Before using JCE we recommend you check out the developer's web page detailing server requirements and more for the best experience using their excellent extension.

Read more: JCE Resource Requirements.

Visit the following link to make use of some really useful video tutorials at the developer's website.

Read more: JCE Editor Tutorials.

Release date: 22 July 2020.

JCE v2.8.15 included an important security update to prevent potential cross-site scripting attacks when using the editor.

Refer to developer's Release Notes for more information.

Read more: JCE 2.8.15 Security Fix.

Release date: 31 January 2018.

The previous JCE release (2.6.25) introduced support for SVG files as an IMAGE FILETYPE by default.

Here is the developer's explanation for why the security fix was needed.

"The decision to include support for svg files by default in JCE 2.6.25 was unfortunately not well thought through. It has been brought to my attention that there is the potential for svg files to be used to execute cross-site scripting attacks, due to the fact that they are essentially a form of xml file. Although the method by which they would be embedded using the Image Manager, with the tag, prevents scripts from being executed, it would be safer to restrict the option of allowing svg files to be user defined."

More details in the developer's Change Log.

Better still, simply use the latest available release.

Read more: JCE 2.6.26 SECURITY FIX.