This release adds Italian and Russian translations to PrivateBin and fixes an XSS and a database issue.
The other fixed issue concerns the automatic purging of outdated pastes, which was introduced in version 1.0. When using the database model instead of the default file based store, pastes set to "never" expire were always purged, too.
Benefits of switching to the new release
If you are using the database model instead of the filesystem one and offer pastes that "never" expire, then you should upgrade or disable the purge by setting the
batchsize to 0 in your configuration.
Apart from fixing the XSS issue, markdown pastes containing HTML code will now be properly displayed in the "raw" mode.
Both of these issues affected only version 1.0. There are of course many more benefits in switching to this release, if you are still using a version of PrivateBin or ZeroBin before 1.0.
When updating please make sure to adjust the
cspheader setting. We recommend you to either comment the setting out in order to use our default recommend CSP header or adjust the header so it matches the new default one (mainly just add the
referrer no-referrer; part).
Changes since version 1.0
- ADDED: Translations for Italian and Russian
- ADDED: Loading message displayed until decryption succeeded for slower (in terms of CPU or network) systems
- ADDED: Dockerfile for docker container creation
- CHANGED: Using modal dialog to request password input instead of native JS input window (#69)
- CHANGED: Suppressed referrer HTTP header sending when following links in a paste or comment (#96) and added additional HTTP headers for XSS mitigation (#91)
- CHANGED: Updated random_compat and jQuery libraries
- FIXED: Automatic purging deleting non-expiring pastes, when using database store (#149)
We wish you a happy new year!