About 2024 Release 2

Security Fix Release for Events Rx

This release of Events Rx resolves an issue with CKEditor, a third-party rich text editing tool used in Salesforce Visualforce components.

Background/Issue

CKEditor, a text editing tool integrated into Salesforce's Visualforce components, provides a WYSIWYG (What You See Is What You Get) interface for content creation and editing. In Events Rx, this rich text editor is used for customizing Event (Campaign) registration pages.

CKEditor's security team recently identified and addressed a theoretical vulnerability in versions 4.22 and beyond. This potential cross-site scripting (XSS) issue, while low risk, has been patched by the developer.

However, because of the CKEditor patch, you may see a message like the following in the Registration Page Description field of an Event (2024 Release 1 or earlier).

It is not necessary to follow the instructions in the above message or click the link to upgrade the tool. CKEditor has ended support for all 4.x versions and is now asking users to either purchase a limited-time Extended Support Model, or migrate to CKEditor's premium version 5.

Note:

Starting in their Spring '21 release, Salesforce identified security vulnerabilities in CKEditor. Click here for historical information and affected features.

Solution: Upgrade to 2024 Release 2

To resolve this issue at no additional cost, we recommend that all of our clients upgrade to Events Rx 2024 Release 2 (v6.30 or later). Please visit the Upgrade and Testing Instructions for package installation links. No other ERX products are affected by this security risk. Additionally, Visits are not affected.

Remember:

As a best practice, please install and test in a sandbox before pushing to production.