openSUSE: 2025:0008-1 moderate: python-django-ckeditor Advisory Security Update


   openSUSE Security Update: Security update for python-django-ckeditor
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2025:0008-1
Rating:             moderate
References:         #1219720 
Cross-References:   CVE-2024-24815
Affected Products:
                    openSUSE Backports SLE-15-SP5
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for python-django-ckeditor fixes the following issues:

   - Update to 6.7.2
     * Deprecated the package.
     * Added a new ckeditor/fixups.js script which disables the version check
       again (if something slips through by accident) and which disables the
       behavior where CKEditor 4 would automatically attach itself to
       unrelated HTML elements with a contenteditable attribute (see
       CKEDITOR.disableAutoInline in the CKEditor 4 docs).
   - CVE-2024-24815: Fixed bypass of Advanced Content Filtering mechanism
     (boo#1219720)

   - update to 6.7.1:
     * Add Python 3.12, Django 5.0
     * Silence the CKEditor version check/nag but include a system check
       warning

   - update to 6.7.0:
     * Dark mode fixes.
     * Added support for Pillow 10.

   - update to 6.6.1:
     * Required a newer version of django-js-asset which actually works with
       Django 4.1.
     * CKEditor 4.21.0
     * Fixed the CKEditor styles when used with the dark Django admin theme.

   - update to 6.5.1:
     * Avoided calling ``static()`` if ``CKEDITOR_BASEPATH`` is defined.
     * Fixed ``./manage.py generateckeditorthumbnails`` to work again after
       the image uploader backend rework.
     * CKEditor 4.19.1
     * Stopped calling ``static()`` during application startup.
     * Added Django 4.1
     * Changed the context for the widget to deviate less from Django.
       Removed a
     * few template variables which are not used in the bundled
     * ``ckeditor/widget.html`` template. This only affects you if you are
       using a
     * customized widget or widget template.
     * Dropped support for Python < 3.8, Django < 3.2.
     * Added a pre-commit configuration.
     * Added a GitHub action for running tests.
     * Made selenium tests require opt in using a ``SELENIUM=firefox`` or
       ``SELENIUM=chromium`` environment variable.
     * Made it possible to override the CKEditor template in the widget class.
     * Changed ``CKEDITOR_IMAGE_BACKEND`` to require dotted module paths (the
       old identifiers are still supported for now).


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP5:

      zypper in -t patch openSUSE-2025-8=1



Package List:

   - openSUSE Backports SLE-15-SP5 (noarch):

      python311-django-ckeditor-6.7.2-bp155.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2024-24815.html
   https://bugzilla.suse.com/1219720
Get the Latest News & Insights
openSUSE: 2025:0008-1 moderate: python-django-ckeditor Advisory Security Update

Description

Patch

Package List

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
