Warning message "CKEditor version is not secure"


My browser says: This CKEditor 4.5.7 version is not secure. Consider upgrading to the latest one, 4.24.0-lts: CKEditor 4 | Visual Text Editor for HTML

Well, I found how to upgrade to 4.2.21 with the same alert:


And in Github i found the reason why from July 1st:

GitHub - ckeditor/ckeditor4: The best enterprise-grade WYSIWYG editor. Fully customizable with countless features and plugins.

In the meantime, I will switch to Tiny Editor
Any feedback will be welcome :wink:

Yes, I’ve encoountered a similar issue (see screenshot below). What to do?

It seems to suggest I need to upgrade to CKEditor 5… Is that necessary in this situation?(using phplist v3.6.12 with php version 8.2.20) There’s a cost involved in doing that and, as far as I remember, I never paid for CKEditor 4.5.7. I presume it come with the initial install.

Screen Shot 2024-07-03 at 20.54.21

Any help in clarifying the situation would be much appreciated.

Important - See this topic CKEditor shows warning message about being insecure for how to continue using CKEditor without the warning being displayed.

@miguelss Thanks for raising this issue. I am the developer of the phplist plugin for ckeditor.

Although the pop-up message is a bit annoying I think that they do have a point about people continuing to use out-dated and insecure versions of their software.

But I think that the way ckeditor is used by phplist is a bit different to other uses. In many cases ckeditor is used by one or only a small number of phplist administrators who are generally going to be trusted in what they do. In a more general use of ckeditor, say a contact form or something similar, it might be used by anonymous people with malicious intent.

In the short term the options seem to be:

  1. accept the pop-up message and continue to use the CDN version of ckeditor using a URL similar to //cdn.ckeditor.com/4.22.1/standard/ckeditor.js ckeditor 4.22.1. seems to be the final version that can be used without buying a long-term support licence.

  2. install a copy of ckeditor 4 locally. You can download version 4.22.1 and a few earlier versions from CKEditor 4 - Download Latest Version When I tried this, the last version of ckeditor I found that doesn’t show the pop-up is 4.20.2. Then follow the guidance in the plugin documentation plugin:ckeditor [phpList Resources]

ckeditor 5 looks to be substantially different to ckeditor 4 and therefore not trivial to convert the phplist plugin to use that.

1 Like

Hi @duncanc, thanks for your replay and the explanation.
And yes, you are right, the easy way is to close the pop-up :wink:
Thanks a lot for your effort and your efficiency


@miguelss @phillegg I found a way to hide the warning.

Now it will be displayed only once in a phplist login session instead of every time the Compose page is displayed. I didn’t want to hide it entirely as I think it is quite important and the admin should be aware of it.

But if you really never want to see the message then there is a setting in the CKEditor group on the Settings page

You can upgrade the CKEditor plugin to version 2.7.0 on the Manage Plugins page using the package URL

Also, I recommend using the latest version of CKEditor. On the Settings page change the URL to be version 4.22.1



@duncanc you are the best!
It works like a charm!!
Thanks a lot for your effort to create better world :muscle:

All my respect to you!!

1 Like

Any timeline on getting up to CKeditor5 in the future? I would be happy to offer assistance with any testing needed. This is really a needed item for our Marketing Team and they use it regularly.