PrivateBin v1.3.4 Release Notes

Release Date: 2020-03-22 // over 1 year ago
  • ๐Ÿš€ This bug fix releases resolves further HTML entity encoding issues, the use of custom expiration options in the email function, pasting into the password dialog on pastes with attachments and also updates the identicon library to 2.0.0, which increases the minimum required PHP version to 5.6.

    ๐Ÿš€ Benefits of switching to the new release

    โฌ†๏ธ We recommend to upgrade 1.3.x instances to address these issues.

    โšก๏ธ Update procedure

    ๐Ÿš€ As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

    ๐Ÿณ We also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root.

    ๐Ÿ”„ Changes since version 1.3.3

    • ๐Ÿ”„ CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals()
    • โฌ†๏ธ CHANGED: Upgrading libraries to: identicon 2.0.0
    • ๐Ÿ›  FIXED: Support custom expiration options in email function (#586)
    • ๐Ÿ›  FIXED: Regression with encoding of HTML entities (#588)
    • ๐Ÿ›  FIXED: Unable to paste password on paste with attachment (#565 & #595)

    ๐Ÿš€ More details about the plans for future releases and on how you can help the project achieve them, can be found in the PrivateBin version 1.3.4 release announcements.


Previous changes from v1.3.3

  • This release fixes HTML entity double encoding issues introduced in version 1.3.2 of PrivateBin.

    ๐Ÿš€ In the efforts to prevent the unencoded strings to cause XSS issues down the line in releases 1.3.2 and 1.2.2, we had some strings getting their HTML entities encoded twice. This caused some display glitches as well as preventing the URLs in paste texts to get converted to links.

    ๐Ÿš€ This bug fix releases resolves these encoding issues, expands the XSS protection to the server side templating, updates some missing translation strings for the mailing feature (in 1.3.3 only) and also updates the DOMpurify library to 2.0.8.

    ๐Ÿš€ Benefits of switching to the new release

    โฌ†๏ธ We recommend to upgrade 1.3, 1.3.1, 1.3.2, 1.2, 1.2.1 and 1.2.2 instances to address these issues.

    ๐Ÿš€ We do offer a backport of these fixes for the 1.2.x versions of PrivateBin. You may choose to use version 1.2.3 over 1.3.3, if you do need to support legacy browsers with incomplete or missing Webcrypto API, like IE, non-Chromium based Edge or some ESR releases.

    โšก๏ธ Update procedure

    ๐Ÿš€ As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

    ๐Ÿณ We also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root.

    ๐Ÿ”„ Changes since version 1.3.2

    • โฌ†๏ธ CHANGED: Upgrading libraries to: DOMpurify 2.0.8
    • โšก๏ธ CHANGED: Several translations got updated with missing messages
    • ๐Ÿ”„ CHANGED: Introduce HTML entity encoding on server side (#581)
    • ๐Ÿ›  FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)

    ๐Ÿš€ More details about the plans for future releases and on how you can help the project achieve them, can be found in the PrivateBin version 1.3.3 & 1.2.3 release announcements.