PrivateBin v1.2.3 Release Notes

Release Date: 2020-02-16 // about 2 years ago
  • This release fixes HTML entity double encoding issues introduced in version 1.2.2 of PrivateBin.

    ๐Ÿš€ In the efforts to prevent the unencoded strings to cause XSS issues down the line in releases 1.3.2 and 1.2.2, we had some strings getting their HTML entities encoded twice. This caused some display glitches as well as preventing the URLs in paste texts to get converted to links.

    ๐Ÿš€ This bug fix releases resolves these encoding issues, expands the XSS protection to the server side templating and updates the DOMpurify library to 2.0.8.

    ๐Ÿš€ Benefits of switching to the new release

    โฌ†๏ธ We recommend to upgrade 1.2, 1.2.1 and 1.2.2 instances to address these issues.

    ๐Ÿš€ We do offer a backport of these fixes for the 1.2.x versions of PrivateBin. You may choose to use version 1.2.3 over 1.3.3, if you do need to support legacy browsers with incomplete or missing Webcrypto API, like IE, non-Chromium based Edge or some ESR releases.

    โšก๏ธ Update procedure

    ๐Ÿš€ As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

    ๐Ÿณ We also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root.

    ๐Ÿ”„ Changes since version 1.2.2

    • โฌ†๏ธ CHANGED: Upgrading libraries to: DOMpurify 2.0.8
    • ๐Ÿ”„ CHANGED: Introduce HTML entity encoding on server side (#581)
    • ๐Ÿ›  FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)

    ๐Ÿš€ More details about the plans for future releases and on how you can help the project achieve them, can be found in the PrivateBin version 1.3.3 & 1.2.3 release announcements.