TinyMCE 5.10.1

Overview

TinyMCE 5.10.1 was released for TinyMCE Enterprise and Tiny Cloud on Wednesday, November 10th, 2021. It includes TinyMCE 5.10.1 and additional changes to premium plugins. These release notes provide an overview of the changes for TinyMCE 5.10.1, including:

This is the Tiny Cloud and TinyMCE Enterprise release notes. For information on the latest community version of TinyMCE, see: TinyMCE Changelog.

Accompanying Premium Plugin changes

The following premium plugin updates were released alongside TinyMCE 5.10.1.

Advanced Code 2.3.2

The TinyMCE 5.10.1 release includes an accompanying release of the Advanced Code premium plugin.

Advanced Code 2.3.2 fixes an exception getting thrown for hints when the editor was rendered in a shadow root.

For information on the Advanced Code plugin, see: Advanced Code plugin.

PowerPaste 5.6.1

The TinyMCE 5.10.1 release includes an accompanying release of the PowerPaste premium plugin.

PowerPaste 5.6.1 fixes a bug where pasting text content with multiple items on the clipboard did not work.

For information on the PowerPaste plugin, see: PowerPaste plugin.

Accompanying Premium self-hosted server-side component changes

The TinyMCE 5.10.1 release includes accompanying changes affecting the TinyMCE self-hosted services for the following plugins:

  • The Enhanced Media Embed plugin (mediaembed)

  • The Export plugin (export)

  • The Image Tools plugin (imagetools)

  • The Link Checker plugin (linkchecker)

  • The Spell Checker Pro plugin (tinymcespellchecker)

The Java server-side components have been updated to the following versions:

  • ephox-spelling.war: 2.118.1

  • ephox-hyperlinking.war: 2.105.6

  • ephox-image-proxy.war: 2.105.5

This version requires Java 8 or higher. For information on the removal of Java 7 support, see: Removal of Java 7 support for TinyMCE 5.3 and later.

For information on:

During further scans, some vulnerable dependencies were missed in this release. As such, these security issues have not been resolved in the 5.10.1 release and will be resolved in an upcoming release. Note that no details of the security vulnerabilities have been publicly disclosed at the time of release.

All 3 server-side components have been updated to include dependency updates addressing security issues. This includes High severity vulnerability fixes.

Invalid links for unresolvable (non-existent) hosts are correctly identified and highlighted in the editor.

Updating the self-hosted server-side components

The new versions of the server-side services provide updates for the Java-based server-side components. To deploy the updated version of the server-side components:

  1. Update your Java Application Server to the minimum required version:

    • Eclipse Jetty 9.4 or later

    • Apache Tomcat:

      • 9 or later

      • 8.5.12+

      • 8.0.42+

      • 7.0.76+

  2. Replace the existing server-side .war files with the .war files bundled with TinyMCE 5.10.1 or later.

For information on:

General bug fixes

TinyMCE 5.10.1 provides fixes for the following bugs:

  • The iframe aria help text was not read by some screen readers.

  • Clicking the forecolor or backcolor toolbar buttons would do nothing until selecting a color.

  • Crop functionality did not work in the imagetools plugin when the editor was rendered in a shadow root.

  • Fixed an exception thrown on Safari when closing the searchreplace plugin dialog.

  • The autolink plugin did not convert URLs to links when starting with a bracket.

  • The autolink plugin incorrectly created nested links in some cases.

  • Tables could have an incorrect height set on rows when rendered outside of the editor.

  • In certain circumstances, the table of contents plugin would incorrectly add an extra empty list item.

  • The insert table grid menu displayed an incorrect size when re-opening the grid.

  • The word count plugin was treating the zero width space character (​) as a word.

Security fixes

TinyMCE 5.10.1 provides fixes for the following security issues:

During further scans, some vulnerable dependencies were missed in this release. As such, these security issues have not been resolved in the 5.10.1 release and will be resolved in an upcoming release. Note that no details of the security vulnerabilities have been publicly disclosed at the time of release.

All 3 server-side components have been updated to include dependency updates addressing security issues. This includes High severity vulnerability fixes.

For information on the server-side components updates, see: Accompanying Premium self-hosted server-side component changes.

Upgrading to the latest version of TinyMCE 5

The procedure for upgrading to the latest version of TinyMCE 5 depends on the deployment type.

Upgrading Tiny Cloud

Tiny Cloud provides the latest enterprise version of TinyMCE. For information on configuring Tiny Cloud, see: the Cloud deployment guide.

Upgrading TinyMCE Self-hosted manually

To upgrade to TinyMCE 5.10 using a manually downloaded package:

  1. Backup the tinymce/ directory so any customizations can be restored after the upgrade.

    Customizations for TinyMCE are typically stored in the following directories:

    tinymce/
    ├── icons/
    ├── langs/
    ├── plugins/
    ├── skins/
    │   ├── content/
    │   └── ui/
    └── themes/
  2. Download the latest version of TinyMCE.

    • For the TinyMCE Community Version, download tinymce_<VERSION>.zip from Get TinyMCE - Self-hosted releases, where <VERSION> is the latest version of TinyMCE.

    • For the TinyMCE Enterprise Version, download the TinyMCE Enterprise Bundle from Tiny Account > Downloads. The downloaded file will be named enterprise_latest.zip.

  3. Extract the downloaded .zip file to a temporary location.

  4. (If required) Install the latest language packs from Get TinyMCE - Language Packages.

  5. Copy customizations to the new tinymce/ directory. Ensure that only custom changes are added the new tinymce/ directory, such as:

    • Custom icons packs

    • Custom plugins

    • Custom skins

    • Custom themes

  6. Delete the existing tinymce/ directory and replace with the new tinymce/.

To simplify the upgrade process to future versions of TinyMCE:

  1. Host the TinyMCE customizations outside of the tinymce/ directory.

  2. Update your TinyMCE configuration as required:

    • Set the location of content CSS customizations using content_css.

    • Set the location of custom plugins using external_plugins.

    • Set the location of custom icon packages using icons_url instead of icons.

    • Set the location of custom localization packages using language_url instead of language.

    • Set the location of custom skin packages using skin_url instead of skin.

    • Set the location of custom themes using theme_url instead of theme.