I don't hold out hope for a resolution for our environment.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 09, 2021 Dec 09, 2021

Copy link to clipboard

Copied

We aren't using the CKEditor upload feature.  Is there a way to disable it?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2022 Oct 06, 2022

Copy link to clipboard

Copied

LATEST

I realize this question (about removing fileupload capabilities from ckeditor) is now several months old, but if you're still interested (@altascene), are you aware first that CF prevents file uploads to CF from that by default? See the file settings.cfm (in [cf]\cfusion\wwwroot\cf_scripts\scripts\ajax\ckeditor\, which has this line:

<cfset settings.AllowUploads = "false">

That defaults to false for CF2021, 2018, and 2016 (CF11 had used fckeditor).

 

Or if you may mean you want to remove the upload elements from the UI (such as in cftextarea richtext="true"), I'll note first that I don't find it appearing in CF2021, but if you do see it, you should be able to remove it by editing the config.js (in [cf]\cfusion\wwwroot\cf_scripts\scripts\ajax\ckeditor\) and using its removeDialogTabs setting:

config.removeDialogTabs = 'link:upload;image:Upload';

which is discussed a bit more in the ckeditor config docs here.  If that helps (or does not), let us know. If you've moved on and are no longer concerned about the matter, I hope it may help future readers (and I'm open to correction if I have anything wrong).


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation