Release v2.0.0 - Changes configuration defaults & template

This release changes configuration defaults including switching the template and removing legacy features.

The most notable change is the switch of the default template to bootstrap5. We switched to use the Jdenticons library by default for the comment creator icons, as it doesn't require the GD library. And we changed the user interface to display SI-prefixes instead of binary bytes for data sizes, to be more consistent with sizes displayed in current operating systems, i.e. 1024 bytes now will be displayed as 1.02 kB instead of 1.00 kiB and refer to "documents" instead of "pastes".

The page template and compatibility to pre-v1.3 pastes, including ZeroBin ones, got removed. The v2 paste format which is still currently used, got introduced in release 1.3 in July 2019. This allows dropping further unused database columns, as those were artifacts of the v1 pastes and not used anymore with the v2 ones.

Update procedure

The minimum required PHP version was increased from 7.3 to 7.4.

If you have created your own cfg/conf.php file, please check the following entries and update them accordingly:

• section [main], key template: If set to page replace this with bootstrap5 or one of the bootstrap variants (see cfg/conf.sample.php.
• section [main], key icon: If commented and you prefer the look of the blocky identicon over triangular jdenticon, uncomment the value and set it back to identicon.
• section [model], key class: If set to privatebin_data replace this with Filesystem and if set to privatebin_db or zerobin_db replace this with Database.

If you are using the Database model class and your database user is not privileged to perform schema changes, you have to manually drop the postdate, opendiscussion, burnafterreading, attachment and attachmentname columns of the paste table and the nickname column from the comment table. If you are using SQLite before 3.35.0, which doesn't support dropping columns, you must initialize a new empty database file and either manually migrate the data or start from scratch.

As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.

We also offer a container images using the nginx web server with php-fpm and one using the nginx unit application server, that include the recommended secure setup with the non-essential files and data outside of the web servers document root.

Optionally, you can use the bin/administration scripts' two new features to check if any v1 pastes still exist on your instance using the --statistics flag and then delete them using the --delete-v1 flag:

$ bin/administration --help
Usage:
  administration [--delete <document id> | --delete-all | --delete-v1 |
                  --empty-dirs | --help | --list-ids | --purge | --statistics]

Options:
[...]
  --delete-v1       deletes all unsupported v1 documents
[...]
  -s, --statistics  reads all stored documents and reports statistics
$ bin/administration --statistics
[... check for lines starting with "Unsupported v1 document " and the conclusion showing any "Legacy v1" ...]
$ bin/administration --delete-v1

Changes since version 1.7.8

• ADDED: Error logging in database and filesystem backend (#1554)
• ADDED: Statistics on v1 pastes in administration script and option to delete them
• CHANGED: Removed page template (#265)
• CHANGED: Removed support for ZeroBin & v1 pastes - since release 1.3 the v2 format is used (#551)
• CHANGED: Removed use of base64 & rawinflate libraries (#551)
• CHANGED: Removed support for privatebin_data, privatebin_db & zerobin_db model class configurations, must be replaced with Filesystem or Database in cfg/conf.php, if still present
• CHANGED: Removed unused columns in database schema of tables paste & comment
• CHANGED: Jdenticons are now used as the default icons
• CHANGED: Upgrading libraries to: base-x 5.0.1, bootstrap 5.3.7, jdenticon 2.0.0 & kjua 0.10.0
• CHANGED: Minimum required PHP version is 7.4, due to a change in the jdenticon library
• CHANGED: Set bootstrap5 template as default for PrivateBin (#1572)
• CHANGED: Switched from binary bytes to SI-units (#1565)
• CHANGED: Replaced the term "paste" with the more generic "document" (#397)
• FIXED: Name mismatches in attached files (#1584)
• FIXED: Unable to paste attachments from clipboard (#1589)
• FIXED: Configuration combinations test errors

Changes since version 1.7.7

• FIXED: Duplicate attachment for every comment (#1577)
• FIXED: Attachments with empty file names (#1577)
• FIXED: Page template scripts loading order (#1579)

Changes since version 1.7.6

• ADDED: Switching templates using the web ui (#1501)
• ADDED: Show file name and size on download page (#603)
• CHANGED: Passing large data structures by reference to reduce memory consumption (#858)
• CHANGED: Removed use of ctype functions and polyfill library for ctype
• CHANGED: Upgrading libraries to: DOMpurify 3.2.6, ip-lib 1.20.0
• CHANGED: Support for multiple file uploads (#1060)
• CHANGED: Documented CSP change necessary to allow PDF attachment preview (#1552)
• FIXED: Hide Reply button in the discussions once clicked to avoid losing the text input (#1508)
• FIXED: Bump zlib library suffix, ensuring cache refresh for WASM streaming change
• FIXED: Handle undefined globals in file based persisted values (#1544)

Changes since version 1.7.5

• ADDED: Ability to copy the paste by clicking the copy icon button or using the keyboard shortcut ctrl+c/cmd+c (#1390 & #12)
• CHANGED: Allow toggling tab-key-support using [Ctrl]+[m] or [Esc] in textarea for keyboard navigation (#1386)
• CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#1464), requires webserver to have application/wasm MIME type configured.
• CHANGED: Replaced usage of strpos with str_starts_with & str_contains (#1373)
• CHANGED: Added polyfill libraries for ctype, str_starts_with & str_contains functions (#1476)
• CHANGED: Turned paste delete link into a button (#266)
• CHANGED: Upgrading libraries to: DOMpurify 3.2.4, cloud-storage 1.45.0, aws-sdk-php 3.336.2
• CHANGED: bootstrap5 template UI improvements
• FIXED: Redirect to the home page after changing the language (#92)

Changes since version 1.7.4

• ADDED: Allow non persistent SQL connections, if configured (#1394)
• ADDED: Show a button (that redirects to the basepath URL) inside the alert after a paste is deleted
• CHANGED: Tweaked page footer of the bootstrap5 template (#1392)
• CHANGED: Simpler PostgreSQL table lookup query (#1361)
• CHANGED: SRI hashes are now configurable, no longer hardcoded in templates (#1365)
• CHANGED: Upgrading libraries to: DOMpurify 3.1.7, ip-lib 1.18.1, cloud-storage 1.43.0, aws-sdk-php 3.325.0
• FIXED: Numeric array keys being cast to integer causing failures under strict type checking (#1435)

Changes since version 1.7.3

• CHANGED: Saving markdown pastes uses .md extension instead of .txt (#1293)
• CHANGED: Enable strict type checking in PHP (#1350)
• CHANGED: Various tweaks of the bootstrap5 template, suggested by the community
• FIXED: Reset password input field on creation of new paste (#1194)
• FIXED: Allow database schema upgrade to skip versions (#1343)
• FIXED: bootstrap5 dark mode toggle unset on dark browser preference (#1340)
• FIXED: Prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs

Changes since version 1.7.2

• CHANGED: Various tweaks of the bootstrap5 template, suggested by the community
• CHANGED: Upgrading libraries to: DOMpurify 3.1.3
• FIXED: Selected expiration not being applied, when using bootstrap template (#1309)

Changes since version 1.7.1

• ADDED: Allow use of shortenviayourls in query parameters (#1267)
• ADDED: Input sanitation to some not yet filtered query and server parameters
• ADDED: Optional Bootstrap CSS 5.3.3 based template, use configuration template = "bootstrap5" to switch to it (#728)
• CHANGED: "Send" button now labeled "Create" (#946)
• CHANGED: Drop some PHP < 5.6 fallbacks, minimum version is PHP 7.3 as of release 1.6.0
• CHANGED: Set lang cookie with lax SameSite property
• CHANGED: Upgrading libraries to: DOMpurify 3.1.2 (#1299) & jQuery 3.7.1
• CHANGED: create attribute is no longer returned in API for pastes & can be disabled for comments using discussiondatedisplay as well (#1290)
• FIXED: Add cache control headers also to API calls (#1263)
• FIXED: Shortened paste URL does not appear in email (#606)

Changes since version 1.7.0

• FIXED: zlib 1.3.1 wasm file reference

Help wanted & greatly appreciated

Apart from the large tasks that require deeper insight and time, there are also smaller issues were help is wanted, topics open to debate and of course many languages that still remain to be translated. We are also still looking for additional long term maintainers among our frequent issue helpers.

What can we offer you in return for your help?

• We can offer you our mentorship, if this is your first time participating as a maintainer of an open source software project. We can guide you through submitting your first pull requests and work with you to ensure your change fulfils the communities quality standards, gets merged and makes it into a release.
• Your work gets publicly credited. This can help you build up a resume, showing off your growing skill set, in programming as well as your soft skills.
• PrivateBin is a smaller project. If you'd like to learn how to participate and contribute in an open source git project, this should be less overwhelming than larger projects.
• We do have a decent unit test code coverage, so it is an environment forgiving of mistakes. You may still introduce logical flaws or issues in new features, not yet covered in the tests, but you can rely on the tests preventing any regressions in other areas.
• You don't have to be proficient in multiple programming languages, there are a lot of things to improve within either the JavaScript or PHP areas that don't need you to understand the other side, beyond their shared API.
• It can be an opportunity to learn about continuous integration tools to automate tasks like tests, security scans, etc.

If you are interested in helping with any of these points, we have prepared a development guide including design goals, code structure and tools to get you started. For any questions, you can chat with the maintainers in the discussion area or reach us via email.