Metbcy shuts a forged-download-link hole in Mike
A hardcoded fallback secret meant any misconfigured deployment could be tricked into serving files it shouldn't.
Mike hands out documents through signed download links, protected by a cryptographic signature so a link can't be tampered with. The catch: when the signing secret wasn't configured, the code quietly fell back to a fixed placeholder value baked into the source. Because Mike's code is public, that placeholder was readable by anyone - so any deployment that shipped without the real secret set would happily accept forged links and hand back arbitrary stored files.
Metbcy removed the fallback entirely. Now a missing secret stops the system at startup with a clear error instead of running in a silently insecure state, and the setup docs finally list the secret as something operators must generate themselves. The fix was accepted back into the main project.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?