Hello, You can find more infos here -> https://bugs.sogo.nu/view.php?id=5920
Quentin -----Original Message----- From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of Ganael Laplanche Sent: vendredi 9 février 2024 10:26 To: users@sogo.nu Subject: [SOGo] CKEditor 4.x insecure Hello, Latest Sogo release (5.9.1) embeds CKEditor 4.22.1, which is considered as insecure, see: https://ckeditor.com/ckeditor-4/#is-ckeditor-4-secure? "The final public security patches for CKEditor 4 were released on June 30, 2023. Please be aware this means the public versions of CKEditor 4 are no longer secure." Has Sogo team backported any patch to fix XSS flaws (it does not seem so: the latest commit related to CKEditor I can find is the integration of version 4.22.1 itself) ? Is there any plan to upgrade CKEditor to version 5 ? Best regards, -- Ganael Laplanche <ganael.laplan...@centralesupelec.fr> Unix Systems Engineer @CentraleSupelec Rennes - DISI
