Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-133703

Maintain backward compatibility to enable regular CKEditor updates in older portal version


    • Type: Feature Request
    • Status: Under Review
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: CKEditor
    • Labels:


      In heavy customized portal it is difficult to migrate from one GA to another as lot of stuff needs to be verified. Various penetration tools usually concentrate on easy targets like JS library versions, not LR specific issues so the former have a higher priority for us.

      The notable JS library in LR is CKEditor. If new vulnerability is found, currently it is not very easy to apply the fix into the portal as the library is customized by LR and released in own pace. 

      If the new liferay-ckeditor is released, it is still problematic to build a module compatible with older GA version.

      One recent example:

      When updating dependencies in frontend-editor\frontend-editor-ckeditor-web (for base tag 7.3.4-ga5):

      1. updating package.json from "liferay-ckeditor": "4.14.1-liferay.6" to "liferay-ckeditor": "4.16.0-liferay.1"
      2. reverting the bundle version in bnd.bnd from Bundle-Version: 4.0.15 to Bundle-Version: 4.0.14 (to keep the actual version used in the portal)
      3. building the module using: blade gw deploy
      4. deploying the module

      we can achieve updating the CK editor version to 4.16.0 DEV, rev. 6a53f931f.

      However, there are incompatibilities preventing us using this version in production:

      Uncaught TypeError: b.stateShifter is not a function
      TypeError: Cannot read property 'add' of undefined

      Not sure what exactly is broken here, but in general, to improve the security, it would be nice to have this updating process as smooth as possible.




            rose.becerra Rose Becerra
            honyk Jan Tošovský
            0 Vote for this issue
            1 Start watching this issue




                Version Package