Facebook Instagram Mastadon Bluesky Github
  • News
  • JCE Pro 2.9.51 released

JCE Pro 2.9.51 released

Details

JCE Pro 2.9.51 released!

This update includes an important security fix, improves support for Joomla 5, fixes a Media Field display issue introduced in the last release, fixes various issues with image processing on upload, and fixes a number of other bugs and issues reported or discovered since the last update.

Important Security Fix

We've addressed a Local File Inclusion vulnerability with this update. Here's what you need to know:

  • Affected Products: All previous versions of JCE Editor Core and JCE Editor Pro.
  • Details of the Vulnerability: A malicious user could directly access and execute code in certain PHP files located within the JCE Editor plugins folders. For instance, a user could access the foo.php file in the components/com_jce/editor/plugins/foo directory.
  • Limitations of the Vulnerability: It's essential to note that this vulnerability does not permit users to upload or position a file in a specific location. The file would need to pre-exist in that location, likely placed there due to a different exploit in another extension or from a broader site/server vulnerability.
  • Our Solution: This update eliminates any such unauthorized access and improves validation of existing filees ensuring compromised files won't be loaded.

Please contact us directly if you require further information.

Joomla 5 Support

Support for Joomla 5 has been improved, removing the need for the Behaviour - Compat plugin (although having this enabled - which it is by default - is a good idea anyway). JCE Pro and JCE Core are now fully compatible with Joomla 3, Joomla 4 and Joomla 5!

Other changes and fixes include

  • Watermarks would not be applied due to an incorrect path to the font file.Image processing would not be applied to uploaded files with mixed ASCII and UTF-8 characters in the file name.
  • Resizing, thumbnailing etc. would be skipped when using drag & drop uploading when using the core Image Manager.
  • A position of Top Left for a Watermark image would position the watermark incorrectly.
  • Documents embedded with the File Manager using the Google Docs Viewer or Office Apps Viewer will now use an iframe.
  • Use <object> tag in Media Field for embedding document files.
  • Fixed display of Media Field layouts in the front-end.
  • Fixed detection of Yootheme templates when loading template styles for editor content display.

A changelog for this release is available to view here

Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit a ticket in the forum or on github.

Download and Installation

 JCE Pro is available for download with a JCE Pro Subscription.
If you already have a subscription, please make sure you set your key before updating

Instructions for installing and updating JCE for each Joomla version are available here