Hello, do any of the recent versions of Umbraco 8 upgrade the version of TinyMCE to v5, or can we update it independently? We are currently on Umbraco v8.5.4.
I believe it is on the latest v4 version of TinyMCE. As its part of Core Umbraco, I don't believe it would be possible to update it independently. But it could be worth a PR to the Umbraco Repo with the upgrade to v5. The Core version has a bunch of customisations as part of it though, so you might find you have issues with things like inserting media and macros in v5.
I also have a request for this.
A penetration / vulnerability test on Umbraco version 8.9.1 flagged up a known vulnerability issues and recommended upgrading to 5.4+
The vulnerability was strangely flagged up against the Umbraco login URL.
My guess is it is included here which is probably not required.
Just to pass this penetration test It would be great if I could upgrade TinyMCE. Failing that I think there might be some way (as a plan b) of removing this from the login section which is probably not required.
Hello @keith, no my organization chose not to pursue doing the update. It is still in our backlog but we've been hoping it gets addressed by Umbraco core at some point.
Umbraco 8 TinyMCE v5
Hello, do any of the recent versions of Umbraco 8 upgrade the version of TinyMCE to v5, or can we update it independently? We are currently on Umbraco v8.5.4.
Thank you!
Hi Nathaniel,
I believe it is on the latest v4 version of TinyMCE. As its part of Core Umbraco, I don't believe it would be possible to update it independently. But it could be worth a PR to the Umbraco Repo with the upgrade to v5. The Core version has a bunch of customisations as part of it though, so you might find you have issues with things like inserting media and macros in v5.
Nik
Hi All,
I also have a request for this. A penetration / vulnerability test on Umbraco version 8.9.1 flagged up a known vulnerability issues and recommended upgrading to 5.4+
The vulnerability was strangely flagged up against the Umbraco login URL. My guess is it is included here which is probably not required.
Just to pass this penetration test It would be great if I could upgrade TinyMCE. Failing that I think there might be some way (as a plan b) of removing this from the login section which is probably not required.
Kind Regards
David
Hi @Nathaniel
Did you get this working? I am trying to get Umbraco V9 working, but it still uses TinyMCE 4 and the emoticon plugin is very old on that version.
Hello @keith, no my organization chose not to pursue doing the update. It is still in our backlog but we've been hoping it gets addressed by Umbraco core at some point.
is working on a reply...