Skip to content

Release v1.7.2 - Adding new template and configuration options
Compare
Choose a tag to compare
@github-actions github-actions released this 05 May 19:12
· 57 commits to master since this release
1.7.2
This tag was signed with the committer’s verified signature.
elrido El RIDO
GPG key ID: 0F5C940A6BD81F92
Learn about vigilant mode.
da8b6a2
This commit was signed with the committer’s verified signature.
elrido El RIDO
GPG key ID: 0F5C940A6BD81F92
Learn about vigilant mode.

Important: Please don't update to this release, it contains a critical bug! See #1309 for details.

  • ADDED: Allow use of shortenviayourls in query parameters (#1267)
  • ADDED: Input sanitation to some not yet filtered query and server parameters
  • ADDED: Optional Bootstrap CSS 5.3.3 based template, use configuration template = "bootstrap5" to switch to it (#728)
  • CHANGED: "Send" button now labeled "Create" (#946)
  • CHANGED: Drop some PHP < 5.6 fallbacks, minimum version is PHP 7.3 as of release 1.6.0
  • CHANGED: Set lang cookie with lax SameSite property
  • CHANGED: Upgrading libraries to: DOMpurify 3.1.2 (#1299) & jQuery 3.7.1
  • CHANGED: create attribute is no longer returned in API for pastes & can be disabled for comments using discussiondatedisplay as well (#1290)
  • FIXED: Add cache control headers also to API calls (#1263)
  • FIXED: Shortened paste URL does not appear in email (#606)

Note regarding the new template "bootstrap5", that if you want the button icons (SVG) to display, you have to relax the CSP rule slightly and change default-src from 'none' to 'self'. You configure it as follows:

template = "bootstrap5"
cspheader = "default-src 'self'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"

The new theme comes in only one flavour, but does include a dark-mode switch and attempts detecting the currently set browser preference.

We don't yet enable this new template by default. Please report any issues you find with it or submit pull requests with your improvements. Should no major issues get detected, we intend to make it the new default later this year and eventually deprecate and remove the old bootstrap 3 templates, as well as the page (classic ZereBin) one. It would be appreciated if additional templates would get submitted and shared with the community, so we get some more variety to choose from.

Assets 5
16 Join discussion