Hello,
Latest Sogo release (5.9.1) embeds CKEditor 4.22.1, which is considered
as insecure, see:
https://ckeditor.com/ckeditor-4/#is-ckeditor-4-secure?
"The final public security patches for CKEditor 4 were released on June
30, 2023. Please be aware this means the public versions of CKEditor 4
are no longer secure."
Has Sogo team backported any patch to fix XSS flaws (it does not seem
so: the latest commit related to CKEditor I can find is the integration
of version 4.22.1 itself) ?
Is there any plan to upgrade CKEditor to version 5 ?
Best regards,
--
Ganael Laplanche <ganael.laplan...@centralesupelec.fr>
Unix Systems Engineer @CentraleSupelec Rennes - DISI
