ยซ Changelog History


PrivateBin v1.2 Release Notes

Release Date: 2018-07-22 // over 5 years ago

  • This release adds QR code generation, inline display of video, audio, PDF and new translations to PrivateBin and a large refactoring of the JavaScript code.

    A new button lets you generate a QR code of your newly created pastes URL. This allows for easy transfer of a pasted data from one mobile device to another.

    When the optional file upload is enabled, uploaded videos, audio files and PDFs are displayed inline, like we did with images, as long as the visitors browser supports it. By default the file and paste upload is limited to a 2 MiB size.

    ๐ŸŒ Translations for Spanish, Occitan, Norwegian, Portuguese, Dutch and Hungarian have also been added since the last release.

    ๐Ÿš€ The main change of this release, and the reason it took us so long since doing the last one, was the large refactoring and cleanup of the JavaScript logic of PrivateBin. The refactoring itself was done in early 2017. In parallel we introced mocha and JSverify running on nodeJS as a property based unit testing framework for the logic (ร  la QuickCheck). Many months were spent to cover more and more pieces of the logic.

    โœ… In the end we covered all of the modular parts of the logic (879 of 1273 lines of code for a 69% code coverage), including the encryption wrapper functions for backward compatibility with older paste formats. The UI related parts of the code proved difficult to test, partly because in nodeJS the browsers document object model (DOM) is emulated using the JSdom library, the lack of an actual view port being present (so no scrolling, for example) and also due the event driven nature which contradicts the modular approach of unit testing. For many UI interfaces, large parts of the DOM has to be present, since emitting a single click event may trigger changes in many different parts of the UI. This is a shortcoming of the current structure of the UI logic, which we may need to improve further.

    โœ… Still, the unit testing found many regressions and some issues that have been in the code for a long time without having been reported. It lays the necessary ground work for the future changes, especially the major changes planned for the encryption format.

    ๐Ÿš€ Benefits of switching to the new release

    ๐Ÿš€ Apart from the new QR code feature many new translations were added. All used libraries were upgraded, too. While no security issues were reported for any of these, they address some bugs that didn't affect us directly or improve compatibility with the latests browsers and PHP releases.

    โšก๏ธ Update procedure

    ๐Ÿ”ง A new configuration option name was introduced for those admins that like to replace the "PrivateBin" moniker in the template with their own site name.

    ๐Ÿš€ As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

    ๐Ÿณ We now also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root. We also started providing additional tools in Docker containers.

    ๐Ÿ”„ Changes since version 1.1.1

    • โž• ADDED: Translations for Spanish, Occitan, Norwegian, Portuguese, Dutch and Hungarian
    • โž• ADDED: Option in configuration to change the default "PrivateBin" title of the site
    • โž• ADDED: Added display of video, audio & PDF, drag & drop, preview of attachments (#182)
    • โž• ADDED: QR code generation (#169)
    • โž• ADDED: Introduced DOMpurify library to sanitize generated HTML before display (#183)
    • ๐Ÿ”„ CHANGED: Force JSON request for getting paste data & password retry (#216)
    • ๐Ÿ”„ CHANGED: Minimum required PHP version is 5.4 (#186)
    • โšก๏ธ CHANGED: Shipped .htaccess files were updated for Apache 2.4 (#192)
    • ๐Ÿ”„ CHANGED: Cleanup of bootstrap template variants and moved icons to img directory
    • ๐Ÿ”„ CHANGED: Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
    • โฌ†๏ธ CHANGED: Upgrading libraries to: SJCL 1.0.7, jQuery 3.3.1, Base64 2.4.5, Showdown 1.8.6, DOMpurify 1.0.5 & Prettify 453bd5f
    • ๐Ÿ”จ CHANGED: Refactored JavaScript code, making it modular with private and public functions, making it much easier to maintain (#178)
    • ๐Ÿ›  FIXED: To counteract regressions introduced by the refactoring, we finally introduced property based unit testing for the JavaScript code, this caught several regressions, but also some very old bugs not found so far (#32)

    ๐Ÿš€ More details about the plans for future releases and on how you can help the project achieve them, can be found in the PrivateBin version 1.2 release announcements.