been running opencart 4023 for the last year and this warning message pops up all of a sudden in the catalogue products page. anyone know what file i need to replace to upgrade it,
This CKEditor 4.22.1 version is not secure. Consider upgrading to the latest one, 4.25.0-lts
This CKEditor 4.22.1 version is not secure. Consider upgrading to the latest one, 4.25.0-lts
A quick Google search reveals the answer: viewtopic.php?t=234021
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
________________
My website : hackerdna.com
________________
My website : hackerdna.com
Last edited by RyanD on Mon Jan 13, 2025 11:50 pm, edited 1 time in total.
The arguement that the editor is insecure is not (100%) correct, better read that: https://github.com/opencart/opencart/issues/14032RyanD wrote: ↑Fri Sep 13, 2024 1:48 pmIndeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
And, it is up to everyone to buy a license of CKEditor and replace the used (and free) one ..
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
i read that too, seems its only vulnerable if its customer facing and not the admin side so not much of a threat for our useage ..RyanD wrote: ↑Fri Sep 13, 2024 1:48 pmIndeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
I wouldnt know what to look for really, any recommendations for site security ?
motofox wrote: ↑Fri Sep 13, 2024 7:04 pmi read that too, seems its only vulnerable if its customer facing and not the admin side so not much of a threat for our useage ..RyanD wrote: ↑Fri Sep 13, 2024 1:48 pmIndeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
I wouldnt know what to look for really, any recommendations for site security ?
@johnp always pops this when simular questeion are asked... worth a lookjohnp wrote: ↑Mon Sep 09, 2024 5:42 pmThe free version of Ninja Firewall is fine.
https://nintechnet.com/ninjafirewall/pro-edition
https://www.waxedperfection.co.uk/ Car Detailing Product Blog's and Review's
Looking at https://github.com/ckeditor/ckeditor4/security there are 5 issues that affect the last free version 4.22.1.
3 are in samples or plugins that aren't included in OpenCart.
1 looks to be in a feature not used in OpenCart by default.
The final one looks to have been patch with https://github.com/opencart/opencart/pull/13654.
It still probably better Summernote use in OpenCart 3.x. It still needs changing in the future to something that is still supported.
3 are in samples or plugins that aren't included in OpenCart.
1 looks to be in a feature not used in OpenCart by default.
The final one looks to have been patch with https://github.com/opencart/opencart/pull/13654.
It still probably better Summernote use in OpenCart 3.x. It still needs changing in the future to something that is still supported.
Who is online
Users browsing this forum: No registered users and 5 guests