Details

Created: 10 November 2023

UPDATE: JCE Pro 2.9.54 has been released to address further issues with Joomla 3 Form Field compatability.

This is a maintenance update to fix a few mainly Joomla 3 related issues that were unfortunately introduced with the last update, and a fix for the editor not loading in SP PageBuilder 5.1.6 and earlier.

Details

Created: 08 November 2023

JCE Pro 2.9.52 released!

This update fixes a few bugs and issues reported or discovered since the last release, adds "Phase 1" of Dark Mode support to the JCE Admin, and a fix for a mutation cross-site scripting (mXSS) vulnerability via our friends at Tinymce.

Tinymce mXSS Vulnerability Fix

Our friends at Tiny recently released an update to the TinyMCE editor that included a fix for a mutation cross-site scripting (mXSS) vulnerability. Although JCE uses a forked and modified version of Tinymce, this vulnerability appears to be present in previous versions of JCE, so a fix is included in this update. You can read more about it in the TinyMCE release notes.

As always with exploit attempts executed through content input, it is important to always restrict access where possible to trusted users and limit features where necessary.

Dark Mode - Phase 1

Joomla 5 was released with support for Dark Mode in the Admin template and this update adds Dark Mode support to the JCE Admin, excluding the JCE File Browser. Phase 2, which will hopefully be included in the next update, will include full Dark Mode support for the JCE Editor.

Other changes and fixes include

• PRO Columns parameters set in Editor Profiles would not be applied.
• PRO Adding a custom value to the Classes list in the Columns dialog would not correctly apply it and reset the filtered list.
• PRO Internal Columns classes were incorrectly added to the Styles list.
• Removed the middot character from non-breaking space Visual Characters representation to avoid selection confusion and improve backspace delete responsiveness.
• Editor would fail to load if the Joomla core.js script file was loaded after the JCE Editor scripts.
• Installed plugins, eg: ChatGPT would give an Invalid Plugin error when opening or sending requests.
• Creating a list on a multi-line selection would wrap all content in the list when Container & Enter Key was set to None:Linebreak.
• Fixed deprecated "Joomla.editors" script errors in Joomla 5. 
• Some editor-xtd buttons eg: Regularlabs ContentTemplater, would not operate correctly when the Joomla button was added to the editor toolbar.
• Fixed a PHP "ListField" error when saving an Editor Profile in Joomla 3.

Details

Created: 18 October 2023

JCE Pro 2.9.51 released!

This update includes an important security fix, improves support for Joomla 5, fixes a Media Field display issue introduced in the last release, fixes various issues with image processing on upload, and fixes a number of other bugs and issues reported or discovered since the last update.

Important Security Fix

We've addressed a Local File Inclusion vulnerability with this update. Here's what you need to know:

• Affected Products: All previous versions of JCE Editor Core and JCE Editor Pro.
• Details of the Vulnerability: A malicious user could directly access and execute code in certain PHP files located within the JCE Editor plugins folders. For instance, a user could access the foo.php file in the components/com_jce/editor/plugins/foo directory.
• Limitations of the Vulnerability: It's essential to note that this vulnerability does not permit users to upload or position a file in a specific location. The file would need to pre-exist in that location, likely placed there due to a different exploit in another extension or from a broader site/server vulnerability.
• Our Solution: This update eliminates any such unauthorized access and improves validation of existing filees ensuring compromised files won't be loaded.

Please contact us directly if you require further information.

Joomla 5 Support

Support for Joomla 5 has been improved, removing the need for the Behaviour - Compat plugin (although having this enabled - which it is by default - is a good idea anyway). JCE Pro and JCE Core are now fully compatible with Joomla 3, Joomla 4 and Joomla 5!

Other changes and fixes include

• Watermarks would not be applied due to an incorrect path to the font file.Image processing would not be applied to uploaded files with mixed ASCII and UTF-8 characters in the file name.
• Resizing, thumbnailing etc. would be skipped when using drag & drop uploading when using the core Image Manager.
• A position of Top Left for a Watermark image would position the watermark incorrectly.
• Documents embedded with the File Manager using the Google Docs Viewer or Office Apps Viewer will now use an iframe.
• Use <object> tag in Media Field for embedding document files.
• Fixed display of Media Field layouts in the front-end.
• Fixed detection of Yootheme templates when loading template styles for editor content display.

Details

Created: 28 September 2023

This update improves compatability across Joomla 3, Joomla 4 and the forthcoming Joomla 5 and includes significant changes to the structure of the JCE Editor package, moving all media assets (javascript, css and images files) to the Joomla media folder and updating JCE installed plugin support for standardized element names and the Joomla 4+ plugin structure. Considering the number of changes in this release, it is available initially as a direct download only, and will be pushed to the update server next week.

A new Font Awesome plugin is also available for download, which adds a styled list of Font Awesome icons to the editor toolbar, to easily select and insert Font Awesome icons into content for front-end display in supporting templates.

Details

Created: 23 August 2023

The ChatGPT plugin is now Aia - Ai Assistant

The ChatGPT plugin has undergone a major enhancement. It now includes Custom Preset Prompts and advanced AI-driven analysis of selected editor content. Users can conveniently view suggested edits and choose to accept or reject individual modifications or all proposed changes at once.

Please Note: Any editor content chosen for processing is transmitted in full to the ChatGPT AI. As such, it falls under the Privacy Policy or any other terms outlined in your agreement with ChatGPT

Custom Preset Prompts

Preset Prompts can be easily created within the Plugin Parameters by assigning a Name and a Prompt instruction. These prompts can either be utilized on selected HTML content or employed to generate fresh text. Preset Prompts will be accessible from the ChatGPT button menu.

Accept or Reject Edits

Before inserting AI-processed content, users can preview the differences made to the selected content. If the Show Differences option is activated during insertion, these alterations will be highlighted within the editor. Users then have the flexibility to accept or reject changes, either on an individual basis or collectively.

The plugin can be downloaded from here. A JCE Pro Subscription is required.