tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-04-18 21:48:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1713 from PrivateBin/changelog/cve-update

Browse Source 
Syncronize changelog with GitHub release doc (for CVE IDs)
This commit is contained in:
rugk
2025-11-13 15:06:19 +01:00
committed by GitHub
parent 14ffbc68e2 4cdc6871e7
commit 9b3647141d
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+3 -3
View File
@@ -3,14 +3,14 @@
## 2.0.4 (not yet released)
## 2.0.3 (2025-11-12)
* FIXED: Prevent arbitrary PHP file inclusion when enabling template switching
* FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users
* FIXED: Prevent arbitrary PHP file inclusion when enabling template switching (CVE-2025-64714)
* FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users (CVE-2025-64711)
* FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)
## 2.0.2 (2025-10-28)
* CHANGED: Upgrading libraries to: DOMpurify 3.3.0
* CHANGED: Refactored jQuery DOM element creation into plain JavaScript
* FIXED: Sanitize file name in attachment size hint
* FIXED: Sanitize file name in attachment size hint ([CVE-2025-62796](https://privatebin.info/reports/vulnerability-2025-10-28.html))
* FIXED: PHP OPcache module is optional again (#1679)
* FIXED: bootstrap template password peek input group display