PrivateBin - Package Updates

girish

[1.5.2]

• Fix apache configs to not have hardcoded memory limit

nebulon

[1.6.0]

• Update PrivateBin to 1.4.0
• Full changelog
• ADDED: Translations for Corsican, Estonian, Finnish and Lojban
• ADDED: new HTTP headers improving security (#765)
• ADDED: Download button for paste text (#774)
• ADDED: Opt-out of federated learning of cohorts (FLoC) (#776)
• ADDED: Configuration option to exempt IPs from the rate-limiter (#787)
• ADDED: Google Cloud Storage backend support (#795)
• ADDED: Oracle database support (#868)
• ADDED: Configuration option to limit paste creation and commenting to certain IPs (#883)
• ADDED: Set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header
• ADDED: Sanitize SVG preview, preventing script execution in instance context
• CHANGED: Language selection cookie only transmitted over HTTPS (#472)
• CHANGED: Upgrading libraries to: base-x 4.0.0, bootstrap 3.4.1 (JS), DOMpurify 2.3.6, ip-lib 1.18.0, jQuery 3.6.0, random_compat 2.0.21, Showdown 2.0.3 & zlib 1.2.12
• CHANGED: Removed automatic .ini configuration file migration (#808)
• CHANGED: Removed configurable dir for traffic & purge limiters (#419)
• CHANGED: Server salt, traffic and purge limiter now stored in the storage backend (#419)
• CHANGED: Drop support for attachment download in IE
• FIXED: Error when attachments are disabled, but paste with attachment gets displayed

nebulon

[1.7.0]

• Update PrivateBin to 1.5.0
• Update Cloudron base image to 4.0.0
• Full changelog
• ADDED: script for data storage backend migrations (#1012)
• ADDED: Translations for Turkish, Slovak, Greek and Thai
• ADDED: S3 Storage backend (#994)
• ADDED: Jdenticons as an option for comment icons (#793)
• CHANGED: Avoid SUPER privilege for setting the sql_mode for MariaDB/MySQL (#919)
• CHANGED: Upgrading libraries to: DOMpurify 2.4.6, jQuery 3.6.1, Showdown 2.1.0 & zlib 1.2.13
• FIXED: Revert to CREATE INDEX without IF NOT EXISTS clauses, to support MySQL (#943)
• FIXED: Apply table prefix to indexes as well, to support multiple instances sharing a single database (#943)
• FIXED: YOURLS integration via new proxy, storing signature in configuration (#725)

girish

[1.7.1]

• Update PrivateBin to 1.5.1
• Full changelog
• ADDED: script for administrative tasks: deleting pastes (#274), removing empty directories (#277), purging expired pastes (#276) & statistics (#319)
• FIXED: Revert Filesystem purge to limited and randomized lookup (#1030)
• FIXED: Catch JSON decode errors when invalid data gets sent to the API (#1030)
• FIXED: Support sorting v1 format in mixed version comments in Filesystem backend (#1030)

girish

[1.7.2]

• Update PrivateBin to 1.5.2
• Full changelog
• ADDED: Allow AWS SDK to use default credential provider chain for S3Storage (#1070)
• CHANGED: Upgrading libraries to: DOMpurify 3.0.4 & jQuery 3.7.0
• FIXED: Addressed PHP 8.2 deprecation warnings (#1092)
• FIXED: Expose types JSON-LD incl. configured expiration dates (#1045)

nebulon

[1.7.3]

• Update PrivateBin to 1.6.0
• Full changelog
• This release adds translations for Japanese & Arabic

girish

[1.8.0]

• Update base image to 4.2.0

girish

[1.8.1]

• Update PrivateBin to 1.6.2
• Full changelog
• ADDED: Right-To-Left (RTL) support for Arabic & Hebrew (#1174)
• CHANGED: Upgrading libraries to: DOMpurify 3.0.6

nebulon

[1.9.0]

• Update PrivateBin to 1.7.0
• Full changelog
• ADDED: Translations for Romanian
• ADDED: Detect and report on damaged pastes (#1218)
• CHANGED: Ask for confirmation, before loading burn after reading pastes (#1237)
• CHANGED: Focus on password input in modal dialog
• CHANGED: Upgrading libraries to: DOMpurify 3.0.8 & zlib 1.3.1
• FIXED: Support more types of valid URLs for shorteners, incl. IDN ones (#1224)
• FIXED: Email timezone buttons overlapping in some languages (#1039)
• FIXED: Changing language mangles URL (#1191)
• FIXED: Needless reload when visiting default URL

nebulon

[1.9.1]

• Update PrivateBin to 1.7.2
• Full changelog
• ADDED: Allow use of shortenviayourls in query parameters (#1267)
• ADDED: Input sanitation to some not yet filtered query and server parameters
• ADDED: Optional Bootstrap CSS 5.3.3 based template, use configuration template = "bootstrap5" to switch to it (#728)
• CHANGED: "Send" button now labeled "Create" (#946)
• CHANGED: Drop some PHP < 5.6 fallbacks, minimum version is PHP 7.3 as of release 1.6.0
• CHANGED: Set lang cookie with lax SameSite property
• CHANGED: Upgrading libraries to: DOMpurify 3.1.2 (#1299) & jQuery 3.7.1
• CHANGED: create attribute is no longer returned in API for pastes & can be disabled for comments using discussiondatedisplay as well (#1290)
• FIXED: Add cache control headers also to API calls (#1263)
• FIXED: Shortened paste URL does not appear in email (#606)

nebulon

[1.9.2]

• Update PrivateBin to 1.7.3
• Full changelog
• CHANGED: Various tweaks of the bootstrap5 template, suggested by the community
• CHANGED: Upgrading libraries to: DOMpurify 3.1.3
• FIXED: Selected expiration not being applied, when using bootstrap template (#1309)

Package Updates

[1.9.3]

• Update PrivateBin to 1.7.4
• Full changelog

Package Updates

[1.9.4]

• Enable multi domain support via aliases

Package Updates

[1.9.5]

• Update PrivateBin to 1.7.5
• Full Changelog
• ADDED: Allow non persistent SQL connections, if configured (#​1394)
• ADDED: Show a button (that redirects to the basepath URL) inside the alert after a paste is deleted
• CHANGED: Tweaked page footer of the bootstrap5 template (#​1392)
• CHANGED: Simpler PostgreSQL table lookup query (#​1361)
• CHANGED: SRI hashes are now configurable, no longer hardcoded in templates (#​1365)
• CHANGED: Upgrading libraries to: DOMpurify 3.1.7, ip-lib 1.18.1, cloud-storage 1.43.0, aws-sdk-php 3.325.0
• FIXED: Numeric array keys being cast to integer causing failures under strict type checking (#​1435)

Package Updates

[1.9.6]

• Update PrivateBin to 1.7.6
• Full Changelog
• ADDED: Ability to copy the paste by clicking the copy icon button or using the keyboard shortcut ctrl+c/cmd+c (#​1390 & #​12)
• CHANGED: Allow toggling tab-key-support using [Ctrl]+[m] or [Esc] in textarea for keyboard navigation (#​1386)
• CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#​1464), requires webserver to have application/wasm MIME type configured.
• CHANGED: Replaced usage of strpos with str_starts_with & str_contains (#​1373)
• CHANGED: Added polyfill libraries for ctype, str_starts_with & str_contains functions (#​1476)
• CHANGED: Turned paste delete link into a button (#​266)
• CHANGED: Upgrading libraries to: DOMpurify 3.2.4, cloud-storage 1.45.0, aws-sdk-php 3.336.2
• CHANGED: bootstrap5 template UI improvements
• FIXED: Redirect to the home page after changing the language (#​92)

Package Updates

[1.10.0]

• Update base image to 5.0.0

Package Updates

[1.10.1]

• Update PrivateBin to 1.7.7
• Full Changelog
• ADDED: Switching templates using the web ui (#​1501)
• ADDED: Show file name and size on download page (#​603)
• CHANGED: Passing large data structures by reference to reduce memory consumption (#​858)
• CHANGED: Removed use of ctype functions and polyfill library for ctype
• CHANGED: Upgrading libraries to: DOMpurify 3.2.6, ip-lib 1.20.0
• CHANGED: Support for multiple file uploads (#​1060)
• CHANGED: Documented CSP change necessary to allow PDF attachment preview (#​1552)
• FIXED: Hide Reply button in the discussions once clicked to avoid losing the text input (#​1508)
• FIXED: Bump zlib library suffix, ensuring cache refresh for WASM streaming change
• FIXED: Handle undefined globals in file based persisted values (#​1544)

Package Updates

[1.10.2]

• Update PrivateBin to 1.7.8
• Full Changelog
• FIXED: Duplicate attachment for every comment (#1577)
• FIXED: Attachments with empty file names (#1577)
• FIXED: Page template scripts loading order (#1579)

Package Updates

[1.11.0]

• Update PrivateBin to 2.0.0
• Full Changelog
• ADDED: Error logging in database and filesystem backend (#1554)
• ADDED: Statistics on v1 pastes in administration script and option to delete them
• CHANGED: Removed page template (#265)
• CHANGED: Removed support for ZeroBin & v1 pastes - since release 1.3 the v2 format is used (#551)
• CHANGED: Removed use of base64 & rawinflate libraries (#551)
• CHANGED: Removed support for privatebin_data, privatebin_db & zerobin_db model class configurations, must be replaced with Filesystem or Database in cfg/conf.php, if still present
• CHANGED: Removed unused columns in database schema of tables paste & comment
• CHANGED: Jdenticons are now used as the default icons
• CHANGED: Upgrading libraries to: base-x 5.0.1, bootstrap 5.3.7, jdenticon 2.0.0 & kjua 0.10.0
• CHANGED: Minimum required PHP version is 7.4, due to a change in the jdenticon library

Package Updates

[1.11.1]

• Update PrivateBin to 2.0.1
• Full Changelog
• ADDED: Auto shorten URLs with config option shortenbydefault (#1627)
• ADDED: Added shortenviashlink endpoint with an shlink configuration section
• ADDED: Password peek (#1254)
• CHANGED: CSP recommendation around bootstrap5 template resolved in Firefox 131 (#1613)
• CHANGED: Upgrading libraries to: bootstrap 5.3.8, DOMpurify 3.2.7 & ip-lib 1.21.0
• FIXED: Allow pasting a password for decrypting a paste (#1620)
• FIXED: Allow copying the shortened link after using a URL shortener (#1624)
• FIXED: URL extraction fails when frame-ancestors is set in CSP (#1644)
• FIXED: traffic limiter not working when using Filesystem storage and PHP opcache