v4.10.1

Security

• Upgrade deps due to the latest golang.org/x/net vulnerability #2402

Enhancements

• Add new JWT repository to the README #2377
• Return an empty string for ctx.path if there is no registered path #2385
• Add context timeout middleware #2380
• Update link to jaegertracing #2394

v4.10.0

Security

• We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

  JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

• This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

  Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

• Bump x/text to 0.3.8 #2305
• Bump dependencies and add notes about Go releases we support #2336
• Add helper interface for ProxyBalancer interface #2316
• Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
• Refactor func(Context) error to HandlerFunc #2315
• Improve function comments #2329
• Add new method HTTPError.WithInternal #2340
• Replace io/ioutil package usages #2342
• Add staticcheck to CI flow #2343
• Replace relative path determination from proprietary to std #2345
• Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
• Add testcases for some BodyLimit middleware configuration options #2350
• Additional configuration options for RequestLogger and Logger middleware #2341
• Add route to request log #2162
• GitHub Workflows security hardening #2358
• Add govulncheck to CI and bump dependencies #2362
• Fix rate limiter docs #2366
• Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337

v4.9.1

Fixes

• Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

• Improve CORS documentation #2272
• Update readme about supported Go versions #2291
• Tests: improve error handling on closing body #2254
• Tests: refactor some of the assertions in tests #2275
• Tests: refactor assertions #2301

v4.9.0

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

Enhancements

• Recover middleware should not log panic for aborted handler #2134

v4.7.1

Fixes

• Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

Enhancements

• Remove some unused code #2116

v4.7.0 - 2022-03-01

Enhancements

• Add JWT, KeyAuth, CSRF multivalue extractors #2060
• Add LogErrorFunc to recover middleware #2072
• Add support for HEAD method query params binding #2027
• Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

• Fix X-Real-IP bug, improve tests #2007
• Minor syntax fixes #1994, #2102, #2102

General

• Add cache-control and connection headers #2103
• Add Retry-After header constant #2078
• Upgrade go directive in go.mod to 1.17 #2049
• Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

v4.6.3 - Fix Echo version number

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

• Add support for configurable target header for the request_id middleware #2040
• Change decompress middleware to use stream decompression instead of buffering #2018
• Documentation updates