dotweb v1.8.3 Release Notes (#314)

devfeel · AI Assistant · web-flow · commit d5bf65895535 · 2026-03-10T19:00:44.000+08:00
* v1.8.2: feat: migrate Redis client from redigo to go-redis/v9 (#305) * chore: bump version to 1.8.1 🐾 Generated by 小源 (OpenClaw AI Assistant) * ci: add golangci-lint and security scan workflows (#302) * ci: add golangci-lint and security scan workflows - Add .golangci.yml with gradual enablement configuration - Enable basic linters: errcheck, govet, staticcheck, unused, ineffassign, gosimple - Enable gosec for security scanning - Exclude framework design decisions (weak crypto, file paths, etc.) - Exclude test files and example directory - Add .github/workflows/security.yml - govulncheck for dependency vulnerability scanning - gosec for code security scanning - Weekly scheduled scans (every Monday) - continue-on-error for gradual adoption - Remove outdated .github/workflows/go.yml (Go 1.20, duplicate with test.yml) Test: go build ./... ✅, go test ./... ✅, golangci-lint ✅ * fix: upgrade Go version to 1.23 in CI workflows - Update test.yml: use Go 1.23 for coverage upload - Update security.yml: use Go 1.23 for govulncheck This fixes GO-2025-3563 (HTTP request smuggling) vulnerability present in Go 1.22.x standard library. * fix: upgrade Go version to 1.24 to fix govulncheck vulnerabilities - Upgrade security.yml to Go 1.24 - Update test.yml matrix to [1.22, 1.23, 1.24] - Update go.mod to Go 1.22 (minimum version) - Fix 12 Go standard library vulnerabilities: - GO-2026-4341: net/url memory exhaustion - GO-2026-4340: crypto/tls handshake issue - GO-2026-4337: crypto/tls session resumption - GO-2025-4175: crypto/x509 certificate validation - GO-2025-4155: crypto/x509 resource consumption - GO-2025-4013: crypto/x509 DSA public key - GO-2025-4012: net/http cookie parsing - GO-2025-4011: encoding/asn1 memory exhaustion - GO-2025-4010: net/url IPv6 parsing - GO-2025-4009: encoding/pem complexity - GO-2025-4008: crypto/tls ALPN info leak - GO-2025-4007: crypto/x509 name constraints * chore: upgrade Go version requirement to 1.24 - go.mod: Go 1.22 -> Go 1.24 (minimum version requirement) - test.yml: Test matrix [1.24, 1.25, 1.26] - security.yml: Use Go 1.25 for security scan * docs: update Go version requirements in README - Minimum Go version: 1.24+ - Add Go version support table - Add security warning for Go < 1.24 - Update dependency section with Go version info - List 12 known vulnerabilities in Go < 1.24 --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> * feat: migrate Redis client from redigo to go-redis/v9 (#304) * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) Phase 3: Performance testing Phase 4: Documentation and release * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules Notes: - Security Scan uses Go 1.24 (continue-on-error: true) - Go 1.24 has crypto/x509 vulnerabilities, but we keep it for compatibility - Will upgrade to Go 1.26+ in future release This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> * chore: bump version to 1.8.3 (#310) Co-authored-by: AI Assistant <ai@devfeel.io> * fix: use defer Unlock in Incr/Decr to prevent lock leak (#312) * chore: bump version to 1.8.3 * fix: use defer Unlock in Incr/Decr to prevent lock leak (#311) - Add defer ca.Unlock() in Incr() and Decr() functions - Fix potential deadlock when error occurs in type switch - Pass race detection test Co-authored-by: AI Assistant <ai@devfeel.io> --------- Co-authored-by: AI Assistant <ai@devfeel.io> * update to v1.8.3 & fix: use defer Unlock in Incr/Decr to prevent lock leak (#313) * chore: bump version to 1.8.3 * fix: use defer Unlock in Incr/Decr to prevent lock leak (#311) - Add defer ca.Unlock() in Incr() and Decr() functions - Fix potential deadlock when error occurs in type switch - Pass race detection test Co-authored-by: AI Assistant <ai@devfeel.io> --------- Co-authored-by: AI Assistant <ai@devfeel.io> --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> Co-authored-by: AI Assistant <ai@devfeel.io>
diff --git a/cache/runtime/cache_runtime.go b/cache/runtime/cache_runtime.go
@@ -122,6 +122,7 @@ func (ca *RuntimeCache) initValue(key string, value interface{}, ttl int64) erro
 // Incr increase int64 counter in runtime cache.
 func (ca *RuntimeCache) Incr(key string) (int64, error) {
 	ca.Lock()
+	defer ca.Unlock()
 	itemObj, ok := ca.items.Load(key)
 	if !ok {
 		// if not exists, auto set new with 0
@@ -148,15 +149,14 @@ func (ca *RuntimeCache) Incr(key string) (int64, error) {
 		return 0, errors.New("item val is not (u)int (u)int32 (u)int64")
 	}
 
-	ca.Unlock()
-
 	val, _ := strconv.ParseInt(fmt.Sprint(item.value), 10, 64)
 	return val, nil
 }
 
 // Decr decrease counter in runtime cache.
 func (ca *RuntimeCache) Decr(key string) (int64, error) {
 	ca.Lock()
+	defer ca.Unlock()
 	itemObj, ok := ca.items.Load(key)
 	if !ok {
 		// if not exists, auto set new with 0
@@ -194,7 +194,6 @@ func (ca *RuntimeCache) Decr(key string) (int64, error) {
 	default:
 		return 0, errors.New("item val is not int int64 int32")
 	}
-	ca.Unlock()
 
 	val, _ := strconv.ParseInt(fmt.Sprint(item.value), 10, 64)
 	return val, nil
diff --git a/consts.go b/consts.go
@@ -3,7 +3,7 @@ package dotweb
 // Global define
 const (
 	// Version current version
-	Version = "1.8.2"
+	Version = "1.8.3"
 )
 
 // Log define

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ package dotweb`
`3`	`3`	`// Global define`
`4`	`4`	`const (`
`5`	`5`	`// Version current version`
`6`		`- Version = "1.8.2"`
	`6`	`+ Version = "1.8.3"`
`7`	`7`	`)`
`8`	`8`
`9`	`9`	`// Log define`