What Changed in v2.1.2

Payload templating — Files can now be rendered as Go templates on the fly. Request a file with the ?tpl query parameter and {{.VAR}} placeholders are substituted at download time. Enable with --template and pass variables via the repeatable --tpl-var KEY=VALUE flag (e.g. --tpl-var LPORT=4444). Ideal for serving payloads/scripts that need host- or port-specific values baked in without editing files on disk.

./goshs -i 10.10.14.7 --template --tpl-var LPORT=4444

Resumable downloads (HTTP Range support) — The file handler now honors Range requests, enabling partial content responses and resumable/interrupted downloads of large files.

Bulk-download ACL bypass — Selecting a parent directory for bulk (zip) download no longer bypasses authentication or block rules defined in nested .goshs files. ACL is now enforced per-file during the recursive zip walk, and .goshs files are excluded from archives.
WebDAV ACL enforcement — Added a .goshs guard to the WebDAV interface so directory-level access controls are now applied over WebDAV as well.
Brute-force lockout reset — Failed-login lockouts now correctly reset after the lockout duration expires instead of remaining stuck.
Path handling — Removed a double URL-decode in sanitizePath so filenames containing literal % and + are preserved correctly.
Share creation crash — Fixed a missing return after a failed os.Stat in the share handler that could lead to a nil-dereference, plus a related error-message typo.

Docker image publishing moved into CI, with images now pushed to GitHub Container Registry (GHCR) in addition to Docker Hub; both images are now multi-arch.
Refreshed shell completions (bash/zsh/fish) — added --ttl and --tui, and corrected the FTP flag names.
Makefile cleanup and COPR spec fixes.
Fixed integration tests.

Bumped GitHub Actions: actions/checkout 6→7, docker/setup-buildx-action 3→4, docker/login-action 3→4, docker/build-push-action 6→7, and docker/setup-qemu-action 3→4.

goshs-labs/goshs v2.1.2 on GitHub