Release v1.7.2 - Adding new template and configuration options
Important: Please don't update to this release, it contains a critical bug! See #1309 for details.
- ADDED: Allow use of
shortenviayourls
in query parameters (#1267) - ADDED: Input sanitation to some not yet filtered query and server parameters
- ADDED: Optional Bootstrap CSS 5.3.3 based template, use configuration
template = "bootstrap5"
to switch to it (#728) - CHANGED: "Send" button now labeled "Create" (#946)
- CHANGED: Drop some PHP < 5.6 fallbacks, minimum version is PHP 7.3 as of release 1.6.0
- CHANGED: Set
lang
cookie with laxSameSite
property - CHANGED: Upgrading libraries to: DOMpurify 3.1.2 (#1299) & jQuery 3.7.1
- CHANGED:
create
attribute is no longer returned in API for pastes & can be disabled for comments usingdiscussiondatedisplay
as well (#1290) - FIXED: Add cache control headers also to API calls (#1263)
- FIXED: Shortened paste URL does not appear in email (#606)
Note regarding the new template "bootstrap5", that if you want the button icons (SVG) to display, you have to relax the CSP rule slightly and change default-src from 'none'
to 'self'
. You configure it as follows:
template = "bootstrap5"
cspheader = "default-src 'self'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
The new theme comes in only one flavour, but does include a dark-mode switch and attempts detecting the currently set browser preference.
We don't yet enable this new template by default. Please report any issues you find with it or submit pull requests with your improvements. Should no major issues get detected, we intend to make it the new default later this year and eventually deprecate and remove the old bootstrap 3 templates, as well as the page (classic ZereBin) one. It would be appreciated if additional templates would get submitted and shared with the community, so we get some more variety to choose from.