slink

v1.11.2 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 22d Media Servers

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

gallery hosting images self-hosted share-image

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 13d

Release v1.11.2 adds configurable short URL length and several UI/bugfix improvements.

Why it matters: Test the new short‑URL setting in dev before production rollout; no immediate patch required.

Summary

AI summary

Configurable short URL length allows choosing share link size.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Configurable Short URL Length: Choose short URLs length from settings page. Configurable Short URL Length: Choose short URLs length from settings page. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Fresh Collection State on Navigation: Revisiting collection page refetches share state. Fresh Collection State on Navigation: Revisiting collection page refetches share state. Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Medium	Docker JWT Keys: Fixed key access on bind-mounted volumes for NAS setups. Docker JWT Keys: Fixed key access on bind-mounted volumes for NAS setups. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Revocable Browser Cache: Share-gated image responses force immediate browser revalidation on revocation. Revocable Browser Cache: Share-gated image responses force immediate browser revalidation on revocation. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Collection Image Link Revocation: Signed image URLs now respect share password and expiration. Collection Image Link Revocation: Signed image URLs now respect share password and expiration. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Open in New Tab: Preserves full signed URL when opening collection-scoped image. Open in New Tab: Preserves full signed URL when opening collection-scoped image. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Stale Share Button UI: Unpublishing collection share correctly changes UI to 'Share'. Stale Share Button UI: Unpublishing collection share correctly changes UI to 'Share'. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Stale Share Button UI: Unpublishing shows 'Share' instead of 'Manage'. Stale Share Button UI: Unpublishing shows 'Share' instead of 'Manage'. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Refactor	Medium	Upgraded PHP runtime to 8.5.6 and refreshed project dependencies. Upgraded PHP runtime to 8.5.6 and refreshed project dependencies. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

📦 Patch Notes

🚀 New Features

Configurable Short URL Length: Choose the length of short URLs used for sharing from the settings page. (#190)

🛠️ Improvements & Fixes

Collection Image Link Revocation: Signed image URLs from inside a shared collection now honor the parent share's password and expiration state. A URL saved while the share was accessible no longer serves the image after the owner password-protects or expires the share, ensuring revocation also covers internal direct image links from the collection that someone may have saved.
Revocable Browser Cache: Share-gated image responses force browser revalidation so revocation lands immediately instead of being shadowed by long-lived cache.
Stale Share Button UI: Unpublishing a collection share correctly reverts the UI to "Share" instead of continuing to show "Manage".
Fresh Collection State on Navigation: Revisiting a collection page refetches share state, reflecting changes made elsewhere without needing a hard page reload.
Open in New Tab: Opening a collection-scoped image in a new tab now preserves the full signed URL instead of stripping the access signature.
Docker JWT Keys: Fixed JWT key access on bind-mounted volumes in certain setups (e.g. running on a NAS) where host filesystem permissions previously blocked the container from reading the mounted keys.
Maintenance: Upgraded PHP runtime to 8.5.6 and refreshed project dependencies.

Full Changelog: https://github.com/andrii-kryvoviaz/slink/compare/v1.11.1...v1.11.2

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track slink

Get notified when new releases ship.

About slink

Self-hosted image sharing service

All releases →