Skip to content

fix(deps): bump ckeditor5 from 45.2.2 to v47 (main)#12518

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/main-npm-ckeditor5-vulnerability
Open

fix(deps): bump ckeditor5 from 45.2.2 to v47 (main)#12518
renovate[bot] wants to merge 1 commit intomainfrom
renovate/main-npm-ckeditor5-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 5, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
ckeditor5 (source) ^45.2.2^47.0.0 age confidence

GitHub Vulnerability Alerts

CVE-2026-28343

Impact

A Cross-Site Scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration.

This vulnerability affects only installations where the editor configuration meets the following criteria:

Patches

The problem has been recognized and patched. The fix will be available in version 47.6.0 (and above).

Workarounds

CKEditor 5 recommends configuring General HTML Support securely to ensure that unsafe content is not accepted. Please refer to the Security section for detailed guidance.

Credits

CKEditor 5 would like to thank:

  • Emilio Kevin
  • Jeongwoo Lee, Younsoung Kim, Minseok Kim and Jinyeong Kim from ENKI Whitehat

for responsibly reporting this vulnerability.

For more information

Email us at security@cksource.com if you have any questions or comments about this advisory.

CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package

CVE-2026-28343 / GHSA-jrqm-vmqc-gm93

More information

Details

Impact

A Cross-Site Scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration.

This vulnerability affects only installations where the editor configuration meets the following criteria:

Patches

The problem has been recognized and patched. The fix will be available in version 47.6.0 (and above).

Workarounds

CKEditor 5 recommends configuring General HTML Support securely to ensure that unsafe content is not accepted. Please refer to the Security section for detailed guidance.

Credits

CKEditor 5 would like to thank:

  • Emilio Kevin
  • Jeongwoo Lee, Younsoung Kim, Minseok Kim and Jinyeong Kim from ENKI Whitehat

for responsibly reporting this vulnerability.

For more information

Email us at security@cksource.com if you have any questions or comments about this advisory.

Severity

  • CVSS Score: 6.4 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

ckeditor/ckeditor5 (ckeditor5)

v47.6.0

Compare Source

We are excited to announce the release of CKEditor 5 v47.6.0.

Security update

A Cross-Site Scripting (XSS) vulnerability has been discovered in the General HTML Support feature (CVE-2026-28343). This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution if the editor instance used an unsafe General HTML Support configuration.

This vulnerability affects only installations where the editor configuration meets the following criteria:

You can read more details in the relevant security advisory and contact us if you have more questions.

Release highlights

This release introduces new list indentation capabilities and expands the customization options for CKEditor AI, giving integrators more control over the AI-powered editing experience.

⭐ CKEditor AI On-premises available

CKEditor AI is now available as an on-premises deployment, giving you full control over the AI service by running it on your infrastructure. The on-premises version supports everything the cloud option offers, plus:

  • Custom AI models and providers — use your models from OpenAI, Google Cloud, Microsoft Azure, or self-hosted solutions.
  • MCP (Model Context Protocol) support — extend the AI with custom external tools by connecting MCP servers, enabling use cases like searching internal knowledge bases or querying company databases directly from the AI chat.

Learn more about deployment options and MCP support.

⭐ Custom AI Review checks

The AI Review feature now supports custom review commands defined by integrators. Until now, the review was limited to built-in commands like proofreading, clarity, readability, and tone adjustment. With this release, you can create review commands tailored to your editorial guidelines, brand voice, or domain-specific quality standards.

Custom commands are registered via config.ai.review.extraCommands and made visible in the UI through config.ai.review.availableCommands. The same option lets you reorder, filter, or shorten the list of built-in commands to match your needs. See the documentation for details.

⭐ AI Chat Shortcuts

We are introducing AI Chat Shortcuts, a new opt-in plugin that displays configurable shortcut buttons in the AI Chat panel before the first message is sent. Shortcuts provide clear, actionable entry points that guide users toward the most useful AI capabilities. From launching a predefined prompt to starting a specific review or translation flow to navigating directly to the Review or Translate tab.

Integrators define shortcuts with a name, icon, and an action. Each shortcut can also configure which AI capabilities (model, web search, reasoning) are active for the prompt. Learn more in the documentation.

List indentation improvements

We're streamlining and standardizing the way list indentation is handled. With improved UX, it's now possible to indent whole lists and also individual list items with consistent styling and no custom implementation required.

This improvement is compatible with Paste from Office, Export to Word, Export to PDF, and Track Changes plugins. It also provides RTL support.

Upgrade @aws-sdk/client-bedrock-runtime to the latest version

We upgraded @aws-sdk/client-bedrock-runtime to the latest version to address a recently disclosed security vulnerability in the fast-xml-parser dependency. We marked this update as a minor breaking change due to the use of dynamic imports in one of the underlying packages, which may impact certain build environments.

[!WARNING]
The action is required only if you use the legacy CKEditor AI Assistant with a dedicated editor bundle.

If you use webpack to build an editor bundle, configure it to bundle dynamic imports eagerly:

module: {
  parser: {
    javascript: {
      dynamicImportMode: 'eager'
    }
  }
}

If you do not use CKEditor AI with a dedicated bundle, no action is required.

Incoming old installation methods sunset reminder

Please note that the old installation methods will only remain available up to CKEditor 5 v48.0.0, which is planned for release at the beginning of Q2 2026. For more timeline details, refer to the dedicated GitHub issue.

In CKEditor 5 v42.0.0 in June 2024, we introduced new installation methods designed to improve and simplify the developer workflow. Soon, they will be the only available paths to install and use CKEditor 5.

If your project still relies on old installation methods, now is a good time to plan your next steps. We recommend choosing between these two options:

  1. Migrate to the new installation methods, which are the recommended path for most users. The new installation methods provide a cleaner setup, easier upgrades, and better alignment with future CKEditor 5 releases.
  2. Consider CKEditor 5 Long-Term Support (LTS). If migrating in the near term is not feasible, you can extend support for legacy installation methods.
MINOR BREAKING CHANGES ℹ️

  • ai: Simplified the default greeting message shown when starting a new AI Chat conversation. To restore the previous message content, set config.ai.chat.welcomeMessage to the following:

    "Hi, I'm your AI assistant. Think of me as your writing buddy, reviewer, or research partner. I can suggest changes to your document, help generate ideas, offer feedback, discuss attached files, and much more!"

  • ai: Updated @aws-sdk/client-bedrock-runtime to version 3.994.0. This update introduced dynamic imports in a dependency, which may affect some build environments.

Features

  • ai: Added the config.ai.review.availableCommands configuration option to customize which review commands are shown in the AI Review tab.

  • ai: Introduced the AIChatShortcuts plugin, which displays configurable shortcuts in the AI Chat feed when starting a new conversation.

  • ai: Added support for custom AI Review commands. Custom commands can now be configured using config.ai.review.extraCommands.

  • export-pdf: Added the enable_mirror_margins option to the V2 PDF export converter API, allowing margins to alternate between odd and even pages for double-sided layouts.

  • html-support: Added support for the [sandbox] attribute on <iframe> elements rendered in the editing view. Filtering rules can be adjusted using the htmlSupport.htmlIframeSandbox configuration option.

  • indent: Added list indentation integration to the IndentBlock feature (enabled by default). Closes #​19490.

    Added commands for whole-list indentation (indentBlockList and outdentBlockList) and list-item indentation (indentBlockListItem and outdentBlockListItem). Indentation can be rendered using margin-left/margin-right styles (offset-based) or CSS classes (class-based).

  • list: Added support for the arabic-indic list style type in the list properties plugin. Closes #​19802.

Bug fixes
  • ai: Fixed an issue where using DLLs for the AI package together with the TrackChanges plugin could fail due to a SuggestionConversion plugin conflict.
  • ai: Fixed an issue where AI Quick Actions content overflowed in the preview window.
  • ai: Starting or loading an AI chat conversation no longer closes unrelated open dialogs in the editor.
  • ai: Displayed the Selected content label instead of "" when the Ask AI action is used on selections that include non-text content, such as an image without a caption.
  • ai: Displayed text from all selected table cells in the chat context pill after using Ask AI on a selection inside a table.
  • ai: AI Review and AI Translate no longer throw errors when users click "Stop generating" after some changes have already been generated.
  • engine: Treated the [srcdoc] attribute of <iframe> elements as unsafe and sanitized it in the editing pipeline. Restricted the [src] attribute of <iframe> elements to disallow javascript: and data: URLs containing whitespace characters.
  • link: Added support for defining multiple manual link decorators that operate on the same attributes. If an automatic decorator conflicts with a manual one, only the manual one is used. Closes #​19695.
  • table: Improved accessibility by reflecting table captions in the figure element aria-labelledby attribute. This change improves screen reader labeling for tables. Closes #​15979.
  • table: Preserved the <figure> wrapper on content tables when table.tableLayout.stripFigureFromContentTable is set to false and the layout tables plugin is enabled. Closes #​19771.
  • track-changes: Fixed an issue causing plugin conflicts when using the TrackChanges DLL together with certain features, such as AI.
Other changes
  • ai: Added the config.ai.chat.welcomeMessage configuration option to customize the greeting message shown in the AI Chat feed when starting a new conversation.
  • Updated translations.
Released packages

Check out the Versioning policy guide for more information.

Released packages (summary)

Minor releases (contain minor breaking changes):

Releases containing new features:

Other releases:

v47.5.0

Compare Source

We are happy to announce the release of CKEditor 5 v47.5.0.

Release highlights

CKEditor 5 v47.5.0 is a minor update that improves AI-assisted editing workflows and provides access to the new version of the Export to PDF feature.

AI Translate

The AI Translate feature of CKEditor AI allows users to translate entire documents on the go. It provides a user interface similar to AI Review, but with translation-specific actions to streamline the process. The translation view displays the final translated document, with original snippets shown on the side for review and comparison.

Multiple Changes revamp and other AI improvements

We improved how multiple changes proposed by the AI Chat feature are presented. Suggested changes now appear as cards that can be previewed in the content and applied consistently in both single-change and multi-change scenarios. This release also includes several under-the-hood improvements.

Export to PDF v2

The export to PDF feature now supports version 2 of the HTML to PDF converter API, bringing several powerful enhancements to document generation.

Advanced header and footer configurations allow for different content on first, odd, and even pages, with support for images. Page sizes can now be set using predefined formats or custom width and height values. The new converter API also enables editing of PDF metadata fields such as title, subject, and author.

Security capabilities have been expanded with owner password protection for controlling permissions and digital signature support using PKCS#12 certificates for authenticity verification. Additional improvements include compression control for specific use cases, more precise rendering options, and experimental automatic outline generation for creating a table of contents.

Incoming old installation methods sunset reminder

Please note that the old installation methods will no longer be available with CKEditor 5 v48.0.0, which is planned for release at the beginning of Q2 2026. For more timeline details, refer to the dedicated GitHub issue.

In CKEditor 5 v42.0.0 in June 2024, we introduced new installation methods designed to improve and simplify the developer workflow. Soon, they will be the only available paths to install and use CKEditor 5.

If your project still relies on old installation methods, now is a good time to plan your next steps. We recommend choosing between these two options:

  1. Migrate to the new installation methods, which are the recommended path for most users. The new installation methods provide a cleaner setup, easier upgrades, and better alignment with future CKEditor 5 releases.
  2. Consider CKEditor 5 Long Term Support (LTS). If migrating in the near term is not feasible, you can extend support for legacy installation methods.

Please refer to the update guide to learn more about these changes.

MINOR BREAKING CHANGES ℹ️

  • ai: The ai.reviewMode.translations configuration option has been moved to ai.translate.languages. The ai.reviewMode configuration namespace has been removed.

    Together with the introduction of AI Translate feature and a separate translation tab, the configuration option to define a custom language list
    has been moved to a related ai.translate namespace.

  • ai: The AIEditorIntegration plugin is now required to preview the changes suggested by the AI Chat feature in a dialog window. Previously, this functionality was enabled by just loading the main AIChat plugin. Please make sure your integration loads the AIEditorIntegration plugin in order to use this functionality.

  • ai: The DOM structure of the AI Chat suggestions in conversation has been changed, which may affect integrations that customized the UI and/or rely on specific CSS selectors.

    Please make sure to update your integrations to use the new DOM structure. Learn more about the changes in the migration guide provided in the project documentation.

  • ai: The DOM structure of the AI Chat suggestion preview dialog window has been changed which may affect integrations that customized the UI and/or rely on specific CSS selectors.

    Please make sure to update your integrations to use the new DOM structure. Learn more about the changes in the migration guide provided in the project documentation.

  • ai: AIChat#sendMessage() takes attributes: Record<string, unknown> as one of its parameters now, in place of former quickActionData. This affects you only if you provided some customizations for the CKEditor AI chat feature.

  • ai: Already existing chat conversations, which were created through AI Quick Action (e.g. "Explain" or "Summarize"), when loaded from chat history, will now display a full prompt instead of the short version. This affects only already created conversations.

  • ai: Replaced ai.chat.models.modelSelectorAlwaysVisible configuration option with ai.chat.models.showModelSelector. The behavior has also been slightly updated. When set to true (default), the model selector dropdown is shown (when multiple models are available), or the model name is displayed (when only one model is available). When set to false, the selector is hidden, regardless of the number of available models.

  • ai: The model's configuration options have been moved from config.ai.chat.models to config.ai.models to ensure consistent model configuration across all AI features. The model configuration is now applied uniformly in both AI Chat and AI Review Mode.

Features

  • ai: Introduced the AI Translation tab.

    A new tab dedicated to translating content has been introduced to CKEditor 5 AI. It focuses on working with translated content, streamlining
    the process of applying translation and making the whole process easier and faster for end users.

  • ai: Introduced a new look and improved operation of the AI Chat sidebar.

    • The list of changes proposed by the AI now features a sleeker design and includes a button to apply individual changes.
    • You can now preview suggested changes in a dialog window by clicking on a change in the sidebar.
    • The AI suggestion preview dialog window has been made more compact for enhanced usability.
    • Various bug fixes and other improvements.

  • ai: Introduced AIChat#registerToolDataCallback(). It allows for handling custom data generated by your AI tools connected to CKEditor AI backend.

  • ai: Introduced an API to allow inserting arbitrary HTML into the AI Chat feed, during AI response streaming.

    The API is passed as one of the parameters to the callback registered using AIChat#registerToolDataCallback().

  • ai: Introduced configuration option ai.chat.initialConversation that manages whether a new, or an existing past conversation is initially loaded in the AI Chat.

  • ai: Added a new configuration option, ai.chat.context.customItems, that allows using external context providers and custom context items (for example, IDs instead of actual files).

  • export-pdf: Add support for version 2 of the HTML to PDF converter API.

Bug fixes

  • image, paste-from-office: Images aligned left or right with wrapped text around them should now be correctly pasted and imported from Word into the editor. Previously, such images were incorrectly aligned using block left or block right styles. Closes #​19636.

  • ai: The AI Review active suggestion highlight in the editor content no longer disappears due to content changes made by other users in RTC.

  • ai: The AI Review suggestions content in the sidebar is styled the same way as the editor content, giving it a uniform look.

  • ai: Fixed an issue where web search sources were not displayed correctly when loading conversations from chat history.

  • ai: The "Add context" button in AI chat will no longer be disabled if the only available context are external resources.

  • ai: Fixed an error when custom AI Quick Actions used a model that was not available in AI Chat.

  • ai: Accepting suggestions from conversations loaded via chat history no longer throws errors in the console.

  • ai: Fixed an issue where messages loaded from chat history could be incorrectly duplicated in a conversation.

  • ai: AIQuickActionsUI now requires AIConnector to prevent authentication bugs when run standalone.

  • comments: Fixed an issue where inline annotations were not displayed correctly when the editor was initialized in a hidden container.

  • email: Table block alignment now behaves as expected in Microsoft Outlook, preventing text from wrapping around the table when it shouldn't.

  • html-support: An inline content (<img>) should not be stripped out of <div> inside of <dd> tag. Closes #​19709.

  • table: Resizing the last column of a layout table no longer increases the column size more than expected. Closes #​19644.

  • table: Fixed parsing units of deprecated table width attribute. Closes #​19665.

  • ui: BalloonToolbar will no longer reposition itself when invisible in the ContextualBalloon stack. Closes #​19696.

    This prevents interfering with other features that might be using the ContextualBalloon stack.

  • utils: Rect#getDomRangeRects() now sets the DOM Range as a source for each returned Rect, improving visibility and positioning of floating UIs that depend on Rect#getVisible(). Closes #​19705.

  • utils: Rect#getVisible() should better discover relationships between positioned and clipping parents. Closes #​19707.

    This avoids issues with floating UIs that depend on Rect#isVisible() and do not hide when they should.

Other changes

  • basic-styles, engine, font, highlight, language: Fixed a discrepancy where applying a text attribute (such as bold) to a selection that included empty paragraphs did not set stored selection attributes on those paragraphs. See #​19664. Closes #​18430.

  • ai: Suggestions shown in AI Review sidebar now include all formatting (bold, italics, etc.) and non-plain text elements (for example, links).

  • ai: AIChat#sendMessage() now allows passing attributes (arbitrary custom metadata) together with the submitted user message. You can also pass attributes.displayedPrompt to display a different prompt instead of the one used to query the AI model (userMessage).

  • ai: If there is only one source of AI chat context available, it will be automatically selected when the "Add context" button is pressed instead of showing a dropdown with only one option.

  • ai: As more models are supported by the AI feature, only a set of recommended models will be displayed in the AI chat models dropdown. You can configure the list of displayed models via ai.chat.models.displayedModels in the config.

  • ai: Conversations loaded from chat history are no longer blocked for models that are not recommended or not displayed, as long as the provider supports the model.

  • ai: Replaced ai.chat.models.modelSelectorAlwaysVisible configuration option with ai.chat.models.showModelSelector. When set to true (default), the model selector dropdown is shown (when multiple models are available), or the model name is displayed (when only one model is available). When set to false, the selector is hidden, regardless of the number of available models.

  • ai: Added a clear explanation in AI Chat for conversations loaded from history, explaining why AI proposals (document modifications) for past conversations cannot be applied or added as suggestions.

  • ai: The model's configuration options have been moved from config.ai.chat.models to config.ai.models to ensure consistent model configuration across all AI features. The model configuration is now applied uniformly in both AI Chat and AI Review Mode.

  • ai: Upgrade fast-xml-parser to version 5.3.4 to address security advisories reported by automated scanners. CKEditor 5 does not rely on the affected code paths and is not impacted.

  • icons: Added new icons: IconBoxWithCheck, IconBoxWithCross, IconBoxWithPin.

  • import-word: Added the undoStepBatch property to the dataInsert event. It allows including custom model changes (side effects) in the same undo step as the import operation.

  • Optimized compression and decompression mechanisms used in real-time collaboration to avoid delays when a user joins a document that was heavily edited.

  • Update diff dependency to address security advisories reported by automated scanners.

    The affected functions (parsePatch(), applyPatch()) are not used in this project (we only rely on diffArrays()), so this change is released primarily to reduce false-positive security alerts.

Released packages

Check out the Versioning policy guide for more information.

Released packages (summary)

Minor releases (contain minor breaking changes):

Releases containing new features:

Other releases:

Configuration

📅 Schedule: Branch creation - "before 7am every weekday" in timezone Europe/Vienna, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
fix(deps): bump ckeditor5 from 45.2.2 to v47
709d9ff 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/main-npm-ckeditor5-vulnerability branch from e02d7f0 to 709d9ff Compare March 5, 2026 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst ChristophWurst is a code owner

@GretaD GretaD Awaiting requested review from GretaD GretaD is a code owner

@kesselb kesselb Awaiting requested review from kesselb kesselb is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants