v2.52.3

🐛 Fixes

• Middleware/cors: Handling and wildcard subdomain matching by @sixcolors in #2915
• Middleware/cors: Categorize requests correctly by @sixcolors in #2921
• Middleware/csrf: Fix Benchmark Tests by @sixcolors in #2932

Full Changelog: v2.52.2...v2.52.3

v2.52.2

🐛 Fixes

• Middleware/cors: Validation of multiple Origins (#2883)

Full Changelog: v2.52.1...v2.52.2

v2.52.1

👮 Security

Middleware/cors: Insecure CORS Configuration Allowing Wildcard Origin with Credentials - GHSA-fmg4-x8pw-hjhg

https://docs.gofiber.io/api/middleware/cors

🐛 Fixes

• Middleware/healthcheck: Not working with route group(#2863)

📚 Documentation

• Fix default value to false in docs of QueryBool (#2811)
• Fix code snippet indentation in /docs/api/middleware/keyauth.md (#2867)

Full Changelog: v2.52.0...v2.52.1

Thank you @luk3skyw4lker, @CAEL0, @grivera64, @gaby and @sixcolors for making this update possible.

v2.52.0

🚀 New

• Middleware/healthcheck: Add liveness and readiness checks (#2509)
  https://docs.gofiber.io/api/middleware/healthcheck

// Direct usage with default config
app.Use(healthcheck.New())

// Or extend your config for customization
app.Use(healthcheck.New(healthcheck.Config{
    LivenessEndpoint: "/live",
    LivenessProbe: func(c *fiber.Ctx) bool {
        return true
    },
    ReadinessEndpoint: "/ready",
    ReadinessProbe: func(c *fiber.Ctx) bool {
        return serviceA.Ready() && serviceB.Ready() && ...
    },
}))

🧹 Updates

• Middlewares: don't constrain middlewares context-keys to strings (#2751)
• Middleware/logger: colorize logger error message #2593 (#2773)
• Middleware/logger: changing default log output (#2730)
• Middleware/logger: log client IP address by default (#2755)
• Middleware/encryptcookie: update default config (#2753)
• Improve benchmarks for getOffer (#2739)

🛠️ Maintenance

• Bump github/codeql-action from 2 to 3 (#2763)
• Bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
• Bump actions/setup-go from 4 to 5 (#2754)
• Bump golang.org/x/sys from 0.14.0 to 0.15.0 (#2744)
• Bump github.com/valyala/fasthttp from 1.50.0 to 1.51.0 (#2721)

🐛 Fixes

• Middleware/redirect : fix for redirect with query params (#2748)
• Middleware/adaptor: Adaptor + otelfiber issue #2641 (#2772)
• Middleware/cors: Should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
• Middleware/session: Race in session middleware tests (#2740)
• Middleware/csrf: Fix failing CSRF tests (#2720)
• Fix race condition in parallel tests (#2734)
• utils.IsIPv4 and net.ParseIP have inconsistent results #2735 (#2736)

📚 Documentation

• Middleware/csrf: Improve csrf docs (#2726)
• Update app.md for indentation (#2761)
• Update default config (#2753)
• Update CONTRIBUTING.md (#2752)

Full Changelog: v2.51.0...v2.52.0

Thank you @MehmetFiratKomurcu, @benjajaja, @brunodmartins, @gilwo, @iredmail, @itswcg, @luk3skyw4lker, @muhammadkholidb, @nickajacks1, @sixcolors and @tokelo-12 for making this update possible.

v2.51.0

🚀 New

• Add support for parameters in content negotiation (#2678) RFC
  https://docs.gofiber.io/api/ctx#accepts

// Consideration of parameters in the accepted headers
// Accept: text/plain, application/json; version=1; foo=bar

app.Get("/", func(c *fiber.Ctx) error {
  // Extra parameters in the accept are ignored
  c.Accepts("text/plain;format=flowed") // "text/plain;format=flowed"

  // An offer must contain all parameters present in the Accept type
  c.Accepts("application/json") // ""

  // Parameter order and capitalization does not matter. Quotes on values are stripped.
  c.Accepts(`application/json;foo="bar";VERSION=1`) // "application/json;foo="bar";VERSION=1"
})

• Add support for application/problem+json (#2704)
  https://docs.gofiber.io/api/ctx#json
  https://docs.gofiber.io/api/client#json

// Passing a custom json type
ctx.JSON(fiber.Map{
    "type": "https://example.com/probs/out-of-credit",
    "title": "You do not have enough credit.",
    "status": 403,
    "detail": "Your current balance is 30, but that costs 50.",
    "instance": "/account/12345/msgs/abc",
  }, fiber.)

🧹 Updates

• Ctx.Range: reduce allocations (#2705)
• Middleware/pprof: improve performance (#2709)

🛠️ Maintenance

• Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#2707)
• Bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2693)
• Bump actions/setup-node from 3 to 4 (#2690)
• Bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#2679)

🐛 Fixes

• Middleware/limiter: fix intermittent failures (#2716)
• Naming of routes works wrong after mount #2688 (#2689)
• Fix method validation on route naming (#2686)

📚 Documentation

• Changed "Twitter" to "X (Twitter)" in README.md Contribute Section (#2696)
• Add additional information as to why GetReqHeaders returns a map where the values are slices of strings (#2698)
• Enhance csrf.md (#2692)

Full Changelog: v2.50.0...v2.51.0

Thank you @BandhiyaHardik, @database64128, @efectn, @moritz157, @nickajacks1, @rhburt and @sixcolors for making this update possible.

v2.50.0

❗ Breaking Changes

• Change signatures of GetReqHeaders and GetRespHeaders (#2650)

To allow single and list values under headers according to the rfc standard

- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string

- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string

👮 Security

Middleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)

https://docs.gofiber.io/api/middleware/csrf

🚀 Improvements to the CSRF middleware:

• Added support for single-use tokens through the SingleUseToken configuration option.
• Optional integration with GoFiber session middleware through the Session and SessionKey configuration options.
• Introduction of origin checks for HTTPS connections to verify referer headers.
• Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without Session.
• Enhancement of error handling with more descriptive error messages.
• The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.

Thank you @sixcolors

🚀 New

• Cookie parser (#2656)
  https://docs.gofiber.io/api/ctx#cookieparser

// Field names should start with an uppercase letter
type Person struct {
    Name     string  `cookie:"name"`
    Age      int     `cookie:"age"`
    Job      bool    `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
    p := new(Person)
    // This method is similar to BodyParser, but for cookie parameters
    if err := c.CookieParser(p); err != nil {
        return err
    }
    
    log.Println(p.Name)     // Joseph
    log.Println(p.Age)      // 23
    log.Println(p.Job)      // true
})

• Middleware/cors: Allow disabling caching in preflight requests (#2649)
  https://docs.gofiber.io/api/middleware/cors#config

// To disable caching completely, pass MaxAge value negative. It will set the Access-Control-Max-Age header 0.
app.Use(cors.New(cors.Config{MaxAge: -1})) 

• Middleware/session: Add Reset method to Session struct in session middleware (#2654)
  https://docs.gofiber.io/api/middleware/session#signatures

// Provide more flexibility in session management, especially in scenarios like repeated user logins
func (s *Session) Reset() error

Example usage:

// Initialize default config
// This stores all of your app's sessions
store := session.New()

app.Post("/login", func(c *fiber.Ctx) error {
    // Get session from storage
    sess, err := store.Get(c)
    if err != nil {
        panic(err)
    }
    
    // ... validate login ...
    
    // Check if the session is fresh
    if !sess.Fresh() {
        // If the session is not fresh, reset it
        if err := sess.Reset(); err != nil {
            panic(err)
        }
    }
    // Set new session data
    sess.Set("user_id", user.ID)
    // Save session
    if err := sess.Save(); err != nil {
        panic(err)
    }

    return c.SendString(fmt.Sprintf("Welcome %v", user.ID))
})

• Middleware/session: Add Delete method to Store struct in session middleware (#2655)
  https://docs.gofiber.io/api/middleware/session#signatures

// Provide more control over individual session management, especially in scenarios 
// like administrator-enforced user logout or user-initiated logout from a specific device session
func (s *Store) Delete(id string) error

Example usage:

app.Post("/admin/session/:id/logout", func(c *fiber.Ctx) error {
    // Get session id from request
    sessionID := c.Params("id")

    // Delete the session
    if err := store.Delete(sessionID); err != nil {
        return c.Status(500).SendString(err.Error())
    }

    return c.SendString("Logout successful")
})

🧹 Updates

• Middleware/filesystem: Improve status for SendFile (#2664)
• Middleware/filesystem: Set response code (#2632)
• Refactor Ctx.Method func to improve code readability (#2647)

🛠️ Maintenance

• Fix loop variable captured by func literal (#2660)
• Run gofumpt and goimports (#2662)
• Use utils.AssertEqual instead of t.Fatal on some tests (#2653)
• Apply go fix ./... with latest version of go in repository (#2661)
• Bump github.com/valyala/fasthttp from 1.49.0 to 1.50.0 (#2634)
• Bump golang.org/x/sys from 0.12.0 to 0.13.0 (#2665)

🐛 Fixes

• Path checking on route naming (#2676)
• Incorrect log depth when use log.WithContext (#2666)
• Jsonp ignoring custom json encoder (#2658)
• PassLocalsToView when bind parameter is nil (#2651)
• Parse ips return invalid in abnormal case (#2642)
• Bug parse custom header (#2638)
• Middleware/adaptor: Reduce memory usage by replacing io.ReadAll() with io.Copy() (#2637)
• Middleware/idempotency: Nil pointer dereference issue on idempotency middleware (#2668)

📚 Documentation

• Incorrect status code source (#2667)
• Middleware/requestid: Typo in requestid.md (#2675)
• Middleware/cors: Update docs to better explain AllowOriginsFunc (#2652)

Full Changelog: v2.49.2...v2.50.0

Thank you @kaptinlin, @Skyenought, @cuipeiyu, @dairlair, @efectn, @gaby, @geerew, @huykn, @jimmyl02, @joey1123455, @joshlarsen, @jscappini, @peczenyj and @sixcolors for making this update possible.

v2.49.2

🧹 Updates

• Middleware/logger: Enabling color changes padding for some fields #2604 (#2616)
• Bump actions/checkout from 3 to 4 (#2618)
• Bump golang.org/x/sys from 0.11.0 to 0.12.0 (#2617)

🐛 Fixes

• Vulnerability in Ctx.IsFromLocal(GHSA-3q5p-3558-364f)

📚 Documentation

• Replaced double quotes with backticks in all route parameter strings (#2591)

Full Changelog: v2.49.1...v2.49.2

Thank you @11-aryan and @AKARSHITJOSHI for making this update possible.

v2.49.1

🧹 Updates

• Bump github.com/valyala/fasthttp from 1.48.0 to 1.49.0 (#2615)

🐛 Fixes

• Rollback changes to go.mod file (#2614)

📚 Documentation

• Add Polish translation - README_pl.md (#2613)
• Update README_ko.md (#2605)

Full Changelog: v2.49.0...v2.49.1

Thank you @KompocikDot, @LimJiAn and @gaby for making this update possible.

v2.49.0

❗ Breaking Changes

• Add config to enable splitting by comma in parsers (#2560)
  https://docs.gofiber.io/api/fiber#config

EnableSplittingOnParsers splits the query/body/header parameters by comma when it's true (default: false).

For example, you can use it to parse multiple values from a query parameter like this:
/api?foo=bar,baz == foo[]=bar&foo[]=baz

🚀 New

• Add custom data property to favicon middleware config (#2579)
  https://docs.gofiber.io/api/middleware/favicon#config

This allows the user to use //go:embed flags to load favicon data during build-time, and supply it to the middleware instead of reading the file every time the application starts.

🧹 Updates

• Middleware/logger: Latency match gin-gonic/gin formatter (#2569)
• Middleware/filesystem: Refactor: use errors.Is instead of os.IsNotExist (#2558)
• Use Global vars instead of local vars for isLocalHost (#2595)
• Remove redundant nil check (#2584)
• Bump github.com/mattn/go-runewidth from 0.0.14 to 0.0.15 (#2551)
• Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2592)
• Bump golang.org/x/sys from 0.10.0 to 0.11.0 (#2563)
• Add go 1.21 to ci and readmes (#2588)

🐛 Fixes

• Middleware/logger: Default latency output format (#2580)
• Decompress request body when multi Content-Encoding sent on request headers (#2555)

📚 Documentation

• Fix wrong JSON docs (#2554)
• Update io/ioutil package to io package (#2589)
• Replace EG flag with the proper and smaller SVG (#2585)
• Added Egyptian Arabic readme file (#2565)
• Translate README to Portuguese (#2567)
• Improve *fiber.Client section (#2553)
• Improved the config section of the middleware readme´s (#2552)
• Added documentation about ctx Fresh (#2549)
• Update intro.md (#2550)
• Fixed link to slim template engine (#2547)

Full Changelog: v2.48.0...v2.49.0

Thank you @Jictyvoo, @Juneezee, @Kirari04, @LimJiAn, @PassTheMayo, @andersonmiranda-com, @bigpreshy, @efectn, @renanbastos93, @scandar, @sixcolors and @stefanb for making this update possible.

v2.48.0

🚀 New

• Add ability to print custom message on startup (#2491)
  https://docs.gofiber.io/guide/hooks#onlisten

app := fiber.New(fiber.Config{
  DisableStartupMessage: true,
})

app.Hooks().OnListen(func(listenData fiber.ListenData) error {
  if fiber.IsChild() {
      return nil
  }
  scheme := "http"
  if data.TLS {
    scheme = "https"
  }
  log.Println(scheme + "://" + listenData.Host + ":" + listenData.Port)
  return nil
})

app.Listen(":5000")

• Add Logger interface and fiberlog (#2499)
  https://docs.gofiber.io/api/log

🧹 Updates

• Dictpool is not completely gone (#2540)
• Bump golang.org/x/sys from 0.9.0 to 0.10.0 (#2530)
• Bump github.com/valyala/fasthttp from 1.47.0 to 1.48.0 (#2511)

🐛 Fixes

• Middleware/logger: Default logger color behaviour (#2513)

📚 Documentation

• Fix link (#2542)
• Fix bad documentation on queries function (#2522)
• Fix validation-guide (#2517)
• Fix bad documentation on queries function (#2522)
• Add a warning on security implications when using X-Forwarded-For improperly (#2520)
• Fix typo (#2518)
• Typo in ctx.md (#2516)
• Fix comment in client.go (#2514)
• Fix docs api fiber custom config (#2510)

Full Changelog: v2.47.0...v2.48.0

Thank you @ForAeons, @RHeynsZa, @Saman-Safaei, @Skyenought, @Z3NTL3, @andre-dasilva, @cmd777, @dozheiny, @efectn, @f1rstmehul, @gaby, @itcuihao and @mo1ein for making this update possible.