Fwd: JCE Pro 2.9.99.4 - Security Update

[Bruce Scherzinger]

--- Forwarded message ---
From:	JCE - A Content Editor for Joomla ma...@joomlacontenteditor.net
Date:	May 28, 2026 4:17:03 AM
Subject:	JCE Pro 2.9.99.4 - Security Update
To:

JCE Pro 2.9.99.4 - Security Update View online version

JCE Pro 2.9.99.4 - Security Update This is a security maintenance release and all users are encouraged to update as soon as possible. Two related vulnerabilities have been identified and resolved in JCE Core and JCE Pro. All previous versions are affected. An authenticated user could potentially access an Editor Profile that they are not assigned to and invoke filesystem actions available to that profile, but within the restrictions of that profile. Additionally, a directory parameter could be manipulated in a filesystem search function to list folder contents outside the configured directory. Both issues have been resolved in 2.9.99.4. Exploitation required an active, authenticated Joomla session; unauthenticated access was not possible. We were made aware of this issue via an external security report and completed our investigation and fix within 24 hours. We would like to thank the reporter for submitting their findings in good faith. All JCE users should update to 2.9.99.4 at the earliest opportunity via the Joomla Update Manager or the JCE downloads area. Please Note: JCE Pro is compatible with Joomla 3.10.x, 4.2+, 5 and 6, and does not require the Backwards Compatibility plugin for Joomla 5 or Joomla 6. Download JCE Pro Other Issues Fixed Closing the Search & Replace dialog would scroll to the top of the editor content. Fix modal scrolling on small screens The Pad Empty Table Cells option was not being applied. Thank you to everyone who helped get theses releases ready by testing development versions and submitting bug reports. If you find any more issues please submit them on the forum or on github. Download and Installation The update should be available in the Extensions Update Manager on your site. Please make sure you set your key before updating. Alternatively, click the button below to access the Downloads area. Instructions for installing and updating JCE are available here. Download JCE Pro New Social Media Channnels A reminder that you can now follow us on Mastodon, Bluesky, Instagram, Threads, Facebook and Twitter / X

Need help? If you need help installing or using JCE Pro, or you have a question about Joomla, creating content or any other issue related to using the editor, please post in the Support Forum Copyright © 2026 Widget Factory (Pty) Ltd, All rights reserved. You are receiving this email because you either have an active JCE Pro Subscription or are subscribed to our mailing list. Our mailing address is: Widget Factory (Pty) Ltd The Foundry 74 Cardiff Street Cape Town 8005 South Africa Click here to unsubscribe

​