Skip to content

TinyMCE 8.5.1 security release notes#4143

Merged
kemister85 merged 5 commits into
tinymce/8from
feature/security-release-notes/docs-8
May 20, 2026
Merged

TinyMCE 8.5.1 security release notes#4143
kemister85 merged 5 commits into
tinymce/8from
feature/security-release-notes/docs-8

Conversation

@kemister85
Copy link
Copy Markdown
Contributor

@kemister85 kemister85 commented May 20, 2026
edited
Loading

Summary

Release notes
Changelog

  • Add 8.5.1-release-notes.adoc with security fixes for TINY-14357, TINY-14353, TINY-14333
  • Update nav.adoc with 8.5.1 entry (Overview + Security fixes)
  • Update release-notes.adoc table with 8.5.1 cell
  • Update changelog.adoc with 8.5.1 security section
  • Release date: Wednesday, May 20th, 2026

Security advisories covered

Test plan

  • Verify release notes page renders correctly in preview
  • Verify nav links resolve
  • Verify changelog entry format matches conventions

kemister85 added 5 commits May 6, 2026 09:53
@kemister85
TinyMCE 8.5.1 security release notes
1fe23bf 
Add release notes page, nav entry, changelog entry, and release-notes
table cell for the TinyMCE 8.5.1 security patch release covering
TINY-14357, TINY-14353, and TINY-14333.

CVE IDs, release date, and credits are placeholders pending assignment.
@kemister85
Add security researcher credits to 8.5.1 release notes
8d55a88 
- GHSA-vg35-5wq7-3x7w: Aymane MAZGUITI and Ange Primiterra
- GHSA-v98h-vmpc-fpqv: Ivan Babenko (he1d3n)
- GHSA-q742-qvgc-gc2f: Tadi Kadango (pending permission)
@kemister85
Add missing Ivan Babenko credit to data-mce- attribute XSS fix
d1ba3af 
The GHSA-q742-qvgc-gc2f advisory credits both Tadi Kadango and
Ivan Babenko, but the pending credit comment only listed Tadi Kadango.
@kemister85
Set 8.5.1 release date to May 20, 2026
672b511
@kemister85
Fix day of week: Wednesday not Tuesday for May 20, 2026
3189bdd
@kemister85 kemister85 requested review from a team and soritaheng as code owners May 20, 2026 04:11
ShiridiGandham
ShiridiGandham approved these changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ShiridiGandham ShiridiGandham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kemister85 kemister85 merged commit b7cd289 into tinymce/8 May 20, 2026
5 checks passed
@kemister85 kemister85 deleted the feature/security-release-notes/docs-8 branch May 20, 2026 04:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShiridiGandham ShiridiGandham ShiridiGandham approved these changes

@kimwoodfield kimwoodfield kimwoodfield approved these changes

@MitchC1999 MitchC1999 MitchC1999 approved these changes

@soritaheng soritaheng Awaiting requested review from soritaheng soritaheng is a code owner

@EkimChau EkimChau Awaiting requested review from EkimChau EkimChau is a code owner automatically assigned from tinymce/documentation-team

@tiny-james tiny-james Awaiting requested review from tiny-james tiny-james is a code owner automatically assigned from tinymce/documentation-team

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kemister85 @ShiridiGandham @kimwoodfield @MitchC1999