This release changes configuration defaults including switching the template and removing legacy features.
The most notable change is the switch of the default template to bootstrap5
. We switched to use the Jdenticons library by default for the comment creator icons, as it doesn't require the GD library. And we changed the user interface to display SI-prefixes instead of binary bytes for data sizes, to be more consistent with sizes displayed in current operating systems, i.e. 1024 bytes now will be displayed as 1.02 kB instead of 1.00 kiB and refer to "documents" instead of "pastes".
The page
template and compatibility to pre-v1.3 pastes, including ZeroBin ones, got removed. The v2
paste format which is still currently used, got introduced in release 1.3 in July 2019. This allows dropping further unused database columns, as those were artifacts of the v1
pastes and not used anymore with the v2
ones.
Update procedure
The minimum required PHP version was increased from 7.3 to 7.4.
If you have created your own cfg/conf.php
file, please check the following entries and update them accordingly:
- section
[main]
, keytemplate
: If set topage
replace this withbootstrap5
or one of thebootstrap
variants (seecfg/conf.sample.php
. - section
[main]
, keyicon
: If commented and you prefer the look of the blockyidenticon
over triangularjdenticon
, uncomment the value and set it back toidenticon
. - section
[model]
, keyclass
: If set toprivatebin_data
replace this withFilesystem
and if set toprivatebin_db
orzerobin_db
replace this withDatabase
.
If you are using the Database
model class and your database user is not privileged to perform schema changes, you have to manually drop the postdate
, opendiscussion
, burnafterreading
, attachment
and attachmentname
columns of the paste
table and the nickname
column from the comment
table. If you are using SQLite before 3.35.0, which doesn't support dropping columns, you must initialize a new empty database file and either manually migrate the data or start from scratch.
As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.
We also offer a container images using the nginx web server with php-fpm and one using the nginx unit application server, that include the recommended secure setup with the non-essential files and data outside of the web servers document root.
Optionally, you can use the bin/administration
scripts' two new features to check if any v1
pastes still exist on your instance using the --statistics
flag and then delete them using the --delete-v1
flag:
$ bin/administration --help
Usage:
administration [--delete <document id> | --delete-all | --delete-v1 |
--empty-dirs | --help | --list-ids | --purge | --statistics]
Options:
[...]
--delete-v1 deletes all unsupported v1 documents
[...]
-s, --statistics reads all stored documents and reports statistics
$ bin/administration --statistics
[... check for lines starting with "Unsupported v1 document " and the conclusion showing any "Legacy v1" ...]
$ bin/administration --delete-v1
Changes since version 1.7.8
- ADDED: Error logging in database and filesystem backend (#1554)
- ADDED: Statistics on v1 pastes in administration script and option to delete them
- CHANGED: Removed page template (#265)
- CHANGED: Removed support for ZeroBin & v1 pastes - since release 1.3 the v2 format is used (#551)
- CHANGED: Removed use of base64 & rawinflate libraries (#551)
- CHANGED: Removed support for
privatebin_data
,privatebin_db
&zerobin_db
model class configurations, must be replaced withFilesystem
orDatabase
incfg/conf.php
, if still present - CHANGED: Removed unused columns in database schema of tables
paste
&comment
- CHANGED: Jdenticons are now used as the default icons
- CHANGED: Upgrading libraries to: base-x 5.0.1, bootstrap 5.3.7, jdenticon 2.0.0 & kjua 0.10.0
- CHANGED: Minimum required PHP version is 7.4, due to a change in the jdenticon library
- CHANGED: Set bootstrap5 template as default for PrivateBin (#1572)
- CHANGED: Switched from binary bytes to SI-units (#1565)
- CHANGED: Replaced the term "paste" with the more generic "document" (#397)
- FIXED: Name mismatches in attached files (#1584)
- FIXED: Unable to paste attachments from clipboard (#1589)
- FIXED: Configuration combinations test errors
Changes since version 1.7.7
- FIXED: Duplicate attachment for every comment (#1577)
- FIXED: Attachments with empty file names (#1577)
- FIXED: Page template scripts loading order (#1579)
Changes since version 1.7.6
- ADDED: Switching templates using the web ui (#1501)
- ADDED: Show file name and size on download page (#603)
- CHANGED: Passing large data structures by reference to reduce memory consumption (#858)
- CHANGED: Removed use of ctype functions and polyfill library for ctype
- CHANGED: Upgrading libraries to: DOMpurify 3.2.6, ip-lib 1.20.0
- CHANGED: Support for multiple file uploads (#1060)
- CHANGED: Documented CSP change necessary to allow PDF attachment preview (#1552)
- FIXED: Hide Reply button in the discussions once clicked to avoid losing the text input (#1508)
- FIXED: Bump zlib library suffix, ensuring cache refresh for WASM streaming change
- FIXED: Handle undefined globals in file based persisted values (#1544)
Changes since version 1.7.5
- ADDED: Ability to copy the paste by clicking the copy icon button or using the keyboard shortcut ctrl+c/cmd+c (#1390 & #12)
- CHANGED: Allow toggling tab-key-support using
[Ctrl]+[m]
or[Esc]
in textarea for keyboard navigation (#1386) - CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#1464), requires webserver to have
application/wasm
MIME type configured. - CHANGED: Replaced usage of strpos with str_starts_with & str_contains (#1373)
- CHANGED: Added polyfill libraries for ctype, str_starts_with & str_contains functions (#1476)
- CHANGED: Turned paste delete link into a button (#266)
- CHANGED: Upgrading libraries to: DOMpurify 3.2.4, cloud-storage 1.45.0, aws-sdk-php 3.336.2
- CHANGED:
bootstrap5
template UI improvements - FIXED: Redirect to the home page after changing the language (#92)
Changes since version 1.7.4
- ADDED: Allow non persistent SQL connections, if configured (#1394)
- ADDED: Show a button (that redirects to the
basepath
URL) inside the alert after a paste is deleted - CHANGED: Tweaked page footer of the
bootstrap5
template (#1392) - CHANGED: Simpler PostgreSQL table lookup query (#1361)
- CHANGED: SRI hashes are now configurable, no longer hardcoded in templates (#1365)
- CHANGED: Upgrading libraries to: DOMpurify 3.1.7, ip-lib 1.18.1, cloud-storage 1.43.0, aws-sdk-php 3.325.0
- FIXED: Numeric array keys being cast to integer causing failures under strict type checking (#1435)
Changes since version 1.7.3
- CHANGED: Saving markdown pastes uses
.md
extension instead of.txt
(#1293) - CHANGED: Enable strict type checking in PHP (#1350)
- CHANGED: Various tweaks of the
bootstrap5
template, suggested by the community - FIXED: Reset password input field on creation of new paste (#1194)
- FIXED: Allow database schema upgrade to skip versions (#1343)
- FIXED:
bootstrap5
dark mode toggle unset on dark browser preference (#1340) - FIXED: Prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs
Changes since version 1.7.2
- CHANGED: Various tweaks of the
bootstrap5
template, suggested by the community - CHANGED: Upgrading libraries to: DOMpurify 3.1.3
- FIXED: Selected expiration not being applied, when using bootstrap template (#1309)
Changes since version 1.7.1
- ADDED: Allow use of
shortenviayourls
in query parameters (#1267) - ADDED: Input sanitation to some not yet filtered query and server parameters
- ADDED: Optional Bootstrap CSS 5.3.3 based template, use configuration
template = "bootstrap5"
to switch to it (#728) - CHANGED: "Send" button now labeled "Create" (#946)
- CHANGED: Drop some PHP < 5.6 fallbacks, minimum version is PHP 7.3 as of release 1.6.0
- CHANGED: Set
lang
cookie with laxSameSite
property - CHANGED: Upgrading libraries to: DOMpurify 3.1.2 (#1299) & jQuery 3.7.1
- CHANGED:
create
attribute is no longer returned in API for pastes & can be disabled for comments usingdiscussiondatedisplay
as well (#1290) - FIXED: Add cache control headers also to API calls (#1263)
- FIXED: Shortened paste URL does not appear in email (#606)
Changes since version 1.7.0
- FIXED: zlib 1.3.1 wasm file reference
Help wanted & greatly appreciated
Apart from the large tasks that require deeper insight and time, there are also smaller issues were help is wanted, topics open to debate and of course many languages that still remain to be translated. We are also still looking for additional long term maintainers among our frequent issue helpers.
What can we offer you in return for your help?
- We can offer you our mentorship, if this is your first time participating as a maintainer of an open source software project. We can guide you through submitting your first pull requests and work with you to ensure your change fulfils the communities quality standards, gets merged and makes it into a release.
- Your work gets publicly credited. This can help you build up a resume, showing off your growing skill set, in programming as well as your soft skills.
- PrivateBin is a smaller project. If you'd like to learn how to participate and contribute in an open source git project, this should be less overwhelming than larger projects.
- We do have a decent unit test code coverage, so it is an environment forgiving of mistakes. You may still introduce logical flaws or issues in new features, not yet covered in the tests, but you can rely on the tests preventing any regressions in other areas.
- You don't have to be proficient in multiple programming languages, there are a lot of things to improve within either the JavaScript or PHP areas that don't need you to understand the other side, beyond their shared API.
- It can be an opportunity to learn about continuous integration tools to automate tasks like tests, security scans, etc.
If you are interested in helping with any of these points, we have prepared a development guide including design goals, code structure and tools to get you started. For any questions, you can chat with the maintainers in the discussion area or reach us via email.