Merge pull request #621 from bodji/bump/1.4-RC4

chore: bump version to 1.4-RC4

Author: camathieu

changelog/1.4-RC4

@@ -0,0 +1,40 @@
+Plik 1.4-RC4
+
+Hi, today we're releasing the fourth release candidate of the next plik major version 1.4 !
+
+Here is the changelog :
+
+New :
+ - End-to-End Encryption (E2EE) via Age (@bodji)
+ - MCP server for AI assistant integration
+ - Display user profile pictures from OAuth providers
+ - CLI --json output flag and redirect all prints to stderr
+ - Concurrent uploads with local status updates for improved UX
+ - Upload progress count and remaining file count in webapp
+ - Add icons to upload sidebar settings (@bodji)
+ - Enforce non-empty comments when feature is forced
+ - New Helm chart for plik (@bodji)
+
+Fix :
+ - Harden authentication providers and session handling
+ - Improve E2EE passphrase editing UX
+ - Upload error handling with per-file retry
+ - Add darwin/arm64 to client build targets
+ - Block messaging app link preview bots from downloading one-shot/streaming files
+ - S3 Content-MD5 compatibility mode for strict providers (@Yamiyorunoshura)
+
+Helm :
+ - Improve Helm chart after review
+ - Add dbPersistence PVC for SQLite database (v0.3.0) (@bodji)
+ - Improve secrets management (v0.3.1) (@bodji)
+ - Unify Helm chart release with app release pipeline
+
+Documentation :
+ - Reorder user documentation sections
+ - Add MCP upload example screenshot
+ - Add agentic dev workflows and contributing docs
+
+Binaries will be built with Go 1.26.0
+
+Faithfully,
+The plik team

charts/plik/CHANGELOG.md

@@ -5,31 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
-
-### Changed
-- `secret.yaml` now reads credentials exclusively from `secrets.*` values
-- `deployment.yaml` uses `plik.secretName` helper for consistent Secret name resolution
-  and adds `optional: true` on `envFrom.secretRef` so pods start cleanly without a Secret
-- Sensitive fields removed from `plikd:` in `values.yaml` so they no longer leak into
-  the ConfigMap-rendered `plikd.cfg`
+## [1.4-RC4] — Initial Release
 
 ### Added
-- New top-level `secrets:` block in `values.yaml` to hold all sensitive credentials
+- Helm chart for deploying Plik on Kubernetes
+- `secrets:` top-level block in `values.yaml` for all sensitive credentials
   (`googleApiSecret`, `ovhApiKey`, `ovhApiSecret`, `oidcClientSecret`, `dataBackend`, `metadataBackend`)
-- `secrets.existingSecret` — bring-your-own Secret support (replaces top-level `existingSecret`)
+- `secrets.existingSecret` — bring-your-own Secret support
 - `plik.secretName` Helm helper for consistent Secret name resolution
+- `secret.yaml` reads credentials exclusively from `secrets.*` values
+- `deployment.yaml` with `optional: true` on `envFrom.secretRef` so pods start cleanly without a Secret
 - `dbPersistence` — dedicated PVC for the SQLite metadata database
 - Ingress template, post-install notes, Kubernetes deployment guide
-- Explicit key ordering in `configmap.yaml` (fixes non-deterministic rendering)
-
-### Removed
-- Top-level `existingSecret` value (replaced by `secrets.existingSecret`)
-- Sensitive fields from under `plikd.*` in `values.yaml`:
-  `GoogleApiSecret`, `OvhApiKey`, `OvhApiSecret`, `OIDCClientSecret`,
-  `DataBackendConfig.SecretAccessKey`, `DataBackendConfig.ApiKey`,
-  `MetadataBackendConfig.Password`
-
-> [!IMPORTANT]
-> **Migration from previous chart versions**: All sensitive credentials must now be
-> placed under the `secrets:` top-level block in `values.yaml`, not under `plikd:`.
+- Explicit key ordering in `configmap.yaml` for deterministic rendering