Unclaimed project

Are you a maintainer of PrivateBin? Claim this project to take control of your public changelog and roadmap.

Changelog

PrivateBin

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

PrivateBin/PrivateBin

Back to changelog

NewOctober 28, 2025

Release v2.0.2 - Fix HTML injection/XSS vulnerability in filenames of attached files

CHANGED: Upgrading libraries to: DOMpurify 3.3.0
CHANGED: Refactored jQuery DOM element creation into plain JavaScript
FIXED: Sanitize file name in attachment size hint (CVE-2025-62796 / https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-867c-p784-5q6g)
FIXED: PHP OPcache module is optional again (#1679)
FIXED: bootstrap template password peek input group display

This release addresses an issue with the lacking sanitation of file names when displaying attached files. This issue affects instances that enable fileupload. More details on this issue can be found in the security advisory.

Related Projects

mapbox-navigation-android

Mapbox Navigation SDK for Android

ToastFish

一个利用摸鱼时间背单词的软件。

barcodelib

C# Barcode Image Generation Library

JPProject.IdentityServer4.SSO

:lock: ASP.NET Core 3.1 Open Source SSO. Built within IdentityServer4 :key:

View all projects →