PrivateBin v1.3.3 Release Notes

Release Date: 2020-02-16 // about 3 years ago
  • This release fixes HTML entity double encoding issues introduced in version 1.3.2 of PrivateBin.

    🚀 In the efforts to prevent the unencoded strings to cause XSS issues down the line in releases 1.3.2 and 1.2.2, we had some strings getting their HTML entities encoded twice. This caused some display glitches as well as preventing the URLs in paste texts to get converted to links.

    🚀 This bug fix releases resolves these encoding issues, expands the XSS protection to the server side templating, updates some missing translation strings for the mailing feature (in 1.3.3 only) and also updates the DOMpurify library to 2.0.8.

    🚀 Benefits of switching to the new release

    ⬆️ We recommend to upgrade 1.3, 1.3.1, 1.3.2, 1.2, 1.2.1 and 1.2.2 instances to address these issues.

    🚀 We do offer a backport of these fixes for the 1.2.x versions of PrivateBin. You may choose to use version 1.2.3 over 1.3.3, if you do need to support legacy browsers with incomplete or missing Webcrypto API, like IE, non-Chromium based Edge or some ESR releases.

    ⚡️ Update procedure

    🚀 As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

    🐳 We also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root.

    🔄 Changes since version 1.3.2

    • ⬆️ CHANGED: Upgrading libraries to: DOMpurify 2.0.8
    • ⚡️ CHANGED: Several translations got updated with missing messages
    • 🔄 CHANGED: Introduce HTML entity encoding on server side (#581)
    • 🛠 FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)

    🚀 More details about the plans for future releases and on how you can help the project achieve them, can be found in the PrivateBin version 1.3.3 & 1.2.3 release announcements.