|
| 1 | +# Changelog |
| 2 | + |
| 3 | +## v4.2.0 - 2020-02-11 |
| 4 | + |
| 5 | +**Important notes** |
| 6 | + |
| 7 | +The behaviour for binding data has been reworked for compatibility with echo before v4.1.11 by |
| 8 | +enforcing `explicit tagging` for processing parameters. This **may break** your code if you |
| 9 | +expect combined handling of query/path/form params. |
| 10 | +Please see the updated documentation for [request](https://echo.labstack.com/guide/request) and [binding](https://echo.labstack.com/guide/request) |
| 11 | + |
| 12 | +The handling for rewrite rules has been slightly adjusted to expand `*` to a non-greedy `(.*?)` capture group. This is only relevant if multiple asterisks are used in your rules. |
| 13 | +Please see [rewrite](https://echo.labstack.com/middleware/rewrite) and [proxy](https://echo.labstack.com/middleware/proxy) for details. |
| 14 | + |
| 15 | +**Security** |
| 16 | + |
| 17 | +* Fix directory traversal vulnerability for Windows (#1718, little-cui) |
| 18 | +* Fix open redirect vulnerability with trailing slash (#1771,#1775 aldas,GeoffreyFrogeye) |
| 19 | + |
| 20 | +**Enhancements** |
| 21 | + |
| 22 | +* Add Echo#ListenerNetwork as configuration (#1667, pafuent) |
| 23 | +* Add ability to change the status code using response beforeFuncs (#1706, RashadAnsari) |
| 24 | +* Echo server startup to allow data race free access to listener address |
| 25 | +* Binder: Restore pre v4.1.11 behaviour for c.Bind() to use query params only for GET or DELETE methods (#1727, aldas) |
| 26 | +* Binder: Add separate methods to bind only query params, path params or request body (#1681, aldas) |
| 27 | +* Binder: New fluent binder for query/path/form parameter binding (#1717, #1736, aldas) |
| 28 | +* Router: Performance improvements for missed routes (#1689, pafuent) |
| 29 | +* Router: Improve performance for Real-IP detection using IndexByte instead of Split (#1640, imxyb) |
| 30 | +* Middleware: Support real regex rules for rewrite and proxy middleware (#1767) |
| 31 | +* Middleware: New rate limiting middleware (#1724, iambenkay) |
| 32 | +* Middleware: New timeout middleware implementation for go1.13+ (#1743, ) |
| 33 | +* Middleware: Allow regex pattern for CORS middleware (#1623, KlotzAndrew) |
| 34 | +* Middleware: Add IgnoreBase parameter to static middleware (#1701, lnenad, iambenkay) |
| 35 | +* Middleware: Add an optional custom function to CORS middleware to validate origin (#1651, curvegrid) |
| 36 | +* Middleware: Support form fields in JWT middleware (#1704, rkfg) |
| 37 | +* Middleware: Use sync.Pool for (de)compress middleware to improve performance (#1699, #1672, pafuent) |
| 38 | +* Middleware: Add decompress middleware to support gzip compressed requests (#1687, arun0009) |
| 39 | +* Middleware: Add ErrJWTInvalid for JWT middleware (#1627, juanbelieni) |
| 40 | +* Middleware: Add SameSite mode for CSRF cookies to support iframes (#1524, pr0head) |
| 41 | + |
| 42 | +**Fixes** |
| 43 | + |
| 44 | +* Fix handling of special trailing slash case for partial prefix (#1741, stffabi) |
| 45 | +* Fix handling of static routes with trailing slash (#1747) |
| 46 | +* Fix Static files route not working (#1671, pwli0755, lammel) |
| 47 | +* Fix use of caret(^) in regex for rewrite middleware (#1588, chotow) |
| 48 | +* Fix Echo#Reverse for Any type routes (#1695, pafuent) |
| 49 | +* Fix Router#Find panic with infinite loop (#1661, pafuent) |
| 50 | +* Fix Router#Find panic fails on Param paths (#1659, pafuent) |
| 51 | +* Fix DefaultHTTPErrorHandler with Debug=true (#1477, lammel) |
| 52 | +* Fix incorrect CORS headers (#1669, ulasakdeniz) |
| 53 | +* Fix proxy middleware rewritePath to use url with updated tests (#1630, arun0009) |
| 54 | +* Fix rewritePath for proxy middleware to use escaped path in (#1628, arun0009) |
| 55 | +* Remove unless defer (#1656, imxyb) |
| 56 | + |
| 57 | +**General** |
| 58 | + |
| 59 | +* New maintainers for Echo: Roland Lammel (@lammel) and Pablo Andres Fuente (@pafuent) |
| 60 | +* Add GitHub action to compare benchmarks (#1702, pafuent) |
| 61 | +* Binding query/path params and form fields to struct only works for explicit tags (#1729,#1734, aldas) |
| 62 | +* Add support for Go 1.15 in CI (#1683, asahasrabuddhe) |
| 63 | +* Add test for request id to remain unchanged if provided (#1719, iambenkay) |
| 64 | +* Refactor echo instance listener access and startup to speed up testing (#1735, aldas) |
| 65 | +* Refactor and improve various tests for binding and routing |
| 66 | +* Run test workflow only for relevant changes (#1637, #1636, pofl) |
| 67 | +* Update .travis.yml (#1662, santosh653) |
| 68 | +* Update README.md with an recents framework benchmark (#1679, pafuent) |
| 69 | + |
| 70 | +This release was made possible by **over 100 commits** from more than **20 contributors**: |
| 71 | +asahasrabuddhe, aldas, AndrewKlotz, arun0009, chotow, curvegrid, iambenkay, imxyb, |
| 72 | +juanbelieni, lammel, little-cui, lnenad, pafuent, pofl, pr0head, pwli, RashadAnsari, |
| 73 | +rkfg, santosh653, segfiner, stffabi, ulasakdeniz |
0 commit comments