Recent releases for Cortex

Cortex 0.18

2016-07-09T08:39:15+00:00

- ADDED: The resulting URL is automatically selected after pressing "Send". You just have to press CTRL+C. - ADDED: Automatic syntax highlighting for 53 languages using highlight.js - ADDED: "5 minutes" and "1 week" expirations. - ADDED: "Raw text" button. - jQuery upgraded to 1.9.1 - sjcl upgraded to GitHub master 2013-02-23 - base64.js upgraded to 1.7 - FIXED: Dates in discussion are now proper local dates. - ADDED: Robot meta tags in HTML to prevent search engines indexing. - ADDED: Better json checking (including entropy). - ADDED: Added version to js/css assets URLs in order to prevent some abusive caches to serve an obsolete version of these files when ZeroBin is upgraded. - "Burn after reading" option has been moved out of Expiration combo to a separate checkbox. Reason is: You can prevent a read-once paste to be available ad vitam eternam on the net.

Cortex 0.19

2016-07-09T08:39:45+00:00

- Corrected XSS security flaw which affected IE<10. Other browsers were not affected. - Corrected spacing display in IE<10.

Cortex 0.20

2016-07-09T08:40:17+00:00

- ADDED: Password protected pastes (optional) - ADDED: configuration options for highlighting, password, discussions, expiration times, rate limiting - ADDED: JSON-only retrieval of paste incl. discussion, used to be able to refresh paste when posting a comment - ADDED: bootstrap CSS based template - CHANGED: "Burn after reading" pastes are now deleted only after the paste was successfully decrypted via callback. This prevents accidental deletion by chatbots following URLs and the like. Usage of a password is suggested to ensure only the desired recipient is able to encrypt it. - CHANGED: the "opendiscussion" option now only controls if the discussion checkbox is preselected. Use "discussion = false" to disable the discussion feature completely (which also removes the checkbox from the template). - FIXING: Behaviour of several conflicting configuration options. As a general measure unit tests for 9 of the options and all their possible configurations were added via a unit test generator. - updated JS libraries: jquery to 1.11.3, sjcl to 1.0.2, base64.js to 2.1.9, deflate to 0.5, inflate to 0.3 and prettify to latest - generally improved documentation, both inline phpdoc / JSdoc source code documentation, as well as Wiki pages on installation, configuration, development and JSON-API

Cortex 0.21

2016-07-09T08:41:21+00:00

- ADDED: Translations for German, French and Polish, language selection menu (optional) - ADDED: File upload and image display support (optional) - ADDED: Markdown format support - ADDED: "bootstrap-compact" template that hides some of the options in a drop down menu to ensure the nav bar fitting on one line on smaller screen sizes - FIXING: Various usability issues with different screen sizes / device types in the "bootstrap" template - CHANGED: Instead of having different options to enable and preselect certain formats there is now a generic `[formatter_options]` section where formats can be added to the displayed format drop down menu. A `defaultformatter` can be set, it defaults to "plaintext". The `syntaxhighlighting` configuration got deprecated. - `zerobin.js` got a major refactoring: - moved from global namespace into anonymous function - events are no longer set via "onclick" attributes in the templates, but bound by from JS side - for simpler maintenance the functions were grouped into objects: zerobin (display logic, event handling), filter (compression, encryption), i18n (translation, counterpart of i18n.php) and helper (stateless utilities) - Wiki pages were added to address common topics: - [Upgrading from ZeroBin 0.19 Alpha](https://github.com/PrivateBin/PrivateBin/wiki/Upgrading-from-ZeroBin-0.19-Alpha) - [ZeroBin Directory of public servers](https://github.com/PrivateBin/PrivateBin/wiki/PrivateBin-Directory) - [Translation](https://github.com/PrivateBin/PrivateBin/wiki/Translation) - [Templates](https://github.com/PrivateBin/PrivateBin/wiki/Templates)

Cortex 0.21.1

2016-07-09T08:42:17+00:00

This minor release addresses an issue with the database store in version 0.21. If you use the database model please consider updating. - FIXING: lost meta data when using DB model instead of flat files - FIXING: mobile navbar getting triggered on load - CHANGED: database table "paste" gets automatically extended with a "meta" column - CHANGED: navbar of "bootstrap" template now spans full width of view port on large screens

Cortex 0.22

2016-07-09T08:42:42+00:00

- ADDED: Tab character input support - ADDED: Dark bootstrap theme - ADDED: Option to hide clone button on expiring pastes - ADDED: Option to set a different default language then English and/or enforce it as the only language - ADDED: Database now contains version to allow automatic update of structure, only if necessary; removing database structure check on each request - ADDED: Favicons - FIXING: Regressions in database layer, prohibiting pastes from being stored - FIXING: Fixing "missing" comments when they were posted during the same second to the same paste - FIXING: JS failing when password input disabled - CHANGED: Switching positions of "New" and "Send" button, highlighting the latter to improve workflow - CHANGED: Renamed config file to make updates easier - CHANGED: Switching to JSON-based REST-API - CHANGED: Database structure to store attachments, allowing larger attachments to be stored (depending on maximum BLOB size of database backend) - CHANGED: Refactored data model, traffic limiting & request handling

Cortex 1.0

2016-08-25T09:43:41+00:00

**This is the first release of PrivateBin after renaming the ZeroBin fork. We decided to use the version number 1.0 for this release as we consider PrivateBin now very mature and feature complete. We recommend everyone to update as this version features many security improvements.** The renaming of ZeroBin to PrivateBin is done to highlight the huge developments (over 500 commits) which have happened since ZeroBin stopped being actively maintained by its original creator Sébastien Sauvage in 2014. By choosing to release version 1.0 we also want to emphasize the many feature changes - according to [semantic versioning](http://semver.org/) - and want to show that PrivateBin is now considered mature. Hence a version number smaller than 1.0 just does not seem suitable for PrivateBin anymore. ## Update procedure Make sure your system has some source for cryptographically safe random numbers! Either use PHP 7 or one of the supported fallbacks: [libsodium](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium), open_basedir access to `/dev/urandom`, mcrypt or com_dotnet. The previous workaround using `mt_rand()` was removed, as it leads to unsafe and predictable numbers. Otherwise, as usual, only the files need to be updated. The `tmp` folder for the compiled RainTPL templates can be removed, since we switched to a more lightweight template approach due to RainTPL not being maintained anymore. Have a look at or [template documentation](https://github.com/PrivateBin/PrivateBin/wiki/Templates) to learn how to upgrade your custom template to the new system. There are some new options in the [configuration](https://github.com/PrivateBin/PrivateBin/wiki/Configuration) file. If you are updating from an older ZeroBin install and want to keep existing pastes accessible, make sure to enable the option `zerobincompatibility`. Otherwise more secure settings are used which break compatibility with ZeroBin. ## Benefits of switching to the new release As a user of a ZeroBin instance nothing changes. As soon as the server administrator upgrades to PrivateBin, you can continue using it. We took great efforts to ensure that existing pastes are still fully compatible with the current release. Since version 0.22 we added a Slowene and Chinese translation, an (optional) URL shortener button, a preview tab to help you chose the right format for your content and many other small user interface improvements to make your life a bit more comfortable. With this release we have improved the security of PrivateBin as we have now [addressed most concerns](https://privatebin.info/news/zerobin-audit.html) raised in a security audit of the original ZeroBin in 2014. Furthermore we switched to AES Galois/Counter mode, which is considered a stronger encryption mode then the previously used AES Counter mode with CBC-MAC authentication. The main benefit here is that the authentication (as the pastes/comments are sent over network you want to ensure that your content is not accidentally or maliciously manipulated) is done on the encrypted text instead of the plain text. The potential parallelization of CCM could not be implemented in the single threaded Javascript environment of webbrowsers, anyway. We also make use of a new browser security feature called [Content Security Policy](https://scotthelme.co.uk/content-security-policy-an-introduction/), which prevents [XSS attacks](https://en.wikipedia.org/wiki/Cross-site_scripting) in an effective way. It blocks any third party scripts and resources to be executed in the context of the application. Additionally we started using the new subresource integrity ([SRI](http://www.w3.org/TR/SRI/)) browser feature to avoid loading manipulated scripts under man-in-the-middle attacks. Additionally this allows privacy aware users to easily check for manipulated scripts in the source code of the website and to compare them to the hashes of the official PrivateBin release of that version. To ensure that PrivateBins code is of high quality we [added various code quality checkers](https://github.com/PrivateBin/PrivateBin/issues/22) and subsequently improved the code. These analysers also helped us to [find some potential vulnerabilities](https://github.com/PrivateBin/PrivateBin/issues/41). If you have further questions or issues have a look at the new [FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ). ## Changes since version 0.22 - ADDED: Translations for Slowene and Chinese - ADDED: re-introduced (optional) URL shortener support, which was removed back in version 0.16 for privacy concerns - ADDED: Preview tab, helpful for writing markdown code or check the source code rendering - ADDED: Automatic purging of expired pastes, done on paste creation - ADDED: Option to disable icons in discussions (will only affect newly created pastes) - ADDED: Composer support - CHANGED: Renamed the ZeroBin fork to PrivateBin - CHANGED: Removed unmaintained RainTPL template engine, replacing the templates with straight forward PHP files - CHANGED: New logo and favicons - CHANGED: Upgrading SJCL library to 1.0.4 - CHANGED: Switched to GCM instead of CCM mode for AES encryption for newly created pastes - CHANGED: Use backported random bytes function from PHP7 for older PHP versions instead of mcrypt - CHANGED: Switched to a SHA256 HMAC of the IP in traffic limiter instead of storing it in plain text on the server - CHANGED: Introduced content security policy header to reduce cross site scripting (XSS) risks - CHANGED: Added SHA512 subresource integrity hashes for all javascript includes to reduce the risk of manipulated scripts and easier detection of such - CHANGED: Refactored PHP code to conform to PSR-4 and PSR-2 standards - CHANGED: Switched to Identicons as the default for comments with nicknames - CHANGED: Vizhash is now optional and based on (128 byte) SHA512 HMAC instead of (144 byte) combination of MD5, SHA1 and a reversal of that string - FIXED: Content-type negociation for HTML in certain uncommon browser configurations - FIXED: JavaScript error displayed before page is loaded or during attachment load - FIXED: Don't strip space characters at beginning or end of optional password - FIXED: Various UI glitches in mobile version or on smaller desktops with language menu, button spacing and long URLs - FIXED: Back button now works as expected after switching to raw text view of a paste - FIXED: Reactivated second error message above send comment button to ensure its visibility when the main error message is outside the viewport - FIXED: Raw text now displays original markdown instead of rendered HTML - FIXED: Removed unused code detected with the help of various code review tools - FIXED: Table format for PostgreSQL, making it possible to use PostgreSQL as backend in addition to MySQL, SQLite and flat files We hope you will enjoy the new PrivateBin!

Cortex 1.1

2016-12-26T11:27:51+00:00

**This release adds Italian and Russian translations to PrivateBin and fixes an XSS and a database issue.** Fortunately the CSP headers introduced in version 1.0 suppressed the XSS issue in modern browsers. But [older browsers](http://caniuse.com/contentsecuritypolicy) would still be affected when clicking on the "Raw text" button of a markdown formatted paste containing JavaScript. The issue was introduced with the change in version 1.0 that displays markdown code instead of the rendered HTML in the "raw" mode. The other fixed issue concerns the automatic purging of outdated pastes, which was introduced in version 1.0. When using the database model instead of the default file based store, pastes set to "never" expire were always purged, too. ## Benefits of switching to the new release If you are using the database model instead of the filesystem one and offer pastes that "never" expire, then you should upgrade or disable the purge by [setting the `batchsize` to 0 in your configuration](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#purge). Apart from fixing the XSS issue, markdown pastes containing HTML code will now be properly displayed in the "raw" mode. Both of these issues affected only version 1.0. There are of course [many more benefits in switching to this release](https://privatebin.info/news/v1.0-release.html), if you are still using a version of PrivateBin or ZeroBin before 1.0. ## Update procedure When updating please make sure to adjust the [`cspheader`](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#cspheader) setting. We recommend you to either comment the setting out in order to use our default [recommend CSP header](https://github.com/PrivateBin/PrivateBin/blob/1.1/cfg/conf.ini.sample#L63) or adjust the header so it matches the new default one (mainly just add the `referrer no-referrer;` part). ## Changes since version 1.0 - ADDED: Translations for Italian and Russian - ADDED: Loading message displayed until decryption succeeded for slower (in terms of CPU or network) systems - ADDED: Dockerfile for docker container creation - CHANGED: Using modal dialog to request password input instead of native JS input window ([#69](https://github.com/PrivateBin/PrivateBin/issues/69)) - CHANGED: Suppressed referrer HTTP header sending when following links in a paste or comment ([#96](https://github.com/PrivateBin/PrivateBin/issues/96)) and added additional HTTP headers for XSS mitigation ([#91](https://github.com/PrivateBin/PrivateBin/issues/91)) - CHANGED: Updated random_compat and jQuery libraries - FIXED: XSS using JavaScript stored as markdown formatted paste, after clicking on Raw paste button (related to [#137](https://github.com/PrivateBin/PrivateBin/issues/137)) - FIXED: Automatic purging deleting non-expiring pastes, when using database store ([#149](https://github.com/PrivateBin/PrivateBin/issues/149)) We wish you a happy new year!

Cortex 1.0.2

2017-04-18T15:04:41+00:00

[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.0.1...1.0.2) **Fixed bugs:** - Redirect to jobs list when a job is not found [\#16](https://github.com/CERT-BDF/Cortex/issues/16) - Global section in configuration file is ignored [\#13](https://github.com/CERT-BDF/Cortex/issues/13) - Secure the usage of angular-ui-notification library [\#12](https://github.com/CERT-BDF/Cortex/issues/12) - Jobs list API doesn't take into account the limit param [\#11](https://github.com/CERT-BDF/Cortex/issues/11) **Closed issues:** - Documentation on 'How to create an analyzer' [\#10](https://github.com/CERT-BDF/Cortex/issues/10)

Cortex 1.0.1

2017-04-18T15:05:12+00:00

[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.0.0...1.0.1) **Fixed bugs:** - Fix page scroll issues [\#9](https://github.com/CERT-BDF/Cortex/issues/9) **Closed issues:** - Missing install repertory [\#1](https://github.com/CERT-BDF/Cortex/issues/1)

Cortex 1.1.2

2017-05-24T10:01:34+00:00

## [1.1.2](https://github.com/CERT-BDF/Cortex/tree/1.1.2) [Full Changelog](https://github.com/CERT-BDF/Cortex/compare/rpm/1.1.1-2...1.1.2) **Implemented enhancements:** - Add page loader [\#30](https://github.com/CERT-BDF/Cortex/issues/30) - Initialize MISP modules at startup [\#28](https://github.com/CERT-BDF/Cortex/issues/28) **Fixed bugs:** - jobstatus from jobs within cortex are not updated when status changes [\#31](https://github.com/CERT-BDF/Cortex/issues/31) - Cortex and MISP unclear and error-loop [\#29](https://github.com/CERT-BDF/Cortex/issues/29) - Error 500 in TheHive when a job is submited to Cortex [\#27](https://github.com/CERT-BDF/Cortex/issues/27)

Cortex 1.1.1

2017-05-24T10:02:05+00:00

## [1.1.1](https://github.com/CERT-BDF/Cortex/tree/1.1.1) (2017-05-17) [Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.1.0...1.1.1) **Fixed bugs:** - Missing logos and favicons [\#25](https://github.com/CERT-BDF/Cortex/issues/25) **Closed issues:** - Cortex 1.1.0 doesnt work with theHive 2.11.0 [\#24](https://github.com/CERT-BDF/Cortex/issues/24) - MISP integration [\#21](https://github.com/CERT-BDF/Cortex/issues/21)

Cortex 1.1.0

2017-05-24T10:03:43+00:00

## [1.1.0](https://github.com/CERT-BDF/Cortex/tree/1.1.0) (2017-05-12) [Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.0.2...1.1.0) **Implemented enhancements:** - Add support to .deb and .rpm package generation [\#20](https://github.com/CERT-BDF/Cortex/issues/20) - Scala code cleanup [\#19](https://github.com/CERT-BDF/Cortex/issues/19) - Display analyzers metadata [\#18](https://github.com/CERT-BDF/Cortex/issues/18) **Closed issues:** - Display Cortex version on the footer [\#23](https://github.com/CERT-BDF/Cortex/issues/23) - Use new logo and favicon [\#22](https://github.com/CERT-BDF/Cortex/issues/22)

Cortex 1.1.3

2017-06-15T08:55:25+00:00

## [1.1.3](https://github.com/CERT-BDF/Cortex/tree/1.1.3) [Full Changelog](https://github.com/CERT-BDF/Cortex/compare/debian/1.1.2...1.1.3) **Fixed bugs:** - Problem Start Cortex on Ubuntu 16.04 [\#35](https://github.com/CERT-BDF/Cortex/issues/35) - Error when parsing analyzer failure report [\#33](https://github.com/CERT-BDF/Cortex/issues/33)

Cortex 1.1.4

2017-09-15T15:27:18+00:00

## [1.1.4](https://github.com/CERT-BDF/Cortex/tree/1.1.4) (2017-09-15) [Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.1.3...1.1.4) **Implemented enhancements:** - Group ownership in Docker image prevents running on OpenShift [\#42](https://github.com/CERT-BDF/Cortex/issues/42) **Fixed bugs:** - Display a error notification on analyzer start fail [\#39](https://github.com/CERT-BDF/Cortex/issues/39) - Cortex removes the input details from failure reports [\#38](https://github.com/CERT-BDF/Cortex/issues/38) **Closed issues:** - Disable analyzer in configuration file [\#32](https://github.com/CERT-BDF/Cortex/issues/32)

Cortex 2.0.0

2018-04-03T15:59:01+00:00

## [2.0.0](https://github.com/TheHive-Project/Cortex/tree/2.0.0) (2018-03-30) [Full Changelog](https://github.com/TheHive-Project/Cortex/compare/1.1.4...2.0.0) **Implemented enhancements:** - Display analyzers only if necessary configuration values are set [\#14](https://github.com/TheHive-Project/Cortex/issues/14) **Fixed bugs:** - Error when clicking out of the "New Analysis" box [\#48](https://github.com/TheHive-Project/Cortex/issues/48) **Closed issues:** - AMD64 REPO 404 [\#64](https://github.com/TheHive-Project/Cortex/issues/64) - Unable for Cortex to connected to MISP [\#61](https://github.com/TheHive-Project/Cortex/issues/61) - Cortex crashed after a OutOfMemoryError [\#60](https://github.com/TheHive-Project/Cortex/issues/60) - Malwareconfig Lookup and Yara Rule Additions [\#57](https://github.com/TheHive-Project/Cortex/issues/57) - Shodan Analyzer Fails - Module cortexutils Not Found [\#55](https://github.com/TheHive-Project/Cortex/issues/55) - API: Resource not found by Assets controller [\#47](https://github.com/TheHive-Project/Cortex/issues/47) - Wrong MISP config in conf/application.sample [\#45](https://github.com/TheHive-Project/Cortex/issues/45) - Local, LDAP, AD and API Key Authentication [\#7](https://github.com/TheHive-Project/Cortex/issues/7) - Limit Rates and Respect Quotas [\#6](https://github.com/TheHive-Project/Cortex/issues/6) - Persistence and Report Caching [\#5](https://github.com/TheHive-Project/Cortex/issues/5) - Provide alternative paths for analyzers in addition to standard path. [\#4](https://github.com/TheHive-Project/Cortex/issues/4) - Provide way to reload conf file for new API keys without shutdown. [\#3](https://github.com/TheHive-Project/Cortex/issues/3) - Provide Secret Key auth to upstream service [\#2](https://github.com/TheHive-Project/Cortex/issues/2) **Merged pull requests:** - Add proxy configuration block [\#52](https://github.com/TheHive-Project/Cortex/pull/52) ([cemasirt](https://github.com/cemasirt)) - Fixed Typo [\#46](https://github.com/TheHive-Project/Cortex/pull/46) ([steoleary](https://github.com/steoleary)) - Adding WOT config sample [\#43](https://github.com/TheHive-Project/Cortex/pull/43) ([mthlvt](https://github.com/mthlvt))

Cortex 2.0.1

2018-04-03T15:59:14+00:00

## [2.0.1](https://github.com/TheHive-Project/Cortex/tree/2.0.1) (2018-03-30) [Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.0.0...2.0.1) **Fixed bugs:** - File upload component not working [\#69](https://github.com/TheHive-Project/Cortex/issues/69) - Packages contain obsolete configuration sample [\#68](https://github.com/TheHive-Project/Cortex/issues/68) - User can't change his password [\#67](https://github.com/TheHive-Project/Cortex/issues/67)

Cortex 2.0.2

2018-04-13T13:20:27+00:00

## [2.0.2](https://github.com/TheHive-Project/Cortex/tree/2.02) [Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.0.1...2.0.2) **Fixed bugs:** - Silently failure when ElasticSearch is unreachable [\#76](https://github.com/TheHive-Project/Cortex/issues/76) - Coretxutils and TypeError: argument of type 'bool' is not iterable [\#73](https://github.com/TheHive-Project/Cortex/issues/73) - Unable to disable analyzers [\#72](https://github.com/TheHive-Project/Cortex/issues/72) - Cortex 2 is not passing proxy variable to analyzers [\#71](https://github.com/TheHive-Project/Cortex/issues/71) - Session collision when TheHive & Cortex 2 share the same URL [\#70](https://github.com/TheHive-Project/Cortex/issues/70)

Cortex 2.0.3

2018-04-13T13:20:55+00:00

## [2.0.3](https://github.com/TheHive-Project/Cortex/tree/2.0.3) (2018-04-09) [Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.0.2...2.0.3) **Implemented enhancements:** - Allow arbitrary parameters for a job [\#86](https://github.com/TheHive-Project/Cortex/issues/86) - Change of global config for proxy is not reflected in analyzer's configurations [\#81](https://github.com/TheHive-Project/Cortex/issues/81) **Fixed bugs:** - Refresh Analyzers button not working [\#83](https://github.com/TheHive-Project/Cortex/issues/83) - Version Upgrade of Analyzer makes all Analyzers invisible for TheHive \(Cortex2\) [\#75](https://github.com/TheHive-Project/Cortex/issues/75) **Closed issues:** - Allow specifying a cache period per analyzer [\#85](https://github.com/TheHive-Project/Cortex/issues/85) - Display existing analyzers with invalid definition [\#82](https://github.com/TheHive-Project/Cortex/issues/82) - Allow configuring auto artifacts extraction per analyzer [\#80](https://github.com/TheHive-Project/Cortex/issues/80)

Cortex 2.0.4

2018-04-13T13:31:40+00:00

## [2.0.4](https://github.com/TheHive-Project/Cortex/tree/2.0.4) (2018-04-13) [Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.0.3...2.0.4) **Implemented enhancements:** - Let a Read/Analyze User Display/Change their API Key [\#89](https://github.com/TheHive-Project/Cortex/issues/89) **Fixed bugs:** - Strictly filter the list of analyzers in the run dialog [\#95](https://github.com/TheHive-Project/Cortex/issues/95) - Updating users by orgAdmin users fails silently [\#94](https://github.com/TheHive-Project/Cortex/issues/94) - Fix analyzer configurations icons [\#93](https://github.com/TheHive-Project/Cortex/issues/93) - Wrong page redirection [\#92](https://github.com/TheHive-Project/Cortex/issues/92) - Sort analyzers list by name [\#91](https://github.com/TheHive-Project/Cortex/issues/91) - Cortex 2.0.3 docker container having cortex analyzer errors [\#90](https://github.com/TheHive-Project/Cortex/issues/90) - Install python3 requirements for analyzers in public docker image [\#58](https://github.com/TheHive-Project/Cortex/issues/58) **Closed issues:** - Insufficient Rights To Perform This Action [\#87](https://github.com/TheHive-Project/Cortex/issues/87)

Cortex 1.2

2018-07-22T10:01:40+00:00

**This release adds QR code generation, inline display of video, audio, PDF and new translations to PrivateBin and a large refactoring of the JavaScript code.** A new button lets you generate a _QR code_ of your newly created pastes URL. This allows for easy transfer of a pasted data from one mobile device to another. When the optional file upload is enabled, uploaded _videos, audio files and PDFs_ are displayed inline, like we did with images, as long as the visitors browser supports it. By default the file and paste upload is limited to a 2 MiB size. _Translations_ for Spanish, Occitan, Norwegian, Portuguese, Dutch and Hungarian have also been added since the last release. The main change of this release, and the reason it took us so long since doing the last one, was the large [refactoring and cleanup of the JavaScript logic](https://github.com/PrivateBin/PrivateBin/pull/180) of PrivateBin. The refactoring itself was done in early 2017. In parallel we introced mocha and JSverify running on nodeJS as a [property based unit testing](https://github.com/PrivateBin/PrivateBin/blob/master/tst/README.md#property-based-unit-testing) framework for the logic (à la [QuickCheck](https://www.youtube.com/watch?v=AfaNEebCDos)). Many months were spent to cover more and more pieces of the logic. In the end we covered all of the modular parts of the logic (879 of 1273 lines of code for a [69% code coverage](https://privatebin.info/jscoverage/js/privatebin.js.html)), including the encryption wrapper functions for backward compatibility with older paste formats. The UI related parts of the code proved difficult to test, partly because in nodeJS the browsers document object model (DOM) is emulated using the JSdom library, the lack of an actual view port being present (so no scrolling, for example) and also due the event driven nature which contradicts the modular approach of unit testing. For many UI interfaces, large parts of the DOM has to be present, since emitting a single click event may trigger changes in many different parts of the UI. This is a shortcoming of the current structure of the UI logic, which we may need to improve further. Still, the unit testing [found many regressions](https://github.com/PrivateBin/PrivateBin/issues/32#issuecomment-401545763) and some issues that have been in the code for a long time without having been reported. It lays the necessary ground work for the future changes, especially the major changes planned for the encryption format. ## Benefits of switching to the new release Apart from the new QR code feature many new translations were added. All used libraries were upgraded, too. While no security issues were reported for any of these, they address some bugs that didn't affect us directly or improve compatibility with the latests browsers and PHP releases. ## Update procedure A new [configuration option `name`](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#name) was introduced for those admins that like to replace the "PrivateBin" moniker in the template with their own site name. As usual, you can [download the archive](https://github.com/PrivateBin/PrivateBin/releases/latest) for a manual upgrade and can find more details in the [installation instructions](https://github.com/PrivateBin/PrivateBin/blob/master/INSTALL.md#installation). We now also offer a [Docker container](https://hub.docker.com/r/privatebin/nginx-fpm-alpine/) that includes the recommended secure setup with the non-essential files and data outside of the web servers document root. We also started providing [additional tools in Docker containers](https://github.com/PrivateBin/PrivateBin/wiki/Docker). ## Changes since version 1.1.1 * ADDED: Translations for Spanish, Occitan, Norwegian, Portuguese, Dutch and Hungarian * ADDED: Option in configuration to change the default "PrivateBin" title of the site * ADDED: Added display of video, audio & PDF, drag & drop, preview of attachments (#182) * ADDED: QR code generation (#169) * ADDED: Introduced DOMpurify library to sanitize generated HTML before display (#183) * CHANGED: Force JSON request for getting paste data & password retry (#216) * CHANGED: Minimum required PHP version is 5.4 (#186) * CHANGED: Shipped .htaccess files were updated for Apache 2.4 (#192) * CHANGED: Cleanup of bootstrap template variants and moved icons to `img` directory * CHANGED: Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state * CHANGED: Upgrading libraries to: SJCL 1.0.7, jQuery 3.3.1, Base64 2.4.5, Showdown 1.8.6, DOMpurify 1.0.5 & Prettify 453bd5f * CHANGED: Refactored JavaScript code, making it modular with private and public functions, making it much easier to maintain (#178) * FIXED: To counteract regressions introduced by the refactoring, we finally introduced property based unit testing for the JavaScript code, this caught several regressions, but also some very old bugs not found so far (#32) More details about the plans for future releases and on how you can help the project achieve them, can be found in the [PrivateBin version 1.2 release announcements](https://privatebin.info/news/v1.2-release.html).

Cortex 2.1.0-RC1

2018-07-31T13:49:27+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.0.4...2.1.0-RC1) **Implemented enhancements:** - New TheHive-Project repository [\#112](https://github.com/TheHive-Project/Cortex/issues/112) **Fixed bugs:** - First analyze of a "file" always fail, must re-run the analyze a second time [\#117](https://github.com/TheHive-Project/Cortex/issues/117) - Analyzers filter in Jobs History view is limited to 25 analyzers [\#116](https://github.com/TheHive-Project/Cortex/issues/116) - Fix redirection from Migration page to login on 401 error [\#114](https://github.com/TheHive-Project/Cortex/issues/114) - Analyzer Configuration Only Showing Global Configuration [\#104](https://github.com/TheHive-Project/Cortex/issues/104) **Closed issues:** - Automatic observables extraction from analysis reports. [\#111](https://github.com/TheHive-Project/Cortex/issues/111) - Automated response via Cortex [\#110](https://github.com/TheHive-Project/Cortex/issues/110) - Consider providing checksums for the release files [\#105](https://github.com/TheHive-Project/Cortex/issues/105) - ImportError: No module named 'cortexutils' on V2.0.4 [\#102](https://github.com/TheHive-Project/Cortex/issues/102) - Error occur from thehive project request to cortex project [\#101](https://github.com/TheHive-Project/Cortex/issues/101) - Analyzers disappear after deactivation and can not get enabled [\#98](https://github.com/TheHive-Project/Cortex/issues/98) - PAP as an analyzer restriction [\#65](https://github.com/TheHive-Project/Cortex/issues/65) - Application.conf doesn't have Yeti config nor allows for API Auth [\#54](https://github.com/TheHive-Project/Cortex/issues/54) - endless loop of cortex analyser call [\#36](https://github.com/TheHive-Project/Cortex/issues/36) **Merged pull requests:** - Update GitHub path [\#100](https://github.com/TheHive-Project/Cortex/pull/100) ([saadkadhi](https://github.com/saadkadhi))

Cortex 1.2.1

2018-08-11T20:34:12+00:00

**This release fixes a low entropy key vulnerability in PrivateBin affecting legacy browsers** On 31st of July 2018, **[@cryptolok](https://github.com/cryptolok)** reported a cryptographic vulnerability in PrivateBin due to the incorrect use of SJCL when used on very old browsers. When creating a paste using any ZeroBin version or PrivateBin up to and including 1.1.1 on a browser without web crypto API support (Firefox<21, Chrome<15, Safari<5, IE<11) the key may have been generated without sufficient entropy. PrivateBin 1.2 was not affected, because the support for those browser versions got removed in the JS refactoring. This release re-adds support for those legacy browsers and ensures they generate the key with sufficient entropy. In the next release of PrivateBin we will permanently drop legacy browser support and switch to the web crypto API exclusively. This release ensures that there is at least one release available that supports both legacy browsers and has the entropy issue fixed. Further details on this is an issue and its implications can be found in our [report on the vulnerability](https://privatebin.info/reports/vulnerability-2018-08-11.html). It also describes methods to check if your browser is currently affected by the issue. If it is, please consider updating your browser. ## Benefits of switching to the new release If you are still using PrivateBin version 1.1.1 or ZeroBin, upgrading to this release will ensure that you retain legacy browser support and fix the low entropy key vulnerability in your current version. If you already upgraded to PrivateBin 1.2 and don't need to support these very old browser versions (released before October 2013) then you could consider skipping this release. ## Update procedure As usual, you can [download the archive](https://github.com/PrivateBin/PrivateBin/releases/latest) for a manual upgrade and can find more details in the [installation instructions](https://github.com/PrivateBin/PrivateBin/blob/master/INSTALL.md#installation). We also offer a [Docker container](https://hub.docker.com/r/privatebin/nginx-fpm-alpine/) that includes the recommended secure setup with the non-essential files and data outside of the web servers document root. Note that this is the first release that is signed with [the new signing key](https://privatebin.info/key/release.asc) (fingerprint: `28CA 7C96 4938 EA5C 1481 D42A E11B 7950 E9E1 83DB`). This key is intended to be used for signing releases from now on. ## Changes since version 1.2 * ADDED: Add support for mega.nz links in pastes and comments (#331) * CHANGED: Added some missing Russian translations (#348) * CHANGED: Minor PHP refactoring: Rename PrivateBin class to Controller, improved logic of some persistence classes (#342) * CHANGED: Upgrading DOMpurify library to 1.0.7 * FIXED: Ensure legacy browsers without webcrypto support can't create paste keys with insufficient entropy (#346) * FIXED: Re-add support for old browsers (Firefox<21, Chrome<31, Safari<7, IE<11), broken in 1.2, will be removed again in 1.3

Cortex 2.1.0

2018-09-25T14:24:15+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.1.0-RC1...2.1.0) **Implemented enhancements:** - Show PAP value in the Org \> Analyzers screen [\#124](https://github.com/TheHive-Project/Cortex/issues/124) - Display cache configuration in analyzer admin page [\#123](https://github.com/TheHive-Project/Cortex/issues/123) **Fixed bugs:** - Temporary files are not removed at the end of job [\#129](https://github.com/TheHive-Project/Cortex/issues/129) - MISP fails to run analyzers [\#128](https://github.com/TheHive-Project/Cortex/issues/128) - MISP API fails [\#109](https://github.com/TheHive-Project/Cortex/issues/109) - File\_Info issue [\#53](https://github.com/TheHive-Project/Cortex/issues/53) **Merged pull requests:** - Update resolvers in build.sbt to contain Maven as a dependency [\#130](https://github.com/TheHive-Project/Cortex/pull/130) ([adl1995](https://github.com/adl1995))

Cortex 2.1.1

2018-10-12T14:07:58+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.1.0...2.1.1) **Implemented enhancements:** - Change Debian dependencies [\#141](https://github.com/TheHive-Project/Cortex/issues/141) - Allow Cortex to use a custom root context [\#140](https://github.com/TheHive-Project/Cortex/issues/140) - Publish stable versions in beta package channels [\#138](https://github.com/TheHive-Project/Cortex/issues/138) **Fixed bugs:** - Fix Cache column in analyzers admin page [\#139](https://github.com/TheHive-Project/Cortex/issues/139) - RPM update replace configuration file [\#137](https://github.com/TheHive-Project/Cortex/issues/137) - Console output should not be logged in syslog [\#136](https://github.com/TheHive-Project/Cortex/issues/136)

Cortex 2.1.2

2018-10-12T14:08:10+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.1.1...HEAD) **Fixed bugs:** - GUI Search Function is broken [\#145](https://github.com/TheHive-Project/Cortex/issues/145) - findSimilarJob function broken [\#144](https://github.com/TheHive-Project/Cortex/issues/144)

Cortex 2.1.3

2019-05-10T14:23:18+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.1.2...2.1.3) **Implemented enhancements:** - Add configuration for drone continuous integration [\#156](https://github.com/TheHive-Project/Cortex/issues/156) - Add PAP property to jobs list [\#146](https://github.com/TheHive-Project/Cortex/issues/146) **Fixed bugs:** - Wrong checks of role when an user is created [\#158](https://github.com/TheHive-Project/Cortex/issues/158) - Unable to disable invalid responders [\#157](https://github.com/TheHive-Project/Cortex/issues/157) - PAP field is ignored from job modal [\#152](https://github.com/TheHive-Project/Cortex/issues/152) - SinkDB analyzer could not find DIG in the Cortex docker image [\#147](https://github.com/TheHive-Project/Cortex/issues/147) - GUI Search Function is broken [\#145](https://github.com/TheHive-Project/Cortex/issues/145) **Closed issues:** - Systemd: cortex.service: Failed with result 'exit-code'. [\#155](https://github.com/TheHive-Project/Cortex/issues/155) - conf/logback.xml: Rotate logs [\#62](https://github.com/TheHive-Project/Cortex/issues/62)

Cortex 3.0.0-RC1

2019-05-10T14:23:43+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/2.1.3...3.0.0-RC1) **Implemented enhancements:** - Remove size limitations [\#178](https://github.com/TheHive-Project/Cortex/issues/178) - Collapse job error messages by default in job history [\#171](https://github.com/TheHive-Project/Cortex/issues/171) - Update Copyright with year 2019 [\#168](https://github.com/TheHive-Project/Cortex/issues/168) **Fixed bugs:** - SSO: Authentication module not found [\#181](https://github.com/TheHive-Project/Cortex/issues/181) - Akka Dispatcher Blocked [\#170](https://github.com/TheHive-Project/Cortex/issues/170) **Closed issues:** - Use files to communicate with analyzer/responder [\#176](https://github.com/TheHive-Project/Cortex/issues/176) - Provide analyzers and responders packaged with docker [\#175](https://github.com/TheHive-Project/Cortex/issues/175) - Single sign-on support for Cortex [\#165](https://github.com/TheHive-Project/Cortex/issues/165) - File extraction [\#120](https://github.com/TheHive-Project/Cortex/issues/120)

Cortex 3.0.0-RC2

2019-05-10T14:24:11+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0-RC1...3.0.0-RC2) **Fixed bugs:** - Unable to load Analyzers with 3.0.0 [\#185](https://github.com/TheHive-Project/Cortex/issues/185) - Cortex will fail to run analyzers [\#182](https://github.com/TheHive-Project/Cortex/issues/182) - Docker container exposes tcp/9000 instead of tcp/9001 [\#166](https://github.com/TheHive-Project/Cortex/issues/166)

Cortex 3.0.0-RC3

2019-06-05T14:26:53+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0-RC2...3.0.0-RC3) **Implemented enhancements:** - Improve job details page [\#195](https://github.com/TheHive-Project/Cortex/issues/195) - Add support of ElasticSearch 6 [\#191](https://github.com/TheHive-Project/Cortex/issues/191) - Upgrade frontend libraries [\#190](https://github.com/TheHive-Project/Cortex/issues/190) **Fixed bugs:** - Get user detials via API is available to non-admin users [\#194](https://github.com/TheHive-Project/Cortex/issues/194)

Cortex 3.0.0-RC4

2019-07-11T07:47:53+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0-RC3...3.0.0-RC4) **Fixed bugs:** - Responder run displayed as Analyzer run [\#207](https://github.com/TheHive-Project/Cortex/issues/207) - docker version of cortex breaks when you don't create a user immediately [\#204](https://github.com/TheHive-Project/Cortex/issues/204) - Login error after Cortex upgrade to 3 [\#199](https://github.com/TheHive-Project/Cortex/issues/199) - Yara analyzer configuration dialog broken [\#134](https://github.com/TheHive-Project/Cortex/issues/134) **Closed issues:** - docker version of cortex prints a lot of errors for auth failures [\#205](https://github.com/TheHive-Project/Cortex/issues/205) - dockerhub sample uses the wrong port [\#203](https://github.com/TheHive-Project/Cortex/issues/203) - Custom Responder not showing up in Responders Config Tab [\#201](https://github.com/TheHive-Project/Cortex/issues/201) - Can't enable some "free" Analyzers [\#200](https://github.com/TheHive-Project/Cortex/issues/200)

Cortex 3.0.0

2019-09-11T14:15:50+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0-RC4...3.0.0) **Fixed bugs:** - cortex 3.0.0-RC4 container : StreamSrv error popup spamming the setup page [\#210](https://github.com/TheHive-Project/Cortex/issues/210)

Cortex 3.0.1

2020-09-15T08:26:31+00:00

[Full Changelog](https://github.com/TheHive-Project/Cortex/compare/3.0.0...3.0.1) **Implemented enhancements:** - Cortex logs the Play secret key at startup. [\#244](https://github.com/TheHive-Project/Cortex/issues/244) - Analyzer reports "no output" when it fails [\#241](https://github.com/TheHive-Project/Cortex/issues/241) - Docker image has many CVE's open against it [\#238](https://github.com/TheHive-Project/Cortex/issues/238) - Remove Elasticsearch cluster configuration option [\#230](https://github.com/TheHive-Project/Cortex/pull/230) ([adl1995](https://github.com/adl1995)) - Handle second/minute-rates limits on Flavors and Analyzers [\#164](https://github.com/TheHive-Project/Cortex/issues/164) **Fixed bugs:** - Fix error message display for failed analyzers/responders [\#243](https://github.com/TheHive-Project/Cortex/issues/243) - Remove reference to google fonts [\#242](https://github.com/TheHive-Project/Cortex/issues/242) - Encoding issue causes invalid format for catalog file [\#240](https://github.com/TheHive-Project/Cortex/issues/240) - Missing dependency for cluster [\#239](https://github.com/TheHive-Project/Cortex/issues/239) - Old non-existent analysers showing in Cortex after an upgrade [\#234](https://github.com/TheHive-Project/Cortex/issues/234)

Cortex 3.1.0-RC1

2020-09-15T08:26:48+00:00

**Implemented enhancements:** - Support of ElasticSearch 7 [\#279](https://github.com/TheHive-Project/Cortex/issues/279) **Fixed bugs:** - OAuth2 SSO Login Broken [\#264](https://github.com/TheHive-Project/Cortex/issues/264)

Cortex 3.1.0

2020-10-30T17:17:38+00:00

**Implemented enhancements:** - Improve Docker image [\#296](https://github.com/TheHive-Project/Cortex/issues/296) - Impossible to load catalog through a proxy [\#297](https://github.com/TheHive-Project/Cortex/issues/297) - Update login page design [\#303](https://github.com/TheHive-Project/Cortex/issues/303) **Fixed bugs:** - [Bug] Cortex and boolean ConfigurationItems [\#309](https://github.com/TheHive-Project/Cortex/issues/309)

Cortex 3.1.1

2021-03-01T09:39:36+00:00

**Implemented enhancements:** - [Improvement] Create logfile after installation [\#341](https://github.com/TheHive-Project/Cortex/issues/341) **Fixed bugs:** - [BUG] Certificate not taken into account when running neurons with process [\#317](https://github.com/TheHive-Project/Cortex/issues/317) - [Bug] Update doesn't work on Elasticsearch 7.11 [\#346](https://github.com/TheHive-Project/Cortex/issues/346)

Cortex 3.1.2

2021-11-12T10:06:41+00:00

## [3.1.2](https://github.com/TheHive-Project/Cortex/milestone/30) (2021-11-05) **Closed issues:** - More settings on docker containers instantiated by Cortex [\#387](https://github.com/TheHive-Project/Cortex/issues/387) **Implemented enhancements:** - Create a docker image with all dependencies [\#388](https://github.com/TheHive-Project/Cortex/issues/388)

Cortex 3.1.3

2021-11-12T10:07:25+00:00

## [3.1.3](https://github.com/TheHive-Project/Cortex/milestone/31) (2021-11-10) **Fixed bugs:** - The build of frontend fails [\#389](https://github.com/TheHive-Project/Cortex/issues/389)

Cortex 3.1.7

2022-10-07T13:15:38+00:00

## [3.1.7](https://github.com/TheHive-Project/Cortex/milestone/34) (2022-10-07) **Implemented enhancements:** - Prevent invalid analyzer when a new version is available [\#426](https://github.com/TheHive-Project/Cortex/issues/426) - Display job parameters in the report page [\#430](https://github.com/TheHive-Project/Cortex/issues/430) - An error in docker pull should not stop the analysis [\#431](https://github.com/TheHive-Project/Cortex/issues/431) - Improve catalog parsing [\#432](https://github.com/TheHive-Project/Cortex/issues/432) **Closed issues:** - [BUG] CA Certs parameter can't be set back to null [\#377](https://github.com/TheHive-Project/Cortex/issues/377) - [FR] See user and organisation who triggered a responder in Cortex WebUI [\#394](https://github.com/TheHive-Project/Cortex/issues/394)

Cortex 3.1.8

2023-09-21T12:04:42+00:00

## What's Changed * [CTX-16] fix: don't use Elasticsearch scroll to find user by its API key by @To-om in https://github.com/TheHive-Project/Cortex/pull/447 * [CTX-17] fix: Update version of JFFI by @To-om in https://github.com/TheHive-Project/Cortex/pull/448 * Update deps by @vdebergue in https://github.com/TheHive-Project/Cortex/pull/449 * update dependencies for rpm and debian packages by @vdebergue in https://github.com/TheHive-Project/Cortex/pull/456 * GroupUserMapper.scala: Backport fix from TheHive for group mapper functionality by @jiprocha in https://github.com/TheHive-Project/Cortex/pull/438 * Update cortex.service by @o101010 in https://github.com/TheHive-Project/Cortex/pull/361 * Fixed user parameter name in application config sample by @Neuro-HSOC in https://github.com/TheHive-Project/Cortex/pull/315 ## New Contributors * @To-om made their first contribution in https://github.com/TheHive-Project/Cortex/pull/447 * @vdebergue made their first contribution in https://github.com/TheHive-Project/Cortex/pull/449 * @jiprocha made their first contribution in https://github.com/TheHive-Project/Cortex/pull/438 * @o101010 made their first contribution in https://github.com/TheHive-Project/Cortex/pull/361 * @Neuro-HSOC made their first contribution in https://github.com/TheHive-Project/Cortex/pull/315 **Full Changelog**: https://github.com/TheHive-Project/Cortex/compare/3.1.6...3.1.8