Download Latest Version
Release v1.7.9 - Fix arbitrary PHP file inclusion, HTML injection_XSS vulnerability in filenames of attached files _ self-XSS vulnerabilities source code.tar.gz (768.7 kB)
Get an email when there's a new version of PrivateBin
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| PrivateBin-2.0.2.zip.asc | 2025-10-28 | 833 Bytes | |
| PrivateBin-2.0.2.tar.gz.asc | 2025-10-28 | 833 Bytes | |
| multiple.intoto.jsonl | 2025-10-28 | 22.1 kB | |
| README.md | 2025-10-28 | 587 Bytes | |
| Release v2.0.2 - Fix HTML injection_XSS vulnerability in filenames of attached files source code.tar.gz | 2025-10-28 | 786.1 kB | |
| Release v2.0.2 - Fix HTML injection_XSS vulnerability in filenames of attached files source code.zip | 2025-10-28 | 948.6 kB | |
| Totals: 6 Items | 1.8 MB | 0 | |
- CHANGED: Upgrading libraries to: DOMpurify 3.3.0
- CHANGED: Refactored jQuery DOM element creation into plain JavaScript
- FIXED: Sanitize file name in attachment size hint
- FIXED: PHP OPcache module is optional again (#1679)
- FIXED: bootstrap template password peek input group display
This release addresses an issue with the lacking sanitation of file names when displaying attached files. This issue affects instances that enable fileupload. More details on this issue can be found in the security advisory.
