What's Changed

• chore: bump sub-module celeris dependency v1.3.0 → v1.3.2 by @FumingPower3925 in #222
• feat: v1.3.3 utility & serving middleware — pprof, swagger, static, rewrite, adapters by @FumingPower3925 in #223

Full Changelog: v1.3.2...v1.3.3

New Middleware

Security Fix

• Singleflight cross-user data leakage: The default deduplication key includes Authorization and Cookie request headers, preventing one user's response (PII, session cookies) from being leaked to concurrent users hitting the same endpoint. Custom KeyFunc implementations must incorporate user identity for authenticated endpoints.

Highlights

Singleflight

• Embedded singleflight group (no external dependencies)
• Default key: method + path + sorted query + Authorization + Cookie (identity-aware)
• x-singleflight: HIT header on coalesced responses
• Deep-copy response body + headers for safe fan-out
• Panic/error propagation from leader to all waiters
• 23 tests, 98.8% coverage

Circuit Breaker

• 3-state machine: Closed → Open → HalfOpen → Closed
• Lock-free sliding window (10 atomic time buckets) — 0-alloc closed path
• NewWithBreaker() for programmatic State(), Counts(), Reset()
• Panic-aware: handler panics recorded as failures via defer/recover
• Configurable: threshold, min requests, window size, cooldown, half-open max, custom IsError, OnStateChange callback
• 26 tests, 96.2% coverage

Performance

Under parallel load, celeris circuit breaker (128ns, lock-free atomics) outperforms sony/gobreaker (234ns, mutex-based) by 1.8x.

Other Fixes

• Multi-value header replay: SetResponseHeaders preserves Set-Cookie and other multi-value headers for singleflight waiters
• Leader error propagation: leader now returns the handler error (was discarding via FlushResponse)
• Query param normalization: multi-value query params sorted within each key for deterministic deduplication
• Circuit breaker validation: rejects negative CooldownPeriod, HalfOpenMax < 1, WindowSize < 10ms, MinRequests < 1
• Window CAS retry loop: prevents lost count during bucket rotation
• Breaker.Counts() for observability/Prometheus integration
• Threshold doc corrected from (0,1) to (0,1]

Full Changelog

v1.3.1...v1.3.2

New Middleware

Security Hardening

• Context.Scheme() no longer trusts X-Forwarded-Proto from untrusted clients — only the proxy middleware (which validates against TrustedProxies) can set the scheme override
• Proxy: X-Forwarded-Host validated against CRLF injection, path traversal, and 253-byte DNS limit; X-Real-IP validated with netip.ParseAddr
• Method override: TargetMethods whitelist prevents overriding POST to CONNECT/TRACE/GET
• Negotiate: q=0 correctly treated as "not acceptable" per RFC 9110, including wildcard exclusions
• Redirect: only valid redirect codes (301/302/303/307/308) accepted
• Compress: BREACH attack warning documented

Performance

Core Fixes

• internal/negotiate: case-insensitive matching (RFC 9110), q=0 wildcard exclusion, alloc-free Parse scanner
• Flaky TestAdaptiveAutoSingleWorker stabilized with H1 retry

Cross-Middleware Integration

• Documented ordering: proxy→logger/ratelimit for correct ClientIP
• CSRF ↔ MethodOverride security warning
• Metrics/OTel response-size semantics with compress
• Vary header convention (AddHeader not SetHeader)
• Session + ETag cache interaction

Full Changelog

v1.3.0...v1.3.1

What's Changed

• arch: v1.3.0 — middleware in-tree, review-driven hardening, API additions by @FumingPower3925 in #174

Full Changelog: v1.2.4...v1.3.0

What's Changed

• feat: v1.2.4 deep core-middleware integration by @FumingPower3925 in #163

Full Changelog: v1.2.3...v1.2.4

What's Changed

• feat: v1.2.3 core-middleware integration by @FumingPower3925 in #154
• fix: stabilize TestAdaptiveAutoSingleWorker on single-CPU CI by @FumingPower3925 in #155

Full Changelog: v1.2.2...v1.2.3

What's Changed

• perf: v1.2.2 — core allocation reduction + security + DX by @FumingPower3925 in #147

Full Changelog: v1.2.1...v1.2.2

What's Changed

• chore: remove stale ALGORITHM.md and iouring-probe diagnostic tool by @FumingPower3925 in #138
• feat: add celeristest.WithHandlers for middleware chain testing by @FumingPower3925 in #140

Full Changelog: v1.2.0...v1.2.1

What's Changed

• feat: v1.2.0 middleware completeness (#90–#100) by @FumingPower3925 in #110
• fix: stabilize TestAdaptiveAutoProtocol on slow CI runners by @FumingPower3925 in #111
• docs: update README for v1.2.0, remove performance claims by @FumingPower3925 in #112

Full Changelog: v1.1.0...v1.2.0

What's Changed

• feat: v1.1.0 performance optimizations and io_uring advanced features by @FumingPower3925 in #83
• fix: allow pre-release tags in release workflow by @FumingPower3925 in #84
• deps: bump the all-go-deps group with 2 updates by @dependabot[bot] in #85
• perf: v1.1.0-beta.2 hot path optimizations (P0-P11) by @FumingPower3925 in #86
• fix+perf: io_uring crash fixes and hot path optimizations (v1.1.0-beta.3) by @FumingPower3925 in #87
• perf: v1.1.0-beta.4 engine hot path optimizations by @FumingPower3925 in #89
• perf: v1.1.0-beta.5 deep performance optimizations by @FumingPower3925 in #101
• fix: recover lost recv arm when io_uring SQ ring is full by @FumingPower3925 in #102
• perf: x86 multi-socket optimization + AVX2 SIMD (v1.1.0-beta.6) by @FumingPower3925 in #103
• perf: deep performance optimizations + reusable mage targets (v1.1.0-beta.7) by @FumingPower3925 in #105
• perf: v1.1.0-beta.8 — 10x H2 throughput + profiling infrastructure by @FumingPower3925 in #106
• ci: remove flaky smoke-bench jobs by @FumingPower3925 in #107
• perf: v1.1.0-beta.9 — 3.3M H2 rps, context leak fix, zero-alloc frame fast path by @FumingPower3925 in #108
• fix: reduce buffer ring memory 8x + fix H2 stream leak on connection close by @FumingPower3925 in #109

Full Changelog: v1.0.0...v1.1.0