Date Tags PrivateBin / Release

This release improves the display of appropriate errors for unsupported browsers/configurations.

Since the release of version 1.3 only two months ago we received reports on a surprising number of corner cases with certain browser versions and protocols in which the new release didn't work, while 1.2.1 still did. The release addresses most of these or at least aims to provide a meaningful error message with hints what the user may do to avoid these (switching to HTTPS, using a different browser or being limited to partial functionality).

We also have been provided with a Bulgarian translation and several improvements to the bootstrap template, cloning pastes and the drap & drop file upload. The URL shortener now also supports JSON APIs and the default size limit was increased to 10 MiB.

Before the 1.3 release we had tested mainly in Firefox and Chrome, but none of the core developers had easy access to Windows based browsers (Edge, IE) or Mac (Safari). We also missed that Chrome disables the webcrypto API used in 1.3 to replace the SJCL cryptographic library, when accessing the site via HTTP. It didn't do this in our local testing environments, as localhost is considered safe by it, even when not accessed via HTTPS. Other quirks discovered were issues when accessing PrivateBin via Tor and i2p networks. The Torbrowser disables webassembly due to security concerns, which prevented these clients to create or read pastes.

To facilitate testing of such quirks and having access to more browsers versions, we applied for a sponsored browserstack account. This helped us improving the browser feature detection. In particular the following cases got covered: - When a modern browser has webassembly disabled (i.e. for security), it displays a warning, but still can create and read uncompressed pastes, just not open compressed ones. - Browsers with a lack for webcrypto API on an HTTP site get suggested to switch to HTTPS (requires support by the server). - Browsers with a lack for webcrypto API, async or ES6 support get an error requesting to switch to a modern browser. - Internet Explorer remains unsupported, but now get an appropriate error requesting to switch to a modern browser.

Benefits of switching to the new release

We recommend to upgrade 1.3 instances to improve the support for Chrome and older browsers get more appropriate error messages.

Update procedure

As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

We also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root.

The default size limit got increased from 2 to 10 MiB. If you didn't configure a custom size, you may have to adjust your PHP and webserver settings to be able to use the new limit to the full extent.

If you use the MySQL database backend and don't allow the PrivateBin use to ALTER TABLES, you have to manually change one columns type and UPDATE the database version (replace "prefix_" with your own table prefix, if used):

UPDATE prefix_config SET value = "1.3.1" WHERE id = "VERSION";

PostgreSQL and SQLite don't require this change.

Changes since version 1.3

  • ADDED: Translation for Bulgarian (#455)
  • CHANGED: Improved mobile UI - obscured send button and hard to click shortener button (#477)
  • CHANGED: Enhanced URL shortener integration (#479)
  • CHANGED: Improved file upload drag & drop UI (#317)
  • CHANGED: Increased default size limit from 2 to 10 MiB, switch data from BLOB to MEDIUMBLOB in MySQL (#458)
  • CHANGED: Upgrading libraries to: DOMpurify 2.0.1
  • FIXED: Enabling browsers without WASM to create pastes and read uncompressed ones (#454)
  • FIXED: Cloning related issues (#489, #491, #493, #494)
  • FIXED: Enable file operation only when editing (#497)
  • FIXED: Clicking 'New' on a previously submitted paste does not blank address bar (#354)
  • FIXED: Clear address bar when create new paste from existing paste (#479)
  • FIXED: Discussion section not hiding when new/clone paste is clicked on (#484)
  • FIXED: Showdown.js error when posting svg qrcode (#485)
  • FIXED: Failed to handle the case where user cancelled attachment selection properly (#487)
  • FIXED: Displaying the appropriate errors in older browsers (#508)

Help wanted & greatly appreciated

Apart from the large tasks that require deeper insight and time, there are also smaller issues were help is wanted, topics open to debate and of course many languages that still remain to be translated. We are also still looking for additional long term maintainers among our frequent issue helpers.

If you are interested in helping with any of these points, we have prepared a development guide including design goals, code structure and tools that should get you started.

Plans for future releases

The next release will focus on user interface improvements.