• News
  • JCE Pro 2.9.51 released

JCE Pro 2.9.51 released

Details

JCE Pro 2.9.51 released!

This update includes an important security fix, improves support for Joomla 5, fixes a Media Field display issue introduced in the last release, fixes various issues with image processing on upload, and fixes a number of other bugs and issues reported or discovered since the last update.

Important Security Fix

We've addressed a Local File Inclusion vulnerability with this update. Here's what you need to know:

  • Affected Products: All previous versions of JCE Editor Core and JCE Editor Pro.
  • Details of the Vulnerability: A malicious user could directly access and execute code in certain PHP files located within the JCE Editor plugins folders. For instance, a user could access the foo.php file in the components/com_jce/editor/plugins/foo directory.
  • Limitations of the Vulnerability: It's essential to note that this vulnerability does not permit users to upload or position a file in a specific location. The file would need to pre-exist in that location, likely placed there due to a different exploit in another extension or from a broader site/server vulnerability.
  • Our Solution: This update eliminates any such unauthorized access and improves validation of existing filees ensuring compromised files won't be loaded.

Please contact us directly if you require further information.

Joomla 5 Support

Support for Joomla 5 has been improved, removing the need for the Behaviour - Compat plugin (although having this enabled - which it is by default - is a good idea anyway). JCE Pro and JCE Core are now fully compatible with Joomla 3, Joomla 4 and Joomla 5!

Other changes and fixes include

  • Watermarks would not be applied due to an incorrect path to the font file.Image processing would not be applied to uploaded files with mixed ASCII and UTF-8 characters in the file name.
  • Resizing, thumbnailing etc. would be skipped when using drag & drop uploading when using the core Image Manager.
  • A position of Top Left for a Watermark image would position the watermark incorrectly.
  • Documents embedded with the File Manager using the Google Docs Viewer or Office Apps Viewer will now use an iframe.
  • Use <object> tag in Media Field for embedding document files.
  • Fixed display of Media Field layouts in the front-end.
  • Fixed detection of Yootheme templates when loading template styles for editor content display.

A changelog for this release is available to view here

Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.

Download and Installation

JCE Pro is available for download with a JCE Pro Subscription.
If you already have a subscription, please make sure you set your key before updating

Instructions for installing and updating JCE for each Joomla version are available here