1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-18 16:20:53 +02:00
Commit Graph

1760 Commits

Author SHA1 Message Date
Martti T
14daeb9680
Security: c.Attachment and c.Inline should escape name in Content-Disposition header to avoid 'Reflect File Download' vulnerability. (#2541)
This is same as Go std does it 9d836d41d0/src/mime/multipart/writer.go (L132)
2023-11-07 14:10:06 +02:00
Martti T
50ebcd8d7c
refactor context tests to be separate functions (#2540) 2023-11-07 13:40:22 +02:00
Kai Ratzeburg
c7d6d4373f
proxy middleware: reuse echo request context (#2537) 2023-11-05 18:01:01 +02:00
Martti T
69a0de8415
Mark unmarshallable yaml struct tags as ignored (#2536) 2023-10-24 21:12:13 +03:00
Martti T
98a523756d
Changelog for v4.11.2 (#2529) 2023-10-11 08:32:23 +03:00
Štefan Baebler
89ae0e5f2c
Bump dependancies (#2522)
Bump:
* golang.org/x/net v0.12.0 -> v0.15.0
* golang.org/x/crypto v0.11.0 -> v0.13.0
* github.com/stretchr/testify v1.8.1 -> v1.8.4

go mod tidy
2023-10-11 07:47:09 +03:00
Štefan Baebler
5780908c7c
Fix CVE-2023-39325 / CVE-2023-44487 (#2527)
Bump golang.org/x/net from v0.12.0 to v0.17.0

Related:
* https://github.com/golang/go/issues/63417
* https://www.cve.org/CVERecord?id=CVE-2023-44487
2023-10-11 07:14:52 +03:00
Martti T
4bc3e475e3
cors middleware: allow sending Access-Control-Max-Age: 0 value with config.MaxAge being negative number. (#2518) 2023-09-19 08:24:47 +03:00
eiei114
3950c444b7
fix some typos (#2511) 2023-09-13 22:41:58 +03:00
Martti T
77d5ae6a91
Use Go 1.21 in CI (#2505) 2023-08-12 09:01:30 +03:00
Trim21
e6b96f8873
docs: add comments to util.go randomString (#2494)
* Update util.go
2023-07-22 23:47:35 +03:00
Trim21
b3ec8e0fdd
fix(sec): randomString bias (#2492)
* fix(sec): `randomString` bias when using bytes vs int64
* use pooled buffed random reader
2023-07-22 07:08:34 +03:00
toimtoimtoim
626f13e338 CSRF/RequestID mw: switch math/random usage to crypto/random 2023-07-21 13:10:56 +03:00
Mobina Noori
3f8ae15b57
delete unused context in body_limit.go (#2483)
* delete unused context in body_limit.go

---------

Co-authored-by: mobinanoori018 <mobinanoori21@gmail.com>
2023-07-21 11:07:25 +03:00
Vishal Rana
4598a4a745
Update README.md 2023-07-18 09:20:05 -07:00
Vishal Rana
18d32589cd
Update README.md 2023-07-18 08:51:02 -07:00
toimtoimtoim
a2e7085094 Changelog for v4.11.1 2023-07-16 20:41:57 +03:00
toimtoimtoim
130be07425 fix gzip not sending response code for no content responses (404, 301/302 redirects etc) 2023-07-16 20:35:09 +03:00
toimtoimtoim
60af056959 Changelog for v4.11.0 2023-07-14 23:18:22 +03:00
toimtoimtoim
ac7a9621a1 bump version to 4.10.0 2023-07-14 23:18:22 +03:00
Martti T
1ee8e22faa
do not use global timeNow variables (#2477) 2023-07-11 23:36:05 +03:00
bahdanmelchankatote
44ead54c8c
Upgrade packages (#2475) 2023-07-10 12:24:39 +03:00
Ingo Oppermann
42f07ed880
gzip response only if it exceeds a minimal length (#2267)
* gzip response only if it exceeds a minimal length

If the response is too short, e.g. a few bytes, compressing the
response makes it even larger. The new parameter MinLength to the
GzipConfig struct allows to set a threshold (in bytes) as of which
response size the compression should be applied. If the response
is shorter, no compression will be applied.
2023-05-31 08:53:33 +03:00
Martin Desrumaux
fbfe2167f1
fix(DefaultHTTPErrorHandler): return error message when message is an error (#2456)
* fix(DefaultHTTPErrorHandler): return error message when message is an error
2023-05-29 23:26:53 +03:00
toimtoimtoim
8e425c0431 gofmt fixes to comments 2023-05-12 22:14:29 +03:00
mikemherron
0ae74648b9
Support retries of failed proxy requests (#2414)
Support retries of failed proxy requests
2023-05-12 20:36:24 +03:00
Samuel Berthe
deb17d2388 Doc: adding slog.Handler for Echo logging 2023-05-01 09:01:36 +03:00
cui fliter
0d47b7e6a9 fix misuses of a vs an
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-04-22 21:37:45 +03:00
Mihard
7d54690cdc
Proper colon support in reverse (#2416)
* Adds support of the escaped colon in echo.Reverse

---------

Co-authored-by: Mihard <mihard@webird.ru>
2023-04-16 21:13:47 +03:00
Simba Peng
de1c798143 Check whether is nil before invoking centralized error handling. 2023-04-15 21:48:33 +03:00
imxyb
a7802ea523 add supprt for go1.20 http.rwUnwrapper 2023-04-06 13:37:41 +03:00
imxyb
c0bc886b78 refactor: use strings.ReplaceAll directly 2023-03-31 20:59:08 +03:00
ivansmaliakou
f22ba6725c documentation: changed description for Bind() method of Context interface. Because Bind()` binds not only request body, but also path and query params 2023-03-16 07:46:03 +02:00
toimtoimtoim
ec642f7df1 Fix group.RouteNotFound not working when group has attached middlewares 2023-03-02 23:14:52 +02:00
Becir Basic
5b36ce3612
Fixes the concurrency issue of calling the Next() proxy target on RRB (#2409)
* Fixes the concurrency issue of calling the `Next()` proxy target on round robin balancer

- fixed concurrency issue in `AddTarget()`
- moved `rand.New()` to the random balancer initializer func.
- internal code reorganized eliminating unnecessary pointer redirection
- employing `sync.Mutex` instead of `RWMutex` which brings additional overhead of tracking readers and writers. No need for that since the guarded code has no long-running operations, hence no realistic congestion.
- added additional guards without which the code would otherwise panic (e.g., the case where a random value is calculation when targets list is empty)
- added descriptions for func return values, what to expect in which case.
- Improve code test coverage

---------

Co-authored-by: Becir Basic <bb@neotel.at>
2023-02-24 20:32:41 +02:00
Omkar
1e575b7b56
Added a optional config variable to disable centralized error handler in recovery middleware (#2410)
Added a config variable to disable centralized error handler in recovery middleware
2023-02-24 13:09:40 +02:00
toimtoimtoim
47844c9b7f Changelog for v4.10.2 2023-02-22 01:11:41 +02:00
toimtoimtoim
f909660bb9 Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely. 2023-02-22 00:05:31 +02:00
toimtoimtoim
ef4aea97ef use different variable name so returned function would not accidentally be able to use it in future and cause data race 2023-02-22 00:05:31 +02:00
Martti T
7c7531002d
Clean on go1.20 (#2406)
* Fix tests failing on Go 1.20 on Windows. Clean works differently on 1.20. Use path.Clean instead with some workaround related to errors.
2023-02-22 00:00:52 +02:00
Ara Park
04ba8e2f9d
Add more http error values (#2277)
* Add more HTTP error constants
2023-02-21 22:32:11 +01:00
toimtoimtoim
b888a30fe3 Changelog for v4.10.1 2023-02-19 21:12:17 +02:00
toimtoimtoim
2c25767e45 remediate flaky timeout tests 2023-02-19 20:26:17 +02:00
toimtoimtoim
a3998ac96a Upgrade deps due to the latest golang.org/x/net vulnerability 2023-02-19 20:26:17 +02:00
toimtoimtoim
45da0f888b remove .travis.yml 2023-02-19 20:26:17 +02:00
Roman Garanin
6b09f3ffeb Update link to jaegertracing
Added https:// prefix, without it github markdown rendering does strange things
2023-02-10 14:43:25 +02:00
Hakan Kutluay
82a964c657
Add context timeout middleware (#2380)
Add context timeout middleware


Co-authored-by: Erhan Akpınar <erhan.akpinar@yemeksepeti.com>
Co-authored-by: @erhanakp
2023-02-01 22:38:20 +02:00
Brie Taylor
08093a4a1d Return an empty string for ctx.path if there is no registered path 2023-01-28 18:15:49 +02:00
toimtoimtoim
24a30611df Add new JWT repository to the README 2023-01-04 00:09:30 +02:00
toimtoimtoim
f36d5662fb Changelog for 4.10.0 2022-12-27 21:59:53 +02:00