diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4fc71e22..2aa0a146 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ### zeronet-conservancy 0.7.9+
+- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus)
 
-### zeronet-conservancy 0.7.9 (2023-07-02)
+### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35)
 maintainers: @caryoscelus -> none
 - update README (build/dev instructions; thanks to @fgaz)
 - better debugging of update non-propagation
diff --git a/plugins/UiFileManager/media/codemirror/all.js b/plugins/UiFileManager/media/codemirror/all.js
index ef2a423a..4b87e42d 100644
--- a/plugins/UiFileManager/media/codemirror/all.js
+++ b/plugins/UiFileManager/media/codemirror/all.js
@@ -17366,7 +17366,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
           var kw = keywords[word]
           return ret(kw.type, kw.style, word)
         }
-        if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+	// backported ReDoS fix from
+	// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
+	// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+	if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
           return ret("async", "keyword", word)
       }
       return ret("variable", "variable", word)
diff --git a/plugins/UiFileManager/media/codemirror/mode/javascript.js b/plugins/UiFileManager/media/codemirror/mode/javascript.js
index 9c751d23..ba590d18 100644
--- a/plugins/UiFileManager/media/codemirror/mode/javascript.js
+++ b/plugins/UiFileManager/media/codemirror/mode/javascript.js
@@ -126,7 +126,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
           var kw = keywords[word]
           return ret(kw.type, kw.style, word)
         }
-        if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+	// backported ReDoS fix from
+	// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
+	// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+	if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
           return ret("async", "keyword", word)
       }
       return ret("variable", "variable", word)