Nachstehende Änderungen aus dem offiziellen Changelog zur Version 2.6.26
2.6.26 is a security release.
The decision to include support for svg files by default in JCE 2.6.25 was unfortunately not well thought through. It has been brought to my attention that there is the potential for svg files to be used to execute cross-site scripting attacks, due to the fact that they are essentially a form of xml file. Although the method by which they would be embedded using the Image Manager, with the <img> tag, prevents scripts from being executed, it would be safer to restrict the option of allowing svg files to be user defined.
Nachstehende Änderungen aus dem offiziellen Changelog zur Version 2.6.25
- Added: Support for svg files as an image filetype.
- Added: Header, Footer and Nav block elements added to the Format list.
- Changed: Revert to using images for Visual Blocks labels.
- Fixed: Images in tables could not be selected if the table was right-aligned.
- Fixed: Numbers in a list style, eg: 23. 24. etc. in unordered lists were removed when pasting from Word.
- Fixed: Copy/Cut and Paste of editor content would sometimes include incorrect formatting.
- Fixed: Copy/Cut of images in the editor that included a link would paste without the link.