OpenCart Community

been running opencart 4023 for the last year and this warning message pops up all of a sudden in the catalogue products page. anyone know what file i need to replace to upgrade it,

This CKEditor 4.22.1 version is not secure. Consider upgrading to the latest one, 4.25.0-lts

A quick Google search reveals the answer: viewtopic.php?t=234021

Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.
________________
My website : hackerdna.com

RyanD wrote: ↑

Fri Sep 13, 2024 1:48 pm

Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.

The arguement that the editor is insecure is not (100%) correct, better read that: https://github.com/opencart/opencart/issues/14032
And, it is up to everyone to buy a license of CKEditor and replace the used (and free) one ..

RyanD wrote: ↑

Fri Sep 13, 2024 1:48 pm

Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.

i read that too, seems its only vulnerable if its customer facing and not the admin side so not much of a threat for our useage ..
I wouldnt know what to look for really, any recommendations for site security ?

motofox wrote: ↑

Fri Sep 13, 2024 7:04 pm

RyanD wrote: ↑

Fri Sep 13, 2024 1:48 pm

Indeed, it seems that the CKEditor version you're using has vulnerabilities, so upgrading to 4.25.0-lts is a good idea, as mentioned. This is also a good time to think about cybersecurity throughout your site, perhaps with a quick audit to check for other potential weak points.

i read that too, seems its only vulnerable if its customer facing and not the admin side so not much of a threat for our useage ..
I wouldnt know what to look for really, any recommendations for site security ?

johnp wrote: ↑

Mon Sep 09, 2024 5:42 pm

The free version of Ninja Firewall is fine.

https://nintechnet.com/ninjafirewall/pro-edition

@johnp always pops this when simular questeion are asked... worth a look

Looking at https://github.com/ckeditor/ckeditor4/security there are 5 issues that affect the last free version 4.22.1.

3 are in samples or plugins that aren't included in OpenCart.
1 looks to be in a feature not used in OpenCart by default.
The final one looks to have been patch with https://github.com/opencart/opencart/pull/13654.

It still probably better Summernote use in OpenCart 3.x. It still needs changing in the future to something that is still supported.