diff -u b/core/modules/editor/editor.module b/core/modules/editor/editor.module
--- b/core/modules/editor/editor.module
+++ b/core/modules/editor/editor.module
@@ -530,7 +530,6 @@
  */
 function editor_get_file_references(FileInterface $file, $age = EntityStorageInterface::FIELD_LOAD_REVISION) {
   $references = &drupal_static(__FUNCTION__, array());
-  $field_columns = &drupal_static(__FUNCTION__ . ':field_columns', array());
 
   // Fill the static cache, disregard $field and $field_type for now.
   if (!isset($references[$file->id()][$age])) {
only in patch2:
unchanged:
--- /dev/null
+++ b/core/modules/editor/src/Tests/EditorPrivateFileReferenceFilterTest.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace Drupal\Tests\editor\Kernel;
+
+use Drupal\file\Entity\File;
+use Drupal\file\FileInterface;
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests Editor module's file reference filter with private files.
+ *
+ * @group editor
+ */
+class EditorPrivateFileReferenceFilterTest extends WebTestBase {
+
+  // Install standard.profile.
+  protected $profile = 'standard';
+
+  /**
+   * Tests the editor file reference filter with private files.
+   */
+  function testEditorPrivateFileReferenceFilter() {
+    $admin_user = $this->drupalCreateUser([], NULL, TRUE);
+    $this->drupalLogin($admin_user);
+
+    // Visit /admin/config/content/formats/manage/basic_html.
+    $edit = [
+      // Disable "Restrict images to this site".
+      'filters[filter_html_image_secure][status]' => FALSE,
+      // Set "File storage" to "Private local files served by Drupal.".
+      'editor[settings][plugins][drupalimage][image_upload][scheme]' => 'private',
+      // Remove 'inline-images'.
+      'editor[settings][plugins][drupalimage][image_upload][directory]' => '',
+    ];
+    // Click "Save configuration".
+    $this->drupalPostForm('/admin/config/content/formats/manage/basic_html', $edit, t('Save configuration'));
+
+
+    // "Upload" a file to the private:// stream.
+    $filename = 'test.png';
+    $src = '/system/files/' . $filename;
+    /** @var FileInterface $file */
+    $file = File::create([
+      'uri' => 'private://' . $filename,
+      'status' => FILE_STATUS_PERMANENT,
+    ]);
+    // Create the file itself.
+    file_put_contents($file->getFileUri(), $this->randomString());
+    $file->save();
+
+    // Visit /node/add/article.
+    $edit = [
+      // Type anything as "Title".
+      'title[0][value]' => $this->randomString(),
+      // Add the just-created file to the body as CKEditor would do it.
+      'body[0][value]' => '<p><img alt="alt" data-entity-type="file" data-entity-uuid="' . $file->uuid() . '" src="' . $src . '" /></p>',
+    ];
+    $this->drupalPostForm('/node/add/article', $edit, t('Save and publish'));
+
+    // The image should be visible for admin.
+    $this->drupalGet($src);
+    $this->assertResponse(200, 'Image is downloadable as admin.');
+    $this->drupalLogout();
+
+    // The image should be visible for anonymous.
+    $this->drupalGet($src);
+    $this->assertResponse(200, 'Image is downloadable as anonymous.');
+  }
+
+}