Security
-
We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.
JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (
github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain. -
This minor version bumps minimum Go version to 1.17 (from 1.16) due
golang.org/x/packages we depend on. There are several vulnerabilities fixed in these libraries.Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.
Enhancements
- Bump x/text to 0.3.8 #2305
- Bump dependencies and add notes about Go releases we support #2336
- Add helper interface for ProxyBalancer interface #2316
- Expose
middleware.CreateExtractorsfunction so we can use it from echo-contrib repository #2338 - Refactor func(Context) error to HandlerFunc #2315
- Improve function comments #2329
- Add new method HTTPError.WithInternal #2340
- Replace io/ioutil package usages #2342
- Add staticcheck to CI flow #2343
- Replace relative path determination from proprietary to std #2345
- Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
- Add testcases for some BodyLimit middleware configuration options #2350
- Additional configuration options for RequestLogger and Logger middleware #2341
- Add route to request log #2162
- GitHub Workflows security hardening #2358
- Add govulncheck to CI and bump dependencies #2362
- Fix rate limiter docs #2366
- Refactor how
e.Routes()work and introducee.OnAddRouteHandlercallback #2337