Date Tags PrivateBin / Release

This release fixes HTML entity double encoding issues introduced in versions 1.3.2 and 1.2.2 of PrivateBin.

In the efforts to prevent the unencoded strings to cause XSS issues down the line in releases 1.3.2 and 1.2.2, we had some strings getting their HTML entities encoded twice. This caused some display glitches as well as preventing the URLs in paste texts to get converted to links.

This bug fix releases resolves these encoding issues, expands the XSS protection to the server side templating, updates some missing translation strings for the mailing feature (in 1.3.3 only) and also updates the DOMpurify library to 2.0.8.

Benefits of switching to the new release

We recommend to upgrade 1.3, 1.3.1, 1.3.2, 1.2, 1.2.1 and 1.2.2 instances to address these issues.

We do offer a backport of these fixes for the 1.2.x versions of PrivateBin. You may choose to use version 1.2.3 over 1.3.3, if you do need to support legacy browsers with incomplete or missing Webcrypto API, like IE, non-Chromium based Edge or some ESR releases.

Update procedure

As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

We also offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root.

Changes

in 1.3.3 since version 1.3.2

  • CHANGED: Upgrading libraries to: DOMpurify 2.0.8
  • CHANGED: Several translations got updated with missing messages
  • CHANGED: Introduce HTML entity encoding on server side (#581)
  • FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)

in 1.2.3 since version 1.2.2

  • CHANGED: Upgrading libraries to: DOMpurify 2.0.8
  • CHANGED: Introduce HTML entity encoding on server side (#581)
  • FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)

Help wanted & greatly appreciated

Apart from the large tasks that require deeper insight and time, there are also smaller issues were help is wanted, topics open to debate and of course many languages that still remain to be translated. We are also still looking for additional long term maintainers among our frequent issue helpers.

If you are interested in helping with any of these points, we have prepared a development guide including design goals, code structure and tools that should get you started.

Plans for future releases

The next regular release will focus on user interface improvements.