View developer's Release Notes for details - see link below.
The last but two release, JCE 2.6.26, was a SECURITY FIX.
You should therefore update your JCE Content Editor ASAP.
Always use the latest available release of any 3rd party extension.
Read on for more details about his latest release.
Why was JCE 2.6.26 a SECURITY FIX?
The previous release, JCE 2.6.25, introduced support for SVG files as an IMAGE FILETYPE by default.
Here is the developer's explanation for why the security fix is necessary:
The decision to include support for svg files by default in JCE 2.6.25 was unfortunately not well thought through. It has been brought to my attention that there is the potential for svg files to be used to execute cross-site scripting attacks, due to the fact that they are essentially a form of xml file. Although the method by which they would be embedded using the Image Manager, with the tag, prevents scripts from being executed, it would be safer to restrict the option of allowing svg files to be user defined.
About JCE 2.6
JCE 2.6.0 marked a step change in the development of our favourite 3rd party content editor for the Joomla! CMS.
The launch of JCE 2.6.0 saw the developer offering Joomlers the option of either CORE or PRO versions of the extension.
CORE version remains free.
PRO version (yearly subscription) incorporates all the subscription plugins that were previously available for separate download from the developer's website.
Reasons to upgrade to PRO
The image below nicely summarises the differences between CORE and PRO.
Visit the link below to find out about all the PRO features.
WYNCHCO Joomla! CMS Support
We coach, help and support managers with responsibility for Joomla! websites in organisations across Cheshire, Manchester, Merseyside, North West England & the UK.