···
pythonImportsCheck = [ "ckeditor" ];
53
-
description = " Django admin CKEditor integration";
53
+
description = "Django admin CKEditor integration";
homepage = "https://github.com/django-ckeditor/django-ckeditor";
changelog = "https://github.com/django-ckeditor/django-ckeditor/blob/${version}/CHANGELOG.rst";
maintainers = with maintainers; [ onny ];
58
+
knownVulnerabilities = [
60
+
django-ckeditor bundles CKEditor 4.22.1 which isn’t supported anmyore and
61
+
which does have unfixed security issues
63
+
Existing users of django-ckeditor should consider switching to a
64
+
different editor such as CKEditor 5 (django-ckeditor-5), after verifying
65
+
that its GPL licensing terms are acceptable, or ProseMirror
66
+
(django-prose-mirror by the author of django-ckeditor). Support of the
67
+
CKEditor 4 package is provided by its upstream developers as a
68
+
non-free/commercial LTS package until December 2028.
70
+
Note that while there are publically known vulnerabilities for the
71
+
CKEditor 4 series, the exploitability of these issues depends on how
72
+
CKEditor is used by the given Django application.
74
+
Further information:
76
+
* List of vulnerabilites fixed in CKEditor 4.24.0-lts:
78
+
* GHSA-fq6h-4g8v-qqvm
79
+
* GHSA-fq6h-4g8v-qqvm
80
+
* GHSA-mw2c-vx6j-mg76
82
+
* The django-ckeditor deprecation notice:
83
+
<https://406.ch/writing/django-ckeditor/>
85
+
* The non-free/commerical CKEditor 4 LTS package:
86
+
<https://ckeditor.com/ckeditor-4-support/>
pyrox.dev