gofiber/fiber v3.3.0 on GitHub

🚀 New

Add support for configuring the Regex engine on the router (#4254)
Swap the compiler used for regex() route constraints. Assign a drop-in engine such as coregex.MustCompile for faster matching;Fiber reuses the compiled matcher across requests.
```
app := fiber.New(fiber.Config{
    RegexHandler: coregex.MustCompile, // default: regexp.MustCompile
})
```
https://docs.gofiber.io/api/fiber#regexhandler
Host auth middleware (#4199)
New hostauthorization middleware that validates the incoming Host header against an allowlist (exact host, .subdomain wildcard, CIDR range) to protect against DNS rebinding attacks.
```
app.Use(hostauthorization.New(hostauthorization.Config{
    AllowedHosts: []string{"api.myapp.com", ".myapp.com", "10.0.0.0/8"},
}))
```
https://docs.gofiber.io/middleware/hostauthorization
Delegate implementation to fasthttp/prefork (#4210)
Prefork now delegates to fasthttp's prefork package and adds PreforkRecoverThreshold (max child restarts before the master exits) and PreforkLogger to ListenConfig.
https://docs.gofiber.io/api/fiber#preforkrecoverthreshold
Add support for contextual logs (#4241)
Render request-scoped fields in log.WithContext(c) by configuring a template with log.SetContextTemplate, reusing the middleware/logger engine (including ${value:key} for arbitrary context values).
```
log.MustSetContextTemplate(log.ContextConfig{Format: log.RequestIDFormat})

app.Get("/", func(c fiber.Ctx) error {
    log.WithContext(c).Info("start") // renders the request id
    return c.SendString("ok")
})
```
https://docs.gofiber.io/api/log#bind-context
Add storage backed SharedState for prefork applications (#4243)
A prefork-safe, storage-backed key/value store via app.SharedState() for data shared across workers/processes, with JSON/MsgPack/CBOR/XML helpers and automatic key namespacing. app.State() stays process-local.
```
app := fiber.New(fiber.Config{
    SharedStorage: redis.New(), // any fiber.Storage shared across workers
})
app.SharedState().SetJSON("config", cfg, 0)
```
https://docs.gofiber.io/api/state#sharedstate-prefork-safe
Add lightweight SSE middleware (#4239)
A Fiber-native middleware/sse for Server-Sent Events: SSE headers, event/comment/retry frames, per-write flushing, heartbeats,
Last-Event-ID access, and disconnect detection via stream.Context().
```
app.Get("/events", sse.New(sse.Config{
    Handler: func(c fiber.Ctx, stream *sse.Stream) error {
        return stream.Event(sse.Event{Name: "message", Data: fiber.Map{"message": "hello"}})
    },
}))
```
https://docs.gofiber.io/middleware/sse

🧹 Updates

Add prefixes to unexported boolean fields (#4300)
Improve error messages in SaveFileToStorage (#4173)
Streamline request handler selection and context management for improved performance (#4233)

🐛 Fixes

Preserve mounted sub-app regex handler during mount prefixing (#4308)
Trim only one trailing dot in host normalization (#4307)
Reject oversized unknown-length adaptor request bodies (#4306)
Fix compress middleware's shouldSkip method to avoid memory growth (#4284)
Reject malformed host authorities in hostauthorization (#4293)
Synchronize view reloads with template rendering (#4288)
Avoid panic for non-struct listeners in TLS config discovery (#4305)
Clear plaintext cookie when encryption fails (#4303)
Fix regex route constraint parsing with literal > (#4292)
Reject empty normalized host before dynamic matching (#4291)
Preserve idempotency replay protection for oversized responses (#4287)
Enforce CookieJar domain acceptance and host-only cookie matching (#4282)
Avoid panic when reading released Fiber context values (#4271)
Enforce static root for fs-backed directory serving (#4277)
Prevent negative paginate start overflow (#4272)
Prevent SharedState namespace key collisions (#4274)
Copy FullURL string before returning pooled buffer (#4275)
Enforce paginate sort allowlist when AllowedSorts is unset (#4276)
Validate and safely apply workflow version updates (#4273)
Close BodyStream in adaptor FiberHandler streaming path (#4267)
Prevent panic when MsgPack is not configured (#4268)
Keep IsFromLocal loopback-only and add unix-socket helper (#4270)
Prevent panic when CBOR is not explicitly configured (#4269)
Guard session logger tag against released middleware (#4265)
Add X-Real-IP protection to Forward and DomainForward variants (#4261)
Ensure BalancerForward overwrites X-Real-IP header (#4260)
Add test coverage for multipart BodyLimit error handling (#4237)
Improve error propagation in Express-style handler (#4250)
Remove SSE Next and clarify SSE handler docs (#4247)
BasicAuth verifier for unknown users (#4245)

🛠️ Maintenance

13 changes

bump github.com/shamaton/msgpack/v3 from 3.1.1 to 3.1.2 (#4296)
bump codecov/codecov-action from 6.0.0 to 6.0.1 (#4294)
bump actions/add-to-project from 1.0.2 to 2.0.0 (#4256)
bump github.com/shamaton/msgpack/v3 from 3.1.0 to 3.1.1 (#4281)
bump the golang-modules group with 3 updates (#4278)
bump golang.org/x/sys from 0.43.0 to 0.44.0 in the golang-modules group (#4262)
bump DavidAnson/markdownlint-cli2-action from 23.1.0 to 23.2.0 (#4259)
bump benchmark-action/github-action-benchmark from 1.22.0 to 1.22.1 (#4258)
bump github.com/valyala/fasthttp from 1.70.0 to 1.71.0 in the fasthttp-modules group (#4255)
bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (#4249)
bump DavidAnson/markdownlint-cli2-action from 23.0.0 to 23.1.0 (#4246)
bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22 (#4242)

📚 Documentation

Fix invalid RouteChain method chaining example (#4304)
Harden reverse proxy X-Forwarded-For example (#4266)
Correct fasthttpctx Done semantics in context guide (#4264)
Clarify ${bytesSent} behavior in logger middleware (#4251)
Clarify prefork security model and OS-specific socket behavior (#4240)

📒 Documentation: https://docs.gofiber.io/next/

💬 Discord: https://gofiber.io/discord

Full Changelog: v3.2.0...v3.3.0

Thank you @ReneWerner87, @elton-peixoto-lu, @gaby, @gtoxlili, @lyyvalhalla, @mutantkeyboard, @pageton and @pratikramteke for making this release possible.