I got word of concerns about the recent CKEditor 4 vulnerability that is responsible for a moderately critical vulnerability in Drupal 8. Rest assured that most Drupal 7 sites are not in danger. While both the Glazed Builder module and the Glazed installation profiles include their own copy of CKEditor 4, this vulnerability exists in an optional image plugin for CKEditor 4 "image2" that is not included in the default package of CKEditor 4 that our products carry.
The only Drupal 7 websites that are affected by this vulnerability are sites that use a custom build of CKEditor that explicitly includes the image2 plugin.
Drupal 8 does include this additional plugin, which is why Drupal 8 users should update to 8.5.2 immediately. For Drupal 7 users the commotion has actually sparked some positive deveopment: the Drupal 7 WYSIWYG module has pushed a release that supports the latest CKEditor 4.9.2. This means I can update all Sooperthemes products to CKEditor 4.9.2 and this brings us a number of bug fixes and improvements to inline editing. This update will be available tuesday.
The latest CKEditor reportedly also dropped it's reliance on the eval() function which means we can start using better Content Security Policy headers that include the unsafe-eval directive on Drupal 7 sites.
edit: I also noticed that the CKEDitor update fixes an annoying problem with cell selection. It's unfortunate that Drupal 8 core patched an older version of CKE rather than update to 4.9.2 because now the D8 core editor is still unable to select multiple cells in the same table column.
Sooperthemes Drupal 8.x-1.0 Release Planned Tuesday
After 13 months of intensive development, testing, and preparation of our product infrastructure we're finally launching our Drupal 8 page builder module and themes tuesday! In the past few weeks I've been learning a ton by talking to customers about what they like and dislike about Sooperthemes and especially the drag and drop builder. If you have any feedback or ideas for future development of Sooperthemes.com and our products just leave a comment here or use the contact form!
Update The Wording Of How Our Pricing Works: Pay Once To Use For Life. Optionally Renew Yearly For Support & Updates.
I've also updated the pricing information to reflect the fact that you can pay once to download all our products and use them forever. This is how Sooperthemes subscriptions have always worked. This was apparently not clear from the information and marketing communication on the website. You pay once and only renew if you wish to receive continued support and product updates. This subscription based payment concept is really what has made Sooperthemes a success over the past 3 years and the increased stability in revenue is what gave me the confidence to continue investing all my energy and money in developing the Glazed Builder module and our next generation themes for both Drupal 7 and 8. I also think it's fair to users of the product that they pay a small yearly contribution to continue getting support and product updates because the products are continuously in flux. Subscribers may stop the subscription at any time and continue using the products without support services.