From 7ab6411f71ead2513d6cda23300b48ec4ef0f913 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 16 Jun 2019 13:38:03 +0200 Subject: [PATCH] updated credits & change log --- CHANGELOG.md | 16 ++++++++++++++++ CREDITS.md | 8 +++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f46df79..b1159b3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,22 @@ # PrivateBin version history * **1.3 (not yet released)** + * ADDED: Threat modeled the application (#177) + * CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library + * CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible + * CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74) + * CHANGED: Replaced rawdeflate.js with zlib.wasm to resolve decompression failures and gain compatibility with standard deflate implementations (#193, #260, #328, #434, #440) + * CHANGED: Increase PBKDF2 iterations to 100k (#350) + * CHANGED: Replaced last use of MD5 with Fowler–Noll–Vo checksum which produces the exact length we need for the paste ID (#49) + * CHANGED: Simplified some PHP code & renamed PrivateBin class into Controller, to make MVC pattern use more obvious (#342) + * CHANGED: Upgrading libraries to: identicon 1.2.0, random_compat 2.0.18, jQuery 3.4.1, Showdown 1.9.0, DOMpurify 1.0.10 & kjua 0.6.0 + * FIXED: Prevent Chrome from sending content of paste to Google for translation (#378) + * FIXED: To support attachments larger then 2 MiB in newer Chrome versions, we switched to blob instead of data URIs (#432) + * FIXED: Since Outlook strips trailing equal signs in links, the key in URL hash is now base58 encoded, instead of base64 (#377) + * FIXED: Facebooks started injecting parameters into shared URLs for tracking that lead to inaccessible pastes (#396) + * FIXED: Properly escaped HTML in raw text mode (#358) + * FIXED: Made download links better readable in the dark bootstrap theme (#364) + * FIXED: Allow Letsencrypt bot to access on apache servers (#413) * **1.2.1 (2018-08-11)** * ADDED: Add support for mega.nz links in pastes and comments (#331) * CHANGED: Added some missing Russian translations (#348) diff --git a/CREDITS.md b/CREDITS.md index 31ede3e4..688dcc38 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -3,7 +3,8 @@ ## Active contributors Simon Rupf - current developer and maintainer -rugk - security review, doc improvment, JS refactoring & various other stuff +rugk - security review, doc improvment, JS refactoring & various other stuff +R4SAS - python client, compression, blob URI to support larger attachments ## Past contributions @@ -12,7 +13,7 @@ Sébastien Sauvage - original idea and main developer * Alexey Gladkov - syntax highlighting * Greg Knaddison - robots.txt * MrKooky - HTML5 markup, CSS cleanup -* Simon Rupf - MVC refactoring, configuration, i18n and unit tests +* Simon Rupf - WebCrypto, unit tests, current docker containers, MVC, configuration, i18n * Hexalyse - Password protection * Viktor Stanchev - File upload support * azlux - Tab character input support @@ -21,8 +22,9 @@ Sébastien Sauvage - original idea and main developer * Sobak - PSR-4 and PSR-2 refactoring * Nathaniel Olsen - jQuery upgrade * Alexander Demenshin - modal password dialog -* PunKeel - Dockerfile +* PunKeel - first docker container * thororm - Display of video, audio & PDF, drag & drop, preview of attachments +* Harald Leithner - base58 encoding of key ## Translations * Hexalyse - French