Skip to content

Releases: labstack/echo

v4.12.0

15 Apr 18:33
88c379f
Compare
Choose a tag to compare

v4.12.0 - 2024-04-15

Security

Enhancements

  • binder: make binding to Map work better with string destinations by @aldas in #2554
  • README.md: add Encore as sponsor by @marcuskohlberg in #2579
  • Reorder paragraphs in README.md by @aldas in #2581
  • CI: upgrade actions/checkout to v4 by @aldas in #2584
  • Remove default charset from 'application/json' Content-Type header by @doortts in #2568
  • CI: Use Go 1.22 by @aldas in #2588
  • binder: allow binding to a nil map by @georgmu in #2574
  • Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail Explanation regarding BasicAuthValidator by @RyoKusnadi in #2461
  • fix some typos by @teslaedison in #2603
  • fix: some typos by @pomadev in #2596
  • Allow ResponseWriters to unwrap writers when flushing/hijacking by @aldas in #2595
  • Add SPDX licence comments to files. by @aldas in #2604
  • Upgrade deps by @aldas in #2605
  • Change type definition blocks to single declarations. This helps copy… by @aldas in #2606
  • Fix Real IP logic by @cl-bvl in #2550
  • Default binder can use UnmarshalParams(params []string) error inter… by @aldas in #2607
  • Default binder can bind pointer to slice as struct field. For example *[]string by @aldas in #2608
  • Remove maxparam dependence from Context by @aldas in #2611
  • When route is registered with empty path it is normalized to /. by @aldas in #2616
  • proxy middleware should use httputil.ReverseProxy for SSE requests by @aldas in #2624

New Contributors

Full Changelog: v4.11.4...v4.12.0

v4.11.4 upgrade dependencies

20 Dec 13:28
226e4f0
Compare
Choose a tag to compare

Security

  • Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue #2562

Enhancements

v4.11.3

07 Nov 12:22
4b26cde
Compare
Choose a tag to compare

Security

  • 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

  • Tests: refactor context tests to be separate functions #2540
  • Proxy middleware: reuse echo request context #2537
  • Mark unmarshallable yaml struct tags as ignored #2536

v4.11.2

11 Oct 05:34
98a5237
Compare
Choose a tag to compare

Security

Enhancements

  • Delete unused context in body_limit.go #2483
  • Use Go 1.21 in CI #2505
  • Fix some typos #2511
  • Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
  • Bump dependancies #2522

v4.11.1

16 Jul 17:46
Compare
Choose a tag to compare

Fixes

  • Fix Gzip middleware not sending response code for no content responses (404, 301/302 redirects etc) #2481

v4.11.0

14 Jul 20:33
Compare
Choose a tag to compare

Fixes

  • Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer #2409
  • Fix group.RouteNotFound not working when group has attached middlewares #2411
  • Fix global error handler return error message when message is an error #2456
  • Do not use global timeNow variables #2477

Enhancements

  • Added a optional config variable to disable centralized error handler in recovery middleware #2410
  • refactor: use strings.ReplaceAll directly #2424
  • Add support for Go1.20 http.rwUnwrapper to Response struct #2425
  • Check whether is nil before invoking centralized error handling #2429
  • Proper colon support in echo.Reverse method #2416
  • Fix misuses of a vs an in documentation comments #2436
  • Add link to slog.Handler library for Echo logging into README.md #2444
  • In proxy middleware Support retries of failed proxy requests #2414
  • gofmt fixes to comments #2452
  • gzip response only if it exceeds a minimal length #2267
  • Upgrade packages #2475

v4.10.2

21 Feb 23:36
Compare
Choose a tag to compare

Security

  • filepath.Clean behaviour has changed in Go 1.20 - adapt to it #2406
  • Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #2405

Enhancements

  • Add more HTTP error values #2277

v4.10.1

20 Feb 04:12
Compare
Choose a tag to compare

Security

  • Upgrade deps due to the latest golang.org/x/net vulnerability #2402

Enhancements

  • Add new JWT repository to the README #2377
  • Return an empty string for ctx.path if there is no registered path #2385
  • Add context timeout middleware #2380
  • Update link to jaegertracing #2394

v4.10.0

27 Dec 20:09
Compare
Choose a tag to compare

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329
  • Add new method HTTPError.WithInternal #2340
  • Replace io/ioutil package usages #2342
  • Add staticcheck to CI flow #2343
  • Replace relative path determination from proprietary to std #2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
  • Add testcases for some BodyLimit middleware configuration options #2350
  • Additional configuration options for RequestLogger and Logger middleware #2341
  • Add route to request log #2162
  • GitHub Workflows security hardening #2358
  • Add govulncheck to CI and bump dependencies #2362
  • Fix rate limiter docs #2366
  • Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337

v4.9.1

12 Oct 19:38
Compare
Choose a tag to compare

Fixes

  • Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

  • Improve CORS documentation #2272
  • Update readme about supported Go versions #2291
  • Tests: improve error handling on closing body #2254
  • Tests: refactor some of the assertions in tests #2275
  • Tests: refactor assertions #2301