forked from jshiffer/matterbridge
08779c2909
* Update dependencies
380 lines
19 KiB
Markdown
380 lines
19 KiB
Markdown
# Changelog
|
|
|
|
## v4.10.2 - 2023-02-22
|
|
|
|
**Security**
|
|
|
|
* `filepath.Clean` behaviour has changed in Go 1.20 - adapt to it [#2406](https://github.com/labstack/echo/pull/2406)
|
|
* Add `middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials` to make UNSAFE usages of wildcard origin + allow cretentials less likely [#2405](https://github.com/labstack/echo/pull/2405)
|
|
|
|
**Enhancements**
|
|
|
|
* Add more HTTP error values [#2277](https://github.com/labstack/echo/pull/2277)
|
|
|
|
|
|
## v4.10.1 - 2023-02-19
|
|
|
|
**Security**
|
|
|
|
* Upgrade deps due to the latest golang.org/x/net vulnerability [#2402](https://github.com/labstack/echo/pull/2402)
|
|
|
|
|
|
**Enhancements**
|
|
|
|
* Add new JWT repository to the README [#2377](https://github.com/labstack/echo/pull/2377)
|
|
* Return an empty string for ctx.path if there is no registered path [#2385](https://github.com/labstack/echo/pull/2385)
|
|
* Add context timeout middleware [#2380](https://github.com/labstack/echo/pull/2380)
|
|
* Update link to jaegertracing [#2394](https://github.com/labstack/echo/pull/2394)
|
|
|
|
|
|
## v4.10.0 - 2022-12-27
|
|
|
|
**Security**
|
|
|
|
* We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.
|
|
|
|
JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (`github.com/golang-jwt/jwt`) we are using
|
|
which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.
|
|
|
|
* This minor version bumps minimum Go version to 1.17 (from 1.16) due `golang.org/x/` packages we depend on. There are
|
|
several vulnerabilities fixed in these libraries.
|
|
|
|
Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.
|
|
|
|
|
|
**Enhancements**
|
|
|
|
* Bump x/text to 0.3.8 [#2305](https://github.com/labstack/echo/pull/2305)
|
|
* Bump dependencies and add notes about Go releases we support [#2336](https://github.com/labstack/echo/pull/2336)
|
|
* Add helper interface for ProxyBalancer interface [#2316](https://github.com/labstack/echo/pull/2316)
|
|
* Expose `middleware.CreateExtractors` function so we can use it from echo-contrib repository [#2338](https://github.com/labstack/echo/pull/2338)
|
|
* Refactor func(Context) error to HandlerFunc [#2315](https://github.com/labstack/echo/pull/2315)
|
|
* Improve function comments [#2329](https://github.com/labstack/echo/pull/2329)
|
|
* Add new method HTTPError.WithInternal [#2340](https://github.com/labstack/echo/pull/2340)
|
|
* Replace io/ioutil package usages [#2342](https://github.com/labstack/echo/pull/2342)
|
|
* Add staticcheck to CI flow [#2343](https://github.com/labstack/echo/pull/2343)
|
|
* Replace relative path determination from proprietary to std [#2345](https://github.com/labstack/echo/pull/2345)
|
|
* Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) [#2182](https://github.com/labstack/echo/pull/2182)
|
|
* Add testcases for some BodyLimit middleware configuration options [#2350](https://github.com/labstack/echo/pull/2350)
|
|
* Additional configuration options for RequestLogger and Logger middleware [#2341](https://github.com/labstack/echo/pull/2341)
|
|
* Add route to request log [#2162](https://github.com/labstack/echo/pull/2162)
|
|
* GitHub Workflows security hardening [#2358](https://github.com/labstack/echo/pull/2358)
|
|
* Add govulncheck to CI and bump dependencies [#2362](https://github.com/labstack/echo/pull/2362)
|
|
* Fix rate limiter docs [#2366](https://github.com/labstack/echo/pull/2366)
|
|
* Refactor how `e.Routes()` work and introduce `e.OnAddRouteHandler` callback [#2337](https://github.com/labstack/echo/pull/2337)
|
|
|
|
|
|
## v4.9.1 - 2022-10-12
|
|
|
|
**Fixes**
|
|
|
|
* Fix logger panicing (when template is set to empty) by bumping dependency version [#2295](https://github.com/labstack/echo/issues/2295)
|
|
|
|
**Enhancements**
|
|
|
|
* Improve CORS documentation [#2272](https://github.com/labstack/echo/pull/2272)
|
|
* Update readme about supported Go versions [#2291](https://github.com/labstack/echo/pull/2291)
|
|
* Tests: improve error handling on closing body [#2254](https://github.com/labstack/echo/pull/2254)
|
|
* Tests: refactor some of the assertions in tests [#2275](https://github.com/labstack/echo/pull/2275)
|
|
* Tests: refactor assertions [#2301](https://github.com/labstack/echo/pull/2301)
|
|
|
|
## v4.9.0 - 2022-09-04
|
|
|
|
**Security**
|
|
|
|
* Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) [#2260](https://github.com/labstack/echo/pull/2260)
|
|
|
|
**Enhancements**
|
|
|
|
* Allow configuring ErrorHandler in CSRF middleware [#2257](https://github.com/labstack/echo/pull/2257)
|
|
* Replace HTTP method constants in tests with stdlib constants [#2247](https://github.com/labstack/echo/pull/2247)
|
|
|
|
|
|
## v4.8.0 - 2022-08-10
|
|
|
|
**Most notable things**
|
|
|
|
You can now add any arbitrary HTTP method type as a route [#2237](https://github.com/labstack/echo/pull/2237)
|
|
```go
|
|
e.Add("COPY", "/*", func(c echo.Context) error
|
|
return c.String(http.StatusOK, "OK COPY")
|
|
})
|
|
```
|
|
|
|
You can add custom 404 handler for specific paths [#2217](https://github.com/labstack/echo/pull/2217)
|
|
```go
|
|
e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
|
|
|
|
g := e.Group("/images")
|
|
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
|
|
```
|
|
|
|
**Enhancements**
|
|
|
|
* Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder [#2127](https://github.com/labstack/echo/pull/2127)
|
|
* Refactor: body_limit middleware unit test [#2145](https://github.com/labstack/echo/pull/2145)
|
|
* Refactor: Timeout mw: rework how test waits for timeout. [#2187](https://github.com/labstack/echo/pull/2187)
|
|
* BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 [#2191](https://github.com/labstack/echo/pull/2191)
|
|
* Refactor: duplicated findStaticChild process at findChildWithLabel [#2176](https://github.com/labstack/echo/pull/2176)
|
|
* Allow different param names in different methods with same path scheme [#2209](https://github.com/labstack/echo/pull/2209)
|
|
* Add support for registering handlers for different 404 routes [#2217](https://github.com/labstack/echo/pull/2217)
|
|
* Middlewares should use errors.As() instead of type assertion on HTTPError [#2227](https://github.com/labstack/echo/pull/2227)
|
|
* Allow arbitrary HTTP method types to be added as routes [#2237](https://github.com/labstack/echo/pull/2237)
|
|
|
|
## v4.7.2 - 2022-03-16
|
|
|
|
**Fixes**
|
|
|
|
* Fix nil pointer exception when calling Start again after address binding error [#2131](https://github.com/labstack/echo/pull/2131)
|
|
* Fix CSRF middleware not being able to extract token from multipart/form-data form [#2136](https://github.com/labstack/echo/pull/2136)
|
|
* Fix Timeout middleware write race [#2126](https://github.com/labstack/echo/pull/2126)
|
|
|
|
**Enhancements**
|
|
|
|
* Recover middleware should not log panic for aborted handler [#2134](https://github.com/labstack/echo/pull/2134)
|
|
|
|
|
|
## v4.7.1 - 2022-03-13
|
|
|
|
**Fixes**
|
|
|
|
* Fix `e.Static`, `.File()`, `c.Attachment()` being picky with paths starting with `./`, `../` and `/` after 4.7.0 introduced echo.Filesystem support (Go1.16+) [#2123](https://github.com/labstack/echo/pull/2123)
|
|
|
|
**Enhancements**
|
|
|
|
* Remove some unused code [#2116](https://github.com/labstack/echo/pull/2116)
|
|
|
|
|
|
## v4.7.0 - 2022-03-01
|
|
|
|
**Enhancements**
|
|
|
|
* Add JWT, KeyAuth, CSRF multivalue extractors [#2060](https://github.com/labstack/echo/pull/2060)
|
|
* Add LogErrorFunc to recover middleware [#2072](https://github.com/labstack/echo/pull/2072)
|
|
* Add support for HEAD method query params binding [#2027](https://github.com/labstack/echo/pull/2027)
|
|
* Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS [#2064](https://github.com/labstack/echo/pull/2064)
|
|
|
|
**Fixes**
|
|
|
|
* Fix X-Real-IP bug, improve tests [#2007](https://github.com/labstack/echo/pull/2007)
|
|
* Minor syntax fixes [#1994](https://github.com/labstack/echo/pull/1994), [#2102](https://github.com/labstack/echo/pull/2102), [#2102](https://github.com/labstack/echo/pull/2102)
|
|
|
|
**General**
|
|
|
|
* Add cache-control and connection headers [#2103](https://github.com/labstack/echo/pull/2103)
|
|
* Add Retry-After header constant [#2078](https://github.com/labstack/echo/pull/2078)
|
|
* Upgrade `go` directive in `go.mod` to 1.17 [#2049](https://github.com/labstack/echo/pull/2049)
|
|
* Add Pagoda [#2077](https://github.com/labstack/echo/pull/2077) and Souin [#2069](https://github.com/labstack/echo/pull/2069) to 3rd-party middlewares in README
|
|
|
|
## v4.6.3 - 2022-01-10
|
|
|
|
**Fixes**
|
|
|
|
* Fixed Echo version number in greeting message which was not incremented to `4.6.2` [#2066](https://github.com/labstack/echo/issues/2066)
|
|
|
|
|
|
## v4.6.2 - 2022-01-08
|
|
|
|
**Fixes**
|
|
|
|
* Fixed route containing escaped colon should be matchable but is not matched to request path [#2047](https://github.com/labstack/echo/pull/2047)
|
|
* Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. [#1921](https://github.com/labstack/echo/pull/1921)
|
|
* Update (test) dependencies [#2021](https://github.com/labstack/echo/pull/2021)
|
|
|
|
|
|
**Enhancements**
|
|
|
|
* Add support for configurable target header for the request_id middleware [#2040](https://github.com/labstack/echo/pull/2040)
|
|
* Change decompress middleware to use stream decompression instead of buffering [#2018](https://github.com/labstack/echo/pull/2018)
|
|
* Documentation updates
|
|
|
|
|
|
## v4.6.1 - 2021-09-26
|
|
|
|
**Enhancements**
|
|
|
|
* Add start time to request logger middleware values [#1991](https://github.com/labstack/echo/pull/1991)
|
|
|
|
## v4.6.0 - 2021-09-20
|
|
|
|
Introduced a new [request logger](https://github.com/labstack/echo/blob/master/middleware/request_logger.go) middleware
|
|
to help with cases when you want to use some other logging library in your application.
|
|
|
|
**Fixes**
|
|
|
|
* fix timeout middleware warning: superfluous response.WriteHeader [#1905](https://github.com/labstack/echo/issues/1905)
|
|
|
|
**Enhancements**
|
|
|
|
* Add Cookie to KeyAuth middleware's KeyLookup [#1929](https://github.com/labstack/echo/pull/1929)
|
|
* JWT middleware should ignore case of auth scheme in request header [#1951](https://github.com/labstack/echo/pull/1951)
|
|
* Refactor default error handler to return first if response is already committed [#1956](https://github.com/labstack/echo/pull/1956)
|
|
* Added request logger middleware which helps to use custom logger library for logging requests. [#1980](https://github.com/labstack/echo/pull/1980)
|
|
* Allow escaping of colon in route path so Google Cloud API "custom methods" could be implemented [#1988](https://github.com/labstack/echo/pull/1988)
|
|
|
|
## v4.5.0 - 2021-08-01
|
|
|
|
**Important notes**
|
|
|
|
A **BREAKING CHANGE** is introduced for JWT middleware users.
|
|
The JWT library used for the JWT middleware had to be changed from [github.com/dgrijalva/jwt-go](https://github.com/dgrijalva/jwt-go) to
|
|
[github.com/golang-jwt/jwt](https://github.com/golang-jwt/jwt) due former library being unmaintained and affected by security
|
|
issues.
|
|
The [github.com/golang-jwt/jwt](https://github.com/golang-jwt/jwt) project is a drop-in replacement, but supports only the latest 2 Go versions.
|
|
So for JWT middleware users Go 1.15+ is required. For detailed information please read [#1940](https://github.com/labstack/echo/discussions/)
|
|
|
|
To change the library imports in all .go files in your project replace all occurrences of `dgrijalva/jwt-go` with `golang-jwt/jwt`.
|
|
|
|
For Linux CLI you can use:
|
|
```bash
|
|
find -type f -name "*.go" -exec sed -i "s/dgrijalva\/jwt-go/golang-jwt\/jwt/g" {} \;
|
|
go mod tidy
|
|
```
|
|
|
|
**Fixes**
|
|
|
|
* Change JWT library to `github.com/golang-jwt/jwt` [#1946](https://github.com/labstack/echo/pull/1946)
|
|
|
|
## v4.4.0 - 2021-07-12
|
|
|
|
**Fixes**
|
|
|
|
* Split HeaderXForwardedFor header only by comma [#1878](https://github.com/labstack/echo/pull/1878)
|
|
* Fix Timeout middleware Context propagation [#1910](https://github.com/labstack/echo/pull/1910)
|
|
|
|
**Enhancements**
|
|
|
|
* Bind data using headers as source [#1866](https://github.com/labstack/echo/pull/1866)
|
|
* Adds JWTConfig.ParseTokenFunc to JWT middleware to allow different libraries implementing JWT parsing. [#1887](https://github.com/labstack/echo/pull/1887)
|
|
* Adding tests for Echo#Host [#1895](https://github.com/labstack/echo/pull/1895)
|
|
* Adds RequestIDHandler function to RequestID middleware [#1898](https://github.com/labstack/echo/pull/1898)
|
|
* Allow for custom JSON encoding implementations [#1880](https://github.com/labstack/echo/pull/1880)
|
|
|
|
## v4.3.0 - 2021-05-08
|
|
|
|
**Important notes**
|
|
|
|
* Route matching has improvements for following cases:
|
|
1. Correctly match routes with parameter part as last part of route (with trailing backslash)
|
|
2. Considering handlers when resolving routes and search for matching http method handler
|
|
* Echo minimal Go version is now 1.13.
|
|
|
|
**Fixes**
|
|
|
|
* When url ends with slash first param route is the match [#1804](https://github.com/labstack/echo/pull/1812)
|
|
* Router should check if node is suitable as matching route by path+method and if not then continue search in tree [#1808](https://github.com/labstack/echo/issues/1808)
|
|
* Fix timeout middleware not writing response correctly when handler panics [#1864](https://github.com/labstack/echo/pull/1864)
|
|
* Fix binder not working with embedded pointer structs [#1861](https://github.com/labstack/echo/pull/1861)
|
|
* Add Go 1.16 to CI and drop 1.12 specific code [#1850](https://github.com/labstack/echo/pull/1850)
|
|
|
|
**Enhancements**
|
|
|
|
* Make KeyFunc public in JWT middleware [#1756](https://github.com/labstack/echo/pull/1756)
|
|
* Add support for optional filesystem to the static middleware [#1797](https://github.com/labstack/echo/pull/1797)
|
|
* Add a custom error handler to key-auth middleware [#1847](https://github.com/labstack/echo/pull/1847)
|
|
* Allow JWT token to be looked up from multiple sources [#1845](https://github.com/labstack/echo/pull/1845)
|
|
|
|
## v4.2.2 - 2021-04-07
|
|
|
|
**Fixes**
|
|
|
|
* Allow proxy middleware to use query part in rewrite (#1802)
|
|
* Fix timeout middleware not sending status code when handler returns an error (#1805)
|
|
* Fix Bind() when target is array/slice and path/query params complains bind target not being struct (#1835)
|
|
* Fix panic in redirect middleware on short host name (#1813)
|
|
* Fix timeout middleware docs (#1836)
|
|
|
|
## v4.2.1 - 2021-03-08
|
|
|
|
**Important notes**
|
|
|
|
Due to a datarace the config parameters for the newly added timeout middleware required a change.
|
|
See the [docs](https://echo.labstack.com/middleware/timeout).
|
|
A performance regression has been fixed, even bringing better performance than before for some routing scenarios.
|
|
|
|
**Fixes**
|
|
|
|
* Fix performance regression caused by path escaping (#1777, #1798, #1799, aldas)
|
|
* Avoid context canceled errors (#1789, clwluvw)
|
|
* Improve router to use on stack backtracking (#1791, aldas, stffabi)
|
|
* Fix panic in timeout middleware not being not recovered and cause application crash (#1794, aldas)
|
|
* Fix Echo.Serve() not serving on HTTP port correctly when TLSListener is used (#1785, #1793, aldas)
|
|
* Apply go fmt (#1788, Le0tk0k)
|
|
* Uses strings.Equalfold (#1790, rkilingr)
|
|
* Improve code quality (#1792, withshubh)
|
|
|
|
This release was made possible by our **contributors**:
|
|
aldas, clwluvw, lammel, Le0tk0k, maciej-jezierski, rkilingr, stffabi, withshubh
|
|
|
|
## v4.2.0 - 2021-02-11
|
|
|
|
**Important notes**
|
|
|
|
The behaviour for binding data has been reworked for compatibility with echo before v4.1.11 by
|
|
enforcing `explicit tagging` for processing parameters. This **may break** your code if you
|
|
expect combined handling of query/path/form params.
|
|
Please see the updated documentation for [request](https://echo.labstack.com/guide/request) and [binding](https://echo.labstack.com/guide/request)
|
|
|
|
The handling for rewrite rules has been slightly adjusted to expand `*` to a non-greedy `(.*?)` capture group. This is only relevant if multiple asterisks are used in your rules.
|
|
Please see [rewrite](https://echo.labstack.com/middleware/rewrite) and [proxy](https://echo.labstack.com/middleware/proxy) for details.
|
|
|
|
**Security**
|
|
|
|
* Fix directory traversal vulnerability for Windows (#1718, little-cui)
|
|
* Fix open redirect vulnerability with trailing slash (#1771,#1775 aldas,GeoffreyFrogeye)
|
|
|
|
**Enhancements**
|
|
|
|
* Add Echo#ListenerNetwork as configuration (#1667, pafuent)
|
|
* Add ability to change the status code using response beforeFuncs (#1706, RashadAnsari)
|
|
* Echo server startup to allow data race free access to listener address
|
|
* Binder: Restore pre v4.1.11 behaviour for c.Bind() to use query params only for GET or DELETE methods (#1727, aldas)
|
|
* Binder: Add separate methods to bind only query params, path params or request body (#1681, aldas)
|
|
* Binder: New fluent binder for query/path/form parameter binding (#1717, #1736, aldas)
|
|
* Router: Performance improvements for missed routes (#1689, pafuent)
|
|
* Router: Improve performance for Real-IP detection using IndexByte instead of Split (#1640, imxyb)
|
|
* Middleware: Support real regex rules for rewrite and proxy middleware (#1767)
|
|
* Middleware: New rate limiting middleware (#1724, iambenkay)
|
|
* Middleware: New timeout middleware implementation for go1.13+ (#1743, )
|
|
* Middleware: Allow regex pattern for CORS middleware (#1623, KlotzAndrew)
|
|
* Middleware: Add IgnoreBase parameter to static middleware (#1701, lnenad, iambenkay)
|
|
* Middleware: Add an optional custom function to CORS middleware to validate origin (#1651, curvegrid)
|
|
* Middleware: Support form fields in JWT middleware (#1704, rkfg)
|
|
* Middleware: Use sync.Pool for (de)compress middleware to improve performance (#1699, #1672, pafuent)
|
|
* Middleware: Add decompress middleware to support gzip compressed requests (#1687, arun0009)
|
|
* Middleware: Add ErrJWTInvalid for JWT middleware (#1627, juanbelieni)
|
|
* Middleware: Add SameSite mode for CSRF cookies to support iframes (#1524, pr0head)
|
|
|
|
**Fixes**
|
|
|
|
* Fix handling of special trailing slash case for partial prefix (#1741, stffabi)
|
|
* Fix handling of static routes with trailing slash (#1747)
|
|
* Fix Static files route not working (#1671, pwli0755, lammel)
|
|
* Fix use of caret(^) in regex for rewrite middleware (#1588, chotow)
|
|
* Fix Echo#Reverse for Any type routes (#1695, pafuent)
|
|
* Fix Router#Find panic with infinite loop (#1661, pafuent)
|
|
* Fix Router#Find panic fails on Param paths (#1659, pafuent)
|
|
* Fix DefaultHTTPErrorHandler with Debug=true (#1477, lammel)
|
|
* Fix incorrect CORS headers (#1669, ulasakdeniz)
|
|
* Fix proxy middleware rewritePath to use url with updated tests (#1630, arun0009)
|
|
* Fix rewritePath for proxy middleware to use escaped path in (#1628, arun0009)
|
|
* Remove unless defer (#1656, imxyb)
|
|
|
|
**General**
|
|
|
|
* New maintainers for Echo: Roland Lammel (@lammel) and Pablo Andres Fuente (@pafuent)
|
|
* Add GitHub action to compare benchmarks (#1702, pafuent)
|
|
* Binding query/path params and form fields to struct only works for explicit tags (#1729,#1734, aldas)
|
|
* Add support for Go 1.15 in CI (#1683, asahasrabuddhe)
|
|
* Add test for request id to remain unchanged if provided (#1719, iambenkay)
|
|
* Refactor echo instance listener access and startup to speed up testing (#1735, aldas)
|
|
* Refactor and improve various tests for binding and routing
|
|
* Run test workflow only for relevant changes (#1637, #1636, pofl)
|
|
* Update .travis.yml (#1662, santosh653)
|
|
* Update README.md with an recents framework benchmark (#1679, pafuent)
|
|
|
|
This release was made possible by **over 100 commits** from more than **20 contributors**:
|
|
asahasrabuddhe, aldas, AndrewKlotz, arun0009, chotow, curvegrid, iambenkay, imxyb,
|
|
juanbelieni, lammel, little-cui, lnenad, pafuent, pofl, pr0head, pwli, RashadAnsari,
|
|
rkfg, santosh653, segfiner, stffabi, ulasakdeniz
|