Nicu Maxian
287a82c228
Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue ( #2562 )
...
Co-authored-by: Nicu MAXIAN <nicu@numeral.io>
2023-12-19 18:07:23 +02:00
Martti T
584cb85a6b
request logger: add example for Slog https://pkg.go.dev/log/slog ( #2543 )
2023-11-07 15:09:43 +02:00
Martti T
4b26cde851
Changelog for v4.11.3 ( #2542 )
2023-11-07 14:19:32 +02:00
Martti T
14daeb9680
Security: c.Attachment and c.Inline should escape name in Content-Disposition
header to avoid 'Reflect File Download' vulnerability. ( #2541 )
...
This is same as Go std does it 9d836d41d0/src/mime/multipart/writer.go (L132)
2023-11-07 14:10:06 +02:00
Martti T
50ebcd8d7c
refactor context tests to be separate functions ( #2540 )
2023-11-07 13:40:22 +02:00
Kai Ratzeburg
c7d6d4373f
proxy middleware: reuse echo request context ( #2537 )
2023-11-05 18:01:01 +02:00
Martti T
69a0de8415
Mark unmarshallable yaml struct tags as ignored ( #2536 )
2023-10-24 21:12:13 +03:00
Martti T
98a523756d
Changelog for v4.11.2 ( #2529 )
2023-10-11 08:32:23 +03:00
Štefan Baebler
89ae0e5f2c
Bump dependancies ( #2522 )
...
Bump:
* golang.org/x/net v0.12.0 -> v0.15.0
* golang.org/x/crypto v0.11.0 -> v0.13.0
* github.com/stretchr/testify v1.8.1 -> v1.8.4
go mod tidy
2023-10-11 07:47:09 +03:00
Štefan Baebler
5780908c7c
Fix CVE-2023-39325 / CVE-2023-44487 ( #2527 )
...
Bump golang.org/x/net from v0.12.0 to v0.17.0
Related:
* https://github.com/golang/go/issues/63417
* https://www.cve.org/CVERecord?id=CVE-2023-44487
2023-10-11 07:14:52 +03:00
Martti T
4bc3e475e3
cors middleware: allow sending Access-Control-Max-Age: 0
value with config.MaxAge being negative number. ( #2518 )
2023-09-19 08:24:47 +03:00
eiei114
3950c444b7
fix some typos ( #2511 )
2023-09-13 22:41:58 +03:00
Martti T
77d5ae6a91
Use Go 1.21 in CI ( #2505 )
2023-08-12 09:01:30 +03:00
Trim21
e6b96f8873
docs: add comments to util.go randomString
( #2494 )
...
* Update util.go
2023-07-22 23:47:35 +03:00
Trim21
b3ec8e0fdd
fix(sec): randomString
bias ( #2492 )
...
* fix(sec): `randomString` bias when using bytes vs int64
* use pooled buffed random reader
2023-07-22 07:08:34 +03:00
toimtoimtoim
626f13e338
CSRF/RequestID mw: switch math/random usage to crypto/random
2023-07-21 13:10:56 +03:00
Mobina Noori
3f8ae15b57
delete unused context in body_limit.go ( #2483 )
...
* delete unused context in body_limit.go
---------
Co-authored-by: mobinanoori018 <mobinanoori21@gmail.com>
2023-07-21 11:07:25 +03:00
Vishal Rana
4598a4a745
Update README.md
2023-07-18 09:20:05 -07:00
Vishal Rana
18d32589cd
Update README.md
2023-07-18 08:51:02 -07:00
toimtoimtoim
a2e7085094
Changelog for v4.11.1
2023-07-16 20:41:57 +03:00
toimtoimtoim
130be07425
fix gzip not sending response code for no content responses (404, 301/302 redirects etc)
2023-07-16 20:35:09 +03:00
toimtoimtoim
60af056959
Changelog for v4.11.0
2023-07-14 23:18:22 +03:00
toimtoimtoim
ac7a9621a1
bump version to 4.10.0
2023-07-14 23:18:22 +03:00
Martti T
1ee8e22faa
do not use global timeNow variables ( #2477 )
2023-07-11 23:36:05 +03:00
bahdanmelchankatote
44ead54c8c
Upgrade packages ( #2475 )
2023-07-10 12:24:39 +03:00
Ingo Oppermann
42f07ed880
gzip response only if it exceeds a minimal length ( #2267 )
...
* gzip response only if it exceeds a minimal length
If the response is too short, e.g. a few bytes, compressing the
response makes it even larger. The new parameter MinLength to the
GzipConfig struct allows to set a threshold (in bytes) as of which
response size the compression should be applied. If the response
is shorter, no compression will be applied.
2023-05-31 08:53:33 +03:00
Martin Desrumaux
fbfe2167f1
fix(DefaultHTTPErrorHandler): return error message when message is an error ( #2456 )
...
* fix(DefaultHTTPErrorHandler): return error message when message is an error
2023-05-29 23:26:53 +03:00
toimtoimtoim
8e425c0431
gofmt fixes to comments
2023-05-12 22:14:29 +03:00
mikemherron
0ae74648b9
Support retries of failed proxy requests ( #2414 )
...
Support retries of failed proxy requests
2023-05-12 20:36:24 +03:00
Samuel Berthe
deb17d2388
Doc: adding slog.Handler for Echo logging
2023-05-01 09:01:36 +03:00
cui fliter
0d47b7e6a9
fix misuses of a vs an
...
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-04-22 21:37:45 +03:00
Mihard
7d54690cdc
Proper colon support in reverse ( #2416 )
...
* Adds support of the escaped colon in echo.Reverse
---------
Co-authored-by: Mihard <mihard@webird.ru>
2023-04-16 21:13:47 +03:00
Simba Peng
de1c798143
Check whether is nil before invoking centralized error handling.
2023-04-15 21:48:33 +03:00
imxyb
a7802ea523
add supprt for go1.20 http.rwUnwrapper
2023-04-06 13:37:41 +03:00
imxyb
c0bc886b78
refactor: use strings.ReplaceAll directly
2023-03-31 20:59:08 +03:00
ivansmaliakou
f22ba6725c
documentation: changed description for Bind()
method of Context interface
. Because Bind()
` binds not only request body, but also path and query params
2023-03-16 07:46:03 +02:00
toimtoimtoim
ec642f7df1
Fix group.RouteNotFound not working when group has attached middlewares
2023-03-02 23:14:52 +02:00
Becir Basic
5b36ce3612
Fixes the concurrency issue of calling the Next()
proxy target on RRB ( #2409 )
...
* Fixes the concurrency issue of calling the `Next()` proxy target on round robin balancer
- fixed concurrency issue in `AddTarget()`
- moved `rand.New()` to the random balancer initializer func.
- internal code reorganized eliminating unnecessary pointer redirection
- employing `sync.Mutex` instead of `RWMutex` which brings additional overhead of tracking readers and writers. No need for that since the guarded code has no long-running operations, hence no realistic congestion.
- added additional guards without which the code would otherwise panic (e.g., the case where a random value is calculation when targets list is empty)
- added descriptions for func return values, what to expect in which case.
- Improve code test coverage
---------
Co-authored-by: Becir Basic <bb@neotel.at>
2023-02-24 20:32:41 +02:00
Omkar
1e575b7b56
Added a optional config variable to disable centralized error handler in recovery middleware ( #2410 )
...
Added a config variable to disable centralized error handler in recovery middleware
2023-02-24 13:09:40 +02:00
toimtoimtoim
47844c9b7f
Changelog for v4.10.2
2023-02-22 01:11:41 +02:00
toimtoimtoim
f909660bb9
Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely.
2023-02-22 00:05:31 +02:00
toimtoimtoim
ef4aea97ef
use different variable name so returned function would not accidentally be able to use it in future and cause data race
2023-02-22 00:05:31 +02:00
Martti T
7c7531002d
Clean on go1.20 ( #2406 )
...
* Fix tests failing on Go 1.20 on Windows. Clean works differently on 1.20. Use path.Clean instead with some workaround related to errors.
2023-02-22 00:00:52 +02:00
Ara Park
04ba8e2f9d
Add more http error values ( #2277 )
...
* Add more HTTP error constants
2023-02-21 22:32:11 +01:00
toimtoimtoim
b888a30fe3
Changelog for v4.10.1
2023-02-19 21:12:17 +02:00
toimtoimtoim
2c25767e45
remediate flaky timeout tests
2023-02-19 20:26:17 +02:00
toimtoimtoim
a3998ac96a
Upgrade deps due to the latest golang.org/x/net vulnerability
2023-02-19 20:26:17 +02:00
toimtoimtoim
45da0f888b
remove .travis.yml
2023-02-19 20:26:17 +02:00
Roman Garanin
6b09f3ffeb
Update link to jaegertracing
...
Added https:// prefix, without it github markdown rendering does strange things
2023-02-10 14:43:25 +02:00
Hakan Kutluay
82a964c657
Add context timeout middleware ( #2380 )
...
Add context timeout middleware
Co-authored-by: Erhan Akpınar <erhan.akpinar@yemeksepeti.com>
Co-authored-by: @erhanakp
2023-02-01 22:38:20 +02:00