Post by motofox » Tue Sep 10, 2024 3:26 am

been running opencart 4023 for the last year and this warning message pops up all of a sudden in the catalogue products page. anyone know what file i need to replace to upgrade it,

This CKEditor 4.22.1 version is not secure. Consider upgrading to the latest one, 4.25.0-lts

New member

Posts

Joined
Wed Nov 19, 2014 10:44 pm

User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by RyanD » Fri Sep 13, 2024 1:48 pm

Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
________________
My website : hackerdna.com
Last edited by RyanD on Mon Jan 13, 2025 11:50 pm, edited 1 time in total.

Newbie

Posts

Joined
Fri Sep 13, 2024 1:21 pm

Post by OSWorX » Fri Sep 13, 2024 3:47 pm

RyanD wrote:
Fri Sep 13, 2024 1:48 pm
Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
The arguement that the editor is insecure is not (100%) correct, better read that: https://github.com/opencart/opencart/issues/14032
And, it is up to everyone to buy a license of CKEditor and replace the used (and free) one ..

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Administrator

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by motofox » Fri Sep 13, 2024 7:04 pm

RyanD wrote:
Fri Sep 13, 2024 1:48 pm
Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
i read that too, seems its only vulnerable if its customer facing and not the admin side so not much of a threat for our useage ..
I wouldnt know what to look for really, any recommendations for site security ?

New member

Posts

Joined
Wed Nov 19, 2014 10:44 pm

Post by WaxedPerfection » Fri Sep 13, 2024 7:42 pm

motofox wrote:
Fri Sep 13, 2024 7:04 pm
RyanD wrote:
Fri Sep 13, 2024 1:48 pm
Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
i read that too, seems its only vulnerable if its customer facing and not the admin side so not much of a threat for our useage ..
I wouldnt know what to look for really, any recommendations for site security ?
johnp wrote:
Mon Sep 09, 2024 5:42 pm
The free version of Ninja Firewall is fine.

https://nintechnet.com/ninjafirewall/pro-edition
@johnp always pops this when simular questeion are asked... worth a look

https://www.waxedperfection.co.uk/ Car Detailing Product Blog's and Review's


Active Member

Posts

Joined
Sun Mar 26, 2017 8:23 pm

Post by ADD Creative » Fri Sep 13, 2024 8:25 pm

Looking at https://github.com/ckeditor/ckeditor4/security there are 5 issues that affect the last free version 4.22.1.

3 are in samples or plugins that aren't included in OpenCart.
1 looks to be in a feature not used in OpenCart by default.
The final one looks to have been patch with https://github.com/opencart/opencart/pull/13654.

It still probably better Summernote use in OpenCart 3.x. It still needs changing in the future to something that is still supported.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: No registered users and 6 guests