Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-133703

Maintain backward compatibility to enable regular CKEditor updates in older portal version

    Details

    • Type: Feature Request
    • Status: Under Review
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: CKEditor
    • Labels:
      None

      Description

      In heavy customized portal it is difficult to migrate from one GA to another as lot of stuff needs to be verified. Various penetration tools usually concentrate on easy targets like JS library versions, not LR specific issues so the former have a higher priority for us.

      The notable JS library in LR is CKEditor. If new vulnerability is found, currently it is not very easy to apply the fix into the portal as the library is customized by LR and released in own pace. 

      If the new liferay-ckeditor is released, it is still problematic to build a module compatible with older GA version.

      One recent example:

      When updating dependencies in frontend-editor\frontend-editor-ckeditor-web (for base tag 7.3.4-ga5):

      1. updating package.json from "liferay-ckeditor": "4.14.1-liferay.6" to "liferay-ckeditor": "4.16.0-liferay.1"
      2. reverting the bundle version in bnd.bnd from Bundle-Version: 4.0.15 to Bundle-Version: 4.0.14 (to keep the actual version used in the portal)
      3. building the module using: blade gw deploy
      4. deploying the module

      we can achieve updating the CK editor version to 4.16.0 DEV, rev. 6a53f931f.

      However, there are incompatibilities preventing us using this version in production:

      Uncaught TypeError: b.stateShifter is not a function
      TypeError: Cannot read property 'add' of undefined

      Not sure what exactly is broken here, but in general, to improve the security, it would be nice to have this updating process as smooth as possible.

        Attachments

          Activity

            People

            Assignee:
            rose.becerra Rose Becerra
            Reporter:
            honyk Jan Tošovský
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Packages

                Version Package