Mahara

Upgrade TinyMCE from 5.8.2 to 5.10.2

Bug #1962805 reported by Dianne Tennent on 2022-03-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Medium	Unassigned	Mahara 22.04.0

Bug Description

https://www.tiny.cloud/blog/new-release-tinymce-5-10/

    An upgrade to our Dom API to enhance URL security
    Adding user-friendly enhancement to our VK API
    Added ability for engineers to turn off deprecation console warning messages
    Upgrades to our element API, relating to scrolling

https://www.tiny.cloud/docs/release-notes/release-notes510/
Security fixes

TinyMCE 5.10 provides fixes for the following security issues.

Fixed URLs not cleaned correctly in some cases in the link and image plugins. This caused a medium severity Cross Site Scripting (XSS) vulnerability. Tiny Technologies would like to thank Yakir6 for discovering this vulnerability.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2022-03-03: A patch has been submitted for review

Patch for "main" branch: https://reviews.mahara.org/12465

Kristina Hoeppner (kris-hoeppner) on 2022-03-06

Changed in mahara:
status:	New → In Progress
importance:	Undecided → Medium
milestone:	none → 22.04.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2022-03-09:

Reviewed: https://reviews.mahara.org/12466
Committed: https://git.mahara.org/mahara/mahara/commit/b6a03981fba1a7efe8a9e82008ace3a9924c757e
Submitter: Robert Lyon (<email address hidden>)
Branch: main

commit b6a03981fba1a7efe8a9e82008ace3a9924c757e
Author: Doris Tam <email address hidden>
Date: Tue Aug 24 13:14:29 2021 +1200

Bug 1962805 - TinyMCE customisation: Mathslate

Reapplied from https://reviews.mahara.org/#/c/11943/
Bug 1940615

Change-Id: Ic6a6ea3104af15005d8363c2eff147ede0426249

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2022-03-09:

Reviewed: https://reviews.mahara.org/12467
Committed: https://git.mahara.org/mahara/mahara/commit/70496e906be7f790b3f9b70cda5c1c3eea6f8cce
Submitter: Robert Lyon (<email address hidden>)
Branch: main

commit 70496e906be7f790b3f9b70cda5c1c3eea6f8cce
Author: Doris Tam <email address hidden>
Date: Tue Aug 24 14:42:57 2021 +1200

Bug 1962805 - TinyMCE customisation: Restrict heading levels on mobile for accessibility

Reapplied this patch: https://reviews.mahara.org/#/c/11946/4
Bug 1940615

Updated tinymce/readme.mahara version number to 5.10.2

Change-Id: I1364d3fb882993123b794215562bb20109d600f5

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2022-03-09: A change has been merged

Reviewed: https://reviews.mahara.org/12465
Committed: https://git.mahara.org/mahara/mahara/commit/b7135e1cdc8de8743c7733b19089ede231f26412
Submitter: Robert Lyon (<email address hidden>)
Branch: main

commit b7135e1cdc8de8743c7733b19089ede231f26412
Author: Dianne Tennent <email address hidden>
Date: Fri Mar 4 10:23:09 2022 +1300

Bug 1962805: Upgrade TinyMCE from 5.8.2 to 5.10.2

Change-Id: Ia4ff0be3fb1627be95be825299b9def63807454f

Robert Lyon (robertl-9) on 2022-03-09

Changed in mahara:
status:	In Progress → Fix Committed

Gold (gold.catalyst) on 2022-04-27

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.