Sourced from github.com/labstack/echo/v4's releases.

v4.9.0

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

Enhancements

... (truncated)

Sourced from github.com/labstack/echo/v4's changelog.

v4.9.0 - 2022-09-04

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0 - 2022-08-10

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2 - 2022-03-16

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

... (truncated)

• 16d3b65 Changelog for 4.9.0
• 0ac4d74 Fix #2259 open redirect vulnerability in echo.StaticDirectoryHandler (used by...
• d77e8c0 Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (#2257)
• 534bbb8 replace POST constance with stdlib constance
• fb57d96 replace GET constance with stdlib constance
• d48197d Changelog for 4.8.0
• cba12a5 Allow arbitrary HTTP method types to be added as routes
• a327884 add:README.md-Third-party middlewares-github.com/go-woo/protoc-gen-echo
• 61422dd Update CI-flow (Go 1.19 +deps)
• a9879ff Middlewares should use errors.As() instead of type assertion on HTTPError
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from github.com/gin-gonic/gin's releases.

Release v1.7.0

BUGFIXES

• fix compile error from #2572 (#2600)
• fix: print headers without Authorization header on broken pipe (#2528)
• fix(tree): reassign fullpath when register new node (#2366)

ENHANCEMENTS

• Support params and exact routes without creating conflicts (#2663)
• chore: improve render string performance (#2365)
• Sync route tree to httprouter latest code (#2368)
• chore: rename getQueryCache/getFormCache to initQueryCache/initFormCa (#2375)
• chore(performance): improve countParams (#2378)
• Remove some functions that have the same effect as the bytes package (#2387)
• update:SetMode function (#2321)
• remove a unused type SecureJSONPrefix (#2391)
• Add a redirect sample for POST method (#2389)
• Add CustomRecovery builtin middleware (#2322)
• binding: avoid 2038 problem on 32-bit architectures (#2450)
• Prevent panic in Context.GetQuery() when there is no Request (#2412)
• Add GetUint and GetUint64 method on gin.context (#2487)
• update content-disposition header to MIME-style (#2512)
• reduce allocs and improve the render WriteString (#2508)
• implement ".Unwrap() error" on Error type (#2525) (#2526)
• Allow bind with a map[string]string (#2484)
• chore: update tree (#2371)
• Support binding for slice/array obj [Rewrite] (#2302)
• basic auth: fix timing oracle (#2609)
• Add mixed param and non-param paths (port of httprouter#329) (#2663)
• feat(engine): add trustedproxies and remoteIP (#2632)

Improve performance

ENHANCEMENTS

• Improve performance: Change *sync.RWMutex to sync.RWMutex in context. #2351

release v1.6.2

Release Notes

• BUGFIXES
  • fix missing initial sync.RWMutex (#2305)
• ENHANCEMENTS
  • Add set samesite in cookie. (#2306)

Contributors

• @​appleboy

release v1.6.1

... (truncated)

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.7.0

BUGFIXES

• fix compile error from #2572 (#2600)
• fix: print headers without Authorization header on broken pipe (#2528)
• fix(tree): reassign fullpath when register new node (#2366)

ENHANCEMENTS

• Support params and exact routes without creating conflicts (#2663)
• chore: improve render string performance (#2365)
• Sync route tree to httprouter latest code (#2368)
• chore: rename getQueryCache/getFormCache to initQueryCache/initFormCa (#2375)
• chore(performance): improve countParams (#2378)
• Remove some functions that have the same effect as the bytes package (#2387)
• update:SetMode function (#2321)
• remove a unused type SecureJSONPrefix (#2391)
• Add a redirect sample for POST method (#2389)
• Add CustomRecovery builtin middleware (#2322)
• binding: avoid 2038 problem on 32-bit architectures (#2450)
• Prevent panic in Context.GetQuery() when there is no Request (#2412)
• Add GetUint and GetUint64 method on gin.context (#2487)
• update content-disposition header to MIME-style (#2512)
• reduce allocs and improve the render WriteString (#2508)
• implement ".Unwrap() error" on Error type (#2525) (#2526)
• Allow bind with a map[string]string (#2484)
• chore: update tree (#2371)
• Support binding for slice/array obj [Rewrite] (#2302)
• basic auth: fix timing oracle (#2609)
• Add mixed param and non-param paths (port of httprouter#329) (#2663)
• feat(engine): add trustedproxies and remoteIP (#2632)

Gin v1.6.3

ENHANCEMENTS

• Improve performance: Change *sync.RWMutex to sync.RWMutex in context. #2351

Gin v1.6.2

BUGFIXES

• fix missing initial sync.RWMutex #2305

ENHANCEMENTS

• Add set samesite in cookie. #2306

Gin v1.6.1

BUGFIXES

• Revert "fix accept incoming network connections" #2294

... (truncated)

• d496f64 bump to v1.7.0 version (#2672)
• bfc8ca2 feat(engine): add trustedproxies and remoteIP (#2632)
• f3de813 Add mixed param and non-param paths (port of httprouter#329) (#2663)
• a331dc6 chore: remove duplicate test 'assert.Equal' (#2617)
• ed6f85c build: convert to go:build directives (#2664)
• 1bdf86b Remove the tedious named return value (#2620)
• e899771 chore: Deleted spaces (#2622)
• b01605b basic auth: fix timing oracle (#2609)
• 46ddd42 Fixes to the graceful shutdown example (#2552)
• f4bc259 fix error gin support min Go version (#2584)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.