Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update module github.com/labstack/echo/v4 to v4.2.0 (master) #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update module github.com/labstack/echo/v4 to v4.2.0 (master) #8

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
github.com/labstack/echo/v4 require minor v4.1.16 -> v4.2.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE Reachability
Medium Medium 5.3 CVE-2020-36565

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v4.2.0

Compare Source

Important notes

The behaviour for binding data has been reworked for compatibility with echo before v4.1.11 by
enforcing explicit tagging for processing parameters. This may break your code if you
expect combined handling of query/path/form params.
Please see the updated documentation for request and binding

The handling for rewrite rules has been slightly adjusted to expand * to a non-greedy (.*?) capture group. This is only relevant if multiple asterisks are used in your rules.
Please see rewrite and proxy for details.

Security

  • Fix directory traversal vulnerability for Windows (#​1718, little-cui)
  • Fix open redirect vulnerability with trailing slash (#​1771,#​1775 aldas,GeoffreyFrogeye)

Enhancements

  • Add Echo#ListenerNetwork as configuration (#​1667, pafuent)
  • Add ability to change the status code using response beforeFuncs (#​1706, RashadAnsari)
  • Echo server startup to allow data race free access to listener address
  • Binder: Restore pre v4.1.11 behaviour for c.Bind() to use query params only for GET or DELETE methods (#​1727, aldas)
  • Binder: Add separate methods to bind only query params, path params or request body (#​1681, aldas)
  • Binder: New fluent binder for query/path/form parameter binding (#​1717, #​1736, aldas)
  • Router: Performance improvements for missed routes (#​1689, pafuent)
  • Router: Improve performance for Real-IP detection using IndexByte instead of Split (#​1640, imxyb)
  • Middleware: Support real regex rules for rewrite and proxy middleware (#​1767)
  • Middleware: New rate limiting middleware (#​1724, iambenkay)
  • Middleware: New timeout middleware implementation for go1.13+ (#​1743, )
  • Middleware: Allow regex pattern for CORS middleware (#​1623, KlotzAndrew)
  • Middleware: Add IgnoreBase parameter to static middleware (#​1701, lnenad, iambenkay)
  • Middleware: Add an optional custom function to CORS middleware to validate origin (#​1651, curvegrid)
  • Middleware: Support form fields in JWT middleware (#​1704, rkfg)
  • Middleware: Use sync.Pool for (de)compress middleware to improve performance (#​1699, #​1672, pafuent)
  • Middleware: Add decompress middleware to support gzip compressed requests (#​1687, arun0009)
  • Middleware: Add ErrJWTInvalid for JWT middleware (#​1627, juanbelieni)
  • Middleware: Add SameSite mode for CSRF cookies to support iframes (#​1524, pr0head)

Fixes

  • Fix handling of special trailing slash case for partial prefix (#​1741, stffabi)
  • Fix handling of static routes with trailing slash (#​1747)
  • Fix Static files route not working (#​1671, pwli0755, lammel)
  • Fix use of caret(^) in regex for rewrite middleware (#​1588, chotow)
  • Fix Echo#Reverse for Any type routes (#​1695, pafuent)
  • Fix Router#Find panic with infinite loop (#​1661, pafuent)
  • Fix Router#Find panic fails on Param paths (#​1659, pafuent)
  • Fix DefaultHTTPErrorHandler with Debug=true (#​1477, lammel)
  • Fix incorrect CORS headers (#​1669, ulasakdeniz)
  • Fix proxy middleware rewritePath to use url with updated tests (#​1630, arun0009)
  • Fix rewritePath for proxy middleware to use escaped path in (#​1628, arun0009)
  • Remove unless defer (#​1656, imxyb)

General

  • New maintainers for Echo: Roland Lammel (@​lammel) and Pablo Andres Fuente (@​pafuent)
  • Add GitHub action to compare benchmarks (#​1702, pafuent)
  • Binding query/path params and form fields to struct only works for explicit tags (#​1729,#​1734, aldas)
  • Add support for Go 1.15 in CI (#​1683, asahasrabuddhe)
  • Add test for request id to remain unchanged if provided (#​1719, iambenkay)
  • Refactor echo instance listener access and startup to speed up testing (#​1735, aldas)
  • Refactor and improve various tests for binding and routing
  • Run test workflow only for relevant changes (#​1637, #​1636, pofl)
  • Update .travis.yml (#​1662, santosh653)
  • Update README.md with an recents framework benchmark (#​1679, pafuent)

This release was made possible by over 100 commits from more than 20 contributors:
asahasrabuddhe, aldas, AndrewKlotz, arun0009, chotow, curvegrid, iambenkay, imxyb,
juanbelieni, lammel, little-cui, lnenad, pafuent, pofl, pr0head, pwli, RashadAnsari,
rkfg, santosh653, segfiner, stffabi, ulasakdeniz

v4.1.17

Compare Source

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants