github root-gg/plik 1.4.2
Plik 1.4.2
on GitHub

5 hours ago

Plik 1.4.2

Hi, today we're releasing Plik 1.4.2 !

Here is the changelog:

New:

  • Internationalization (i18n) — the webapp is now fully translated with a language picker.
    12 languages supported: English (en), French (fr), German (de), Spanish (es), Italian (it),
    Dutch (nl), Polish (pl), Portuguese (pt), Russian (ru), Swedish (sv), Hindi (hi), Chinese (zh).
    Locales are hot-reloaded, fallback to English, and the language preference is persisted per user.
  • GitHub OAuth2 authentication provider
  • Default admin provisioning: set DefaultAdminLogin / DefaultAdminPassword (or env vars
    PLIKD_DEFAULT_ADMIN_LOGIN / PLIKD_DEFAULT_ADMIN_PASSWORD) to automatically create a local
    admin user on first startup — idempotent, skipped if the user already exists
  • API token feature flag (FeatureApiTokens) to globally disable token creation and CLI auth
  • CLI multi-profile support in .plikrc (profile composition with -P work,zip)
  • CLI --update-plikrc to rewrite config in canonical format
  • Prefixed opaque API tokens (plik_ prefix + Base62 + CRC32 checksum)
  • S3 BucketLookup option for path-style addressing (Cloudflare R2, MinIO)
  • S3 buffer-then-decide upload strategy with parallel multipart support
  • AssumeHTTPS config option (replaces deprecated EnhancedWebSecurity): controls HSTS header and
    Secure cookie flag; auto-enabled when SslEnabled=true or PlikDomain starts with https://.
    EnhancedWebSecurity is still accepted but logs a deprecation warning at startup.
  • Configurable archive compression (EnableArchiveCompression) to reduce CPU load
  • Mermaid diagram rendering in Markdown preview (@bodji)
  • MCP server profile-aware uploads and list_profiles tool
  • Improved CLI --help with grouped sections (auto-injected into docs)

Fix:

  • Fix file row layout on mobile to improve filename display (#726)
  • Fix download URL construction for DownloadDomain + Path (#723): fixes broken links in
    subpath deployments; DownloadURL field now included in API Configuration and Upload responses
  • Exclude SVG from inline file viewer to prevent XSS via crafted SVG uploads (#725)
  • Fix extra separator in mobile navigation menu when authentication is disabled (#720)
  • Fix light theme surface palette (#720)
  • Fix subpath asset loading when deployed behind a reverse proxy (#714)
  • Fix S3 signed integer types for PartSize and PartUploadConcurrency
  • Fix syntax highlighting for all file extensions
  • Fix navbar overflow on medium viewports

Misc:

  • Download security headers (X-Content-Type-Options, X-Frame-Options, CSP) are now set
    unconditionally on all file/archive downloads — no config required
  • Removed X-XSS-Protection header (deprecated by browsers, potentially harmful)
  • /version endpoint now always strips build metadata (GoVersion, git revision, build host/user)
    from public responses; still available for authenticated admins
  • Limit body size middleware extracted for cleaner request handling

Dependency upgrades:

  • Bump golang.org/x/net to v0.52.0 (fixes GO-2026-4559 HTTP/2 server panic)
  • Bump golang.org/x/crypto to v0.49.0
  • Bump cloud.google.com/go/storage to v1.61.3
  • Bump google.golang.org/api to v0.273.0
  • Bump Vite to v8.0.3 (Rolldown bundler, improved build performance)
  • Bump Vue to 3.5.31, vue-router to 5.0.4, Tailwind CSS to 4.2.2
  • Bump GitHub Actions: checkout v6, setup-go v6, upload-artifact v7, github-script v8, setup-helm v5

Binaries will be built with Go 1.26.1

Faithfully,
The Plik team

Check out latest releases or
releases around root-gg/plik 1.4.2

Don't miss a new plik release

NewReleases is sending notifications on new releases.

Get notifications