Try doing a pull. The "fix" is simply to turn off version checks for now. There are newly reported XSS vulnerabilities in versions of CKEditor < 4.24, but given that the editor is used only in an access controlled application by trusted users, and all input is filtered through HTMLPurifier on save, we do not believe that these issues are exploitable in CA. 4.24 is an "LTS" version that requires a license, so unfortunately we cannot distribute it.
At some point soon things will be changed to use CKEditor 5, but this is not a trivial change as v5 is not a drop-in replacement for v4. Further, there are a handful of CA-specific CKEditor plugins in use, and they will have to be entirely rewritten for v5.
