v5.5.5

• In validation, fixed a panic when trying to convert a nil single value array using the ConvertSingleValueArrays option.
• Retract v5.5.4 as it introduced a bug: when a non-nullable field was provided and thus removed from the request, its associated validators were still executed.
• Fixed the bug introduced in v5.5.4.

Release v5.5.4

• Retract v5.5.3 as it introduced a bug in the absence detection for the root element (if validation.CurrentElement wasn't required).
• Fixed the bug introduced in v5.5.3

Release v5.5.3

• In validation, fixed nullable field absence detection. This fixes validators on nullable fields being executed even if the field is not present at all in the request.

Release v5.5.2

• Fixed request/response put back in the sync.Pool when the response was hijacked. This caused concurrent uses of these resources when using websockets.

Release v5.5.1

• session.DB() now applies the given context to the fallback DB using WithContext() before returning.

Release v5.5.0

• Static file serving (router.Static())
  • Now rejects paths containing \, // with 404 Not Found.
  • Now rejects non-empty paths that don't start with a slash. An empty path will still return index.html like before.
  • Now rejects paths containing a ., .. or empty segment.
  • These changes fix a vulnerability when using osfs.FS as the file system for router.Static(): files outside of the base path of the file system were accessible to the clients if they requested a path containing ...
  • For the Content-Disposition header, the actual path is now used to get the name of the file instead of the raw input. This solves the issue of an invalid header value returned when the returned file is index.html.
• In response.File() and response.Download(), the file is now opened only once instead of thrice.
• fsutil changes:
  • Added fsutil.DetectContentType(), which sniffs directly from a reader instead of a file name.
  • Added fsutil.DetectContentTypeByExtension() for content type detection fallback.
  • Expanded the list of known file extensions for content type detection.
• Added testutil.Session(), a new testing utility used to mock the session.Session interface. This implementation is designed to provide a realistic, observable transaction system and help identify incorrect usage.

Release v5.4.3

• Exported the T field of testutil.LogWriter struct. This field not being exported was an oversight.

Release v5.4.2

• Fixed Distinct validation rule not passing for empty arrays.

Release v5.4.1

• The parse middleware is now skipped if the matched route is the special "not found" or "method not allowed" route.

Release v5.4.0

• Added a context.Context field to the validation.Options and validation.Context structures. If not provided, it defaults to context.Background().
• The built-in validation middleware now uses the request context in the validation options.
  • The DB instance used in the validation options by the built-in validation middleware was already injected with the request context. You don't need to update your custom validators.
  • You may want to update places where you are using manual validation. However, those will continue to work exactly like they used to if you don't change anything.

Full Changelog: v5.3.0...v5.4.0