Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #36808 Allowlist ckeditor4 CVE-2024-24815, CVE-2023-4771 and CVE-2024-24816
    Actions
    Infos
    #36808
    Thomas Gerbet (tgerbet)
    2024-02-08 16:29
    2024-02-08 09:52
    38392
    Details
    Allowlist ckeditor4 CVE-2024-24815, CVE-2023-4771 and CVE-2024-24816

    CVE-2024-24815

    https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm

    Fullpage editing is not enabled and CDATA elements have not been enabled in the Advanced Content Filtering configuration.

    CVE-2023-4771 and CVE-2024-24816

    https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-wh5w-82f3-wrxh
    https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76

    We do not ship the samples, only the ckeditor4 code after a build phase.

    Dependencies
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-02-08
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #35498 Tuleap Releases 15.6 Delivered 2024-04-03 15:49 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #36808

    Git commit

    tuleap/tuleap/stable

    chore: request #36808 Allowlist ckeditor4 CVE-2024-24815, CVE-2023-4771 and CVE-2024-24816 3a297f3497
    User avatar Thomas Gerbet (tgerbet) , 2024-02-08 10:12
    Merge commit 'refs/changes/96/30396/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 01b779b689
    User avatar Joris MASSON (jmasson) , 2024-02-08 16:28
    Referenced by request #36808

    Artifact Tracker v5

    rel #35498 15.6

    Other

    gerrit #30396
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2024-02-08 10:14

    See gerrit #30396.

    We need to make a plan to upgrade to ckeditor5 (or move to something else).

    • Status changed from Under implementation to Under review