- News
- Details
This update fixes an issue with missing styles an features (next, previous, pagination numbers) introduced in the last update.
A full changelog is available to view here
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE MediaBox is a free download. Forum based support is provided with a JCE Pro Subscription.
Instructions for installing and updating JCE MediaBox for each Joomla version are available here
- Details
This update fixes a few issues in Joomla 3 and adds official support for Joomla 5.
A full changelog is available to view here
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE MediaBox is a free download. Forum based support is provided with a JCE Pro Subscription.
Instructions for installing and updating JCE MediaBox for each Joomla version are available here
- Details
UPDATE: JCE Pro 2.9.54 has been released to address further issues with Joomla 3 Form Field compatability.
This is a maintenance update to fix a few mainly Joomla 3 related issues that were unfortunately introduced with the last update, and a fix for the editor not loading in SP PageBuilder 5.1.6 and earlier.
A changelog for this release is available to view here
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription.
If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
- Details
JCE Pro 2.9.52 released!
This update fixes a few bugs and issues reported or discovered since the last release, adds "Phase 1" of Dark Mode support to the JCE Admin, and a fix for a mutation cross-site scripting (mXSS) vulnerability via our friends at Tinymce.
Tinymce mXSS Vulnerability Fix
Our friends at Tiny recently released an update to the TinyMCE editor that included a fix for a mutation cross-site scripting (mXSS) vulnerability. Although JCE uses a forked and modified version of Tinymce, this vulnerability appears to be present in previous versions of JCE, so a fix is included in this update. You can read more about it in the TinyMCE release notes.
As always with exploit attempts executed through content input, it is important to always restrict access where possible to trusted users and limit features where necessary.
Dark Mode - Phase 1
Joomla 5 was released with support for Dark Mode in the Admin template and this update adds Dark Mode support to the JCE Admin, excluding the JCE File Browser. Phase 2, which will hopefully be included in the next update, will include full Dark Mode support for the JCE Editor.
Other changes and fixes include
- PRO Columns parameters set in Editor Profiles would not be applied.
- PRO Adding a custom value to the Classes list in the Columns dialog would not correctly apply it and reset the filtered list.
- PRO Internal Columns classes were incorrectly added to the Styles list.
- Removed the middot character from non-breaking space Visual Characters representation to avoid selection confusion and improve backspace delete responsiveness.
- Editor would fail to load if the Joomla core.js script file was loaded after the JCE Editor scripts.
- Installed plugins, eg: ChatGPT would give an Invalid Plugin error when opening or sending requests.
- Creating a list on a multi-line selection would wrap all content in the list when Container & Enter Key was set to None:Linebreak.
- Fixed deprecated "Joomla.editors" script errors in Joomla 5.
- Some editor-xtd buttons eg: Regularlabs ContentTemplater, would not operate correctly when the Joomla button was added to the editor toolbar.
- Fixed a PHP "ListField" error when saving an Editor Profile in Joomla 3.
A changelog for this release is available to view here
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription.
If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
- Details
JCE Pro 2.9.51 released!
This update includes an important security fix, improves support for Joomla 5, fixes a Media Field display issue introduced in the last release, fixes various issues with image processing on upload, and fixes a number of other bugs and issues reported or discovered since the last update.
Important Security Fix
We've addressed a Local File Inclusion vulnerability with this update. Here's what you need to know:
- Affected Products: All previous versions of JCE Editor Core and JCE Editor Pro.
- Details of the Vulnerability: A malicious user could directly access and execute code in certain PHP files located within the JCE Editor plugins folders. For instance, a user could access the foo.php file in the components/com_jce/editor/plugins/foo directory.
- Limitations of the Vulnerability: It's essential to note that this vulnerability does not permit users to upload or position a file in a specific location. The file would need to pre-exist in that location, likely placed there due to a different exploit in another extension or from a broader site/server vulnerability.
- Our Solution: This update eliminates any such unauthorized access and improves validation of existing filees ensuring compromised files won't be loaded.
Please contact us directly if you require further information.
Joomla 5 Support
Support for Joomla 5 has been improved, removing the need for the Behaviour - Compat plugin (although having this enabled - which it is by default - is a good idea anyway). JCE Pro and JCE Core are now fully compatible with Joomla 3, Joomla 4 and Joomla 5!
Other changes and fixes include
- Watermarks would not be applied due to an incorrect path to the font file.Image processing would not be applied to uploaded files with mixed ASCII and UTF-8 characters in the file name.
- Resizing, thumbnailing etc. would be skipped when using drag & drop uploading when using the core Image Manager.
- A position of Top Left for a Watermark image would position the watermark incorrectly.
- Documents embedded with the File Manager using the Google Docs Viewer or Office Apps Viewer will now use an iframe.
- Use
<object>
tag in Media Field for embedding document files. - Fixed display of Media Field layouts in the front-end.
- Fixed detection of Yootheme templates when loading template styles for editor content display.
A changelog for this release is available to view here
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription.
If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
Page 4 of 77