JoomlaFCK Editor (Security Release)

Interactive Online > Blog  > CMS  > Joomla  > JoomlaFCK Editor (Security Release)

JoomlaFCK Editor (Security Release)

JoomlaFCK is a super lightweight WYSIWYG editor. It comes equips with a gorgeous GUI & offers a sophisticated set of tools including image editing (resize, crop…) paste from Word filter, spell-check & document capabilities.

It’s been reviewed as the best out of the box editor for Joomla!. It comes preconfigured & is not dependant upon a 3rd party component to work – which means it simple to install & user friendly to use!

The editor warrants its success by being built upon the highly acclaimed FCK code, which has become adopted by many world class enterprise solutions including Adobe & Oracle.

*** VERSION (Security Release) 14th July 2009 ***

Due to a security vulnerably we are officially releasing and HIGHLY RECOMMENDED upgrading to the latest stable version. The vulnerabilities in found in all implementations of the FCKeditor before version This allows remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

The good news is that the above has caused us to release before time and therefore includes some welcomed improvement that would otherwise not be available until August.

New Features:
* New Joomlalised dialog light-box skin – brings a professional & integrated look to the editor’s plug-ins.
* Spell Check on Save option – this feature was requested by one of our users on the forums about 3 weeks ago. By default this feature is OFF but can be applied in the plug-in parameters.

* Relative file path set as default.

* IMPORTANT SECURITY RELEASE – Multiple directory traversal vulnerabilities –
* CSS import Stylesheet – fixed an issue when importuning attributes with speak-marks in the font family style
* Flash file plugin – fixed an issue when embedding flash files in absolute mode.
* Spell Check now supported in Safari 4
* Fixes the browsers information tab
* Yoo themes light-box gallery plug-in – the editor will allow for empty link tags in the code.

For more comprehensive guild to the latest features and bug fixes please –