Merge 8e66616db7f23072b4613cbbb833a919d463611d into 9914178584e42458ff7d23891463a880f58c9d86

fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472 )
* Fix ClientIP calculation by concatenating all RemoteIPHeaders values * test: used http.MethodGet instead constants and fix lints * lint error fixed * Refactor ClientIP X-Forwarded-For tests --------- Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2026-06-11 16:20:37 +08:00 · 2026-01-13 17:29:14 +03:00 · 2026-01-02 10:15:27 +08:00 · 2025-12-27 19:25:17 +08:00 · 2025-12-24 18:35:20 +08:00 · 2025-12-24 18:33:46 +08:00
33 changed files with 1093 additions and 109 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -33,7 +33,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
--- a/.github/workflows/gin.yml
+++ b/.github/workflows/gin.yml
@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up Go
@ -61,11 +61,11 @@ jobs:
          cache: false

      - name: Checkout Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          ref: ${{ github.ref }}

-      - uses: actions/cache@v4
+      - uses: actions/cache@v5
        with:
          path: |
            ${{ matrix.go-build }}
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up Go
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0

--- a/binding/form_mapping.go
+++ b/binding/form_mapping.go
@ -300,6 +300,11 @@ func setByForm(value reflect.Value, field reflect.StructField, form map[string][
 }

 func setWithProperType(val string, value reflect.Value, field reflect.StructField) error {
+	// If it is a string type, no spaces are removed, and the user data is not modified here
+	if value.Kind() != reflect.String {
+		val = strings.TrimSpace(val)
+	}
+
 	switch value.Kind() {
 	case reflect.Int:
 		return setIntField(val, 0, value)
@ -404,6 +409,11 @@ func setTimeField(val string, structField reflect.StructField, value reflect.Val
 		timeFormat = time.RFC3339
 	}

+	if val == "" {
+		value.Set(reflect.ValueOf(time.Time{}))
+		return nil
+	}
+
 	switch tf := strings.ToLower(timeFormat); tf {
 	case "unix", "unixmilli", "unixmicro", "unixnano":
 		tv, err := strconv.ParseInt(val, 10, 64)
@ -427,11 +437,6 @@ func setTimeField(val string, structField reflect.StructField, value reflect.Val
 		return nil
 	}

-	if val == "" {
-		value.Set(reflect.ValueOf(time.Time{}))
-		return nil
-	}
-
 	l := time.Local
 	if isUTC, _ := strconv.ParseBool(structField.Tag.Get("time_utc")); isUTC {
 		l = time.UTC
@ -475,6 +480,10 @@ func setSlice(vals []string, value reflect.Value, field reflect.StructField) err
 }

 func setTimeDuration(val string, value reflect.Value) error {
+	if val == "" {
+		val = "0"
+	}
+
 	d, err := time.ParseDuration(val)
 	if err != nil {
 		return err
--- a/binding/form_mapping_test.go
+++ b/binding/form_mapping_test.go
@ -226,7 +226,35 @@ func TestMappingTime(t *testing.T) {
 	require.Error(t, err)
 }

+type bindTestData struct {
+	need any
+	got  any
+	in   map[string][]string
+}
+
+func TestMappingTimeUnixNano(t *testing.T) {
+	type needFixUnixNanoEmpty struct {
+		CreateTime time.Time `form:"createTime" time_format:"unixNano"`
+	}
+
+	// ok
+	tests := []bindTestData{
+		{need: &needFixUnixNanoEmpty{}, got: &needFixUnixNanoEmpty{}, in: formSource{"createTime": []string{"   "}}},
+		{need: &needFixUnixNanoEmpty{}, got: &needFixUnixNanoEmpty{}, in: formSource{"createTime": []string{}}},
+	}
+
+	for _, v := range tests {
+		err := mapForm(v.got, v.in)
+		require.NoError(t, err)
+		assert.Equal(t, v.need, v.got)
+	}
+}
+
 func TestMappingTimeDuration(t *testing.T) {
+	type needFixDurationEmpty struct {
+		Duration time.Duration `form:"duration"`
+	}
+
 	var s struct {
 		D time.Duration
 	}
@ -236,6 +264,17 @@ func TestMappingTimeDuration(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, 5*time.Second, s.D)

+	// ok
+	tests := []bindTestData{
+		{need: &needFixDurationEmpty{}, got: &needFixDurationEmpty{}, in: formSource{"duration": []string{"   "}}},
+		{need: &needFixDurationEmpty{}, got: &needFixDurationEmpty{}, in: formSource{"duration": []string{}}},
+	}
+
+	for _, v := range tests {
+		err := mapForm(v.got, v.in)
+		require.NoError(t, err)
+		assert.Equal(t, v.need, v.got)
+	}
 	// error
 	err = mappingByPtr(&s, formSource{"D": {"wrong"}}, "form")
 	require.Error(t, err)
--- a/context.go
+++ b/context.go
@ -55,14 +55,6 @@ const ContextRequestKey ContextKeyType = 0
 // abortIndex represents a typical value used in abort functions.
 const abortIndex int8 = math.MaxInt8 >> 1

-// safeInt8 converts int to int8 safely, capping at math.MaxInt8
-func safeInt8(n int) int8 {
-	if n > math.MaxInt8 {
-		return math.MaxInt8
-	}
-	return int8(n)
-}
-
 // Context is the most important part of gin. It allows us to pass variables between middleware,
 // manage the flow, validate the JSON of a request and render a JSON response for example.
 type Context struct {
@ -997,7 +989,8 @@ func (c *Context) ClientIP() string {

 	if trusted && c.engine.ForwardedByClientIP && c.engine.RemoteIPHeaders != nil {
 		for _, headerName := range c.engine.RemoteIPHeaders {
-			ip, valid := c.engine.validateHeader(c.requestHeader(headerName))
+			headerValue := strings.Join(c.Request.Header.Values(headerName), ",")
+			ip, valid := c.engine.validateHeader(headerValue)
 			if valid {
 				return ip
 			}
--- a/context_test.go
+++ b/context_test.go
@ -1143,6 +1143,37 @@ func TestContextRenderNoContentIndentedJSON(t *testing.T) {
 	assert.Equal(t, "application/json; charset=utf-8", w.Header().Get("Content-Type"))
 }

+func TestContextClientIPWithMultipleHeaders(t *testing.T) {
+	c, _ := CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest(http.MethodGet, "/test", nil)
+
+	// Multiple X-Forwarded-For headers
+	c.Request.Header.Add("X-Forwarded-For", "1.2.3.4, "+localhostIP)
+	c.Request.Header.Add("X-Forwarded-For", "5.6.7.8")
+	c.Request.RemoteAddr = localhostIP + ":1234"
+
+	c.engine.ForwardedByClientIP = true
+	c.engine.RemoteIPHeaders = []string{"X-Forwarded-For"}
+	_ = c.engine.SetTrustedProxies([]string{localhostIP})
+
+	// Should return 5.6.7.8 (last non-trusted IP)
+	assert.Equal(t, "5.6.7.8", c.ClientIP())
+}
+
+func TestContextClientIPWithSingleHeader(t *testing.T) {
+	c, _ := CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest(http.MethodGet, "/test", nil)
+	c.Request.Header.Set("X-Forwarded-For", "1.2.3.4, "+localhostIP)
+	c.Request.RemoteAddr = localhostIP + ":1234"
+
+	c.engine.ForwardedByClientIP = true
+	c.engine.RemoteIPHeaders = []string{"X-Forwarded-For"}
+	_ = c.engine.SetTrustedProxies([]string{localhostIP})
+
+	// Should return 1.2.3.4
+	assert.Equal(t, "1.2.3.4", c.ClientIP())
+}
+
 // Tests that the response is serialized as Secure JSON
 // and Content-Type is set to application/json
 func TestContextRenderSecureJSON(t *testing.T) {
@ -1910,7 +1941,7 @@ func TestContextClientIP(t *testing.T) {
 	resetContextForClientIPTests(c)

 	// IPv6 support
-	c.Request.RemoteAddr = "[::1]:12345"
+	c.Request.RemoteAddr = fmt.Sprintf("[%s]:12345", localhostIPv6)
 	assert.Equal(t, "20.20.20.20", c.ClientIP())

 	resetContextForClientIPTests(c)
@ -3212,7 +3243,7 @@ func TestContextCopyShouldNotCancel(t *testing.T) {
 	}()

 	addr := strings.Split(l.Addr().String(), ":")
-	res, err := http.Get(fmt.Sprintf("http://127.0.0.1:%s/", addr[len(addr)-1]))
+	res, err := http.Get(fmt.Sprintf("http://%s:%s/", localhostIP, addr[len(addr)-1]))
 	if err != nil {
 		t.Error(fmt.Errorf("request error: %w", err))
 		return
--- a/debug.go
+++ b/debug.go
@ -13,7 +13,9 @@ import (
 	"sync/atomic"
 )

-const ginSupportMinGoVer = 23
+const ginSupportMinGoVer = 24
+
+var runtimeVersion = runtime.Version()

 // IsDebugging returns true if the framework is running in debug mode.
 // Use SetMode(gin.ReleaseMode) to disable debug mode.
@ -77,7 +79,7 @@ func getMinVer(v string) (uint64, error) {
 }

 func debugPrintWARNINGDefault() {
-	if v, e := getMinVer(runtime.Version()); e == nil && v < ginSupportMinGoVer {
+	if v, e := getMinVer(runtimeVersion); e == nil && v < ginSupportMinGoVer {
 		debugPrint(`[WARNING] Now Gin requires Go 1.24+.

 `)
--- a/debug_test.go
+++ b/debug_test.go
@ -12,7 +12,6 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"runtime"
 	"strings"
 	"sync"
 	"testing"
@ -21,10 +20,6 @@ import (
 	"github.com/stretchr/testify/require"
 )

-// TODO
-// func debugRoute(httpMethod, absolutePath string, handlers HandlersChain) {
-// func debugPrint(format string, values ...any) {
-
 func TestIsDebugging(t *testing.T) {
 	SetMode(DebugMode)
 	assert.True(t, IsDebugging())
@ -48,6 +43,18 @@ func TestDebugPrint(t *testing.T) {
 	assert.Equal(t, "[GIN-debug] these are 2 error messages\n", re)
 }

+func TestDebugPrintFunc(t *testing.T) {
+	DebugPrintFunc = func(format string, values ...any) {
+		fmt.Fprintf(DefaultWriter, "[GIN-debug] "+format, values...)
+	}
+	re := captureOutput(t, func() {
+		SetMode(DebugMode)
+		debugPrint("debug print func test: %d", 123)
+		SetMode(TestMode)
+	})
+	assert.Regexp(t, `^\[GIN-debug\] debug print func test: 123`, re)
+}
+
 func TestDebugPrintError(t *testing.T) {
 	re := captureOutput(t, func() {
 		SetMode(DebugMode)
@ -104,12 +111,17 @@ func TestDebugPrintWARNINGDefault(t *testing.T) {
 		debugPrintWARNINGDefault()
 		SetMode(TestMode)
 	})
-	m, e := getMinVer(runtime.Version())
-	if e == nil && m < ginSupportMinGoVer {
-		assert.Equal(t, "[GIN-debug] [WARNING] Now Gin requires Go 1.24+.\n\n[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
-	} else {
-		assert.Equal(t, "[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
-	}
+	assert.Equal(t, "[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
+}
+
+func TestDebugPrintWARNINGDefaultWithUnsupportedVersion(t *testing.T) {
+	runtimeVersion = "go1.23.12"
+	re := captureOutput(t, func() {
+		SetMode(DebugMode)
+		debugPrintWARNINGDefault()
+		SetMode(TestMode)
+	})
+	assert.Equal(t, "[GIN-debug] [WARNING] Now Gin requires Go 1.24+.\n\n[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
 }

 func TestDebugPrintWARNINGNew(t *testing.T) {
--- a/errorparser/error_parser.go
+++ b/errorparser/error_parser.go
@ -0,0 +1,18 @@
+package errorparser
+
+func ParseBindError(err error) (errs []ParseError, match bool) {
+
+	if errs, ok := parseValidatorError(err); ok {
+		return errs, true
+	}
+
+	if errs, ok := parseJsonDecodeError(err); ok {
+		return errs, true
+	}
+
+	// todo: protobuf
+	// todo: xml
+	// todo: yaml
+
+	return nil, false
+}
--- a/errorparser/error_parser_test.go
+++ b/errorparser/error_parser_test.go
@ -0,0 +1,23 @@
+package errorparser
+
+import (
+	"encoding/json"
+	"fmt"
+	"testing"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParseBindError(t *testing.T) {
+
+	_, ok := ParseBindError(fmt.Errorf("not match"))
+	assert.False(t, ok)
+
+	_, ok = ParseBindError(validator.ValidationErrors([]validator.FieldError{}))
+	assert.True(t, ok)
+
+	_, ok = ParseBindError(&json.SyntaxError{})
+	assert.True(t, ok)
+
+}
--- a/errorparser/json_errors.go
+++ b/errorparser/json_errors.go
@ -0,0 +1,48 @@
+package errorparser
+
+import (
+	"encoding/json"
+)
+
+func parseJsonDecodeError(err error) (errs []ParseError, match bool) {
+
+	if typeErr, ok := err.(*json.UnmarshalTypeError); ok {
+		return parseJsonUnmarshalTypeError(typeErr), true
+	}
+
+	if syntaxErr, ok := err.(*json.SyntaxError); ok {
+		return parseJsonSyntaxError(syntaxErr), true
+	}
+
+	return nil, false
+}
+
+func parseJsonUnmarshalTypeError(err *json.UnmarshalTypeError) (errs []ParseError) {
+
+	errs = []ParseError{}
+
+	item := NewParseError(
+		err.Field,
+		ParseErrorTypeMismatch,
+		err,
+	)
+
+	errs = append(errs, item)
+
+	return errs
+}
+
+func parseJsonSyntaxError(err *json.SyntaxError) (errs []ParseError) {
+
+	errs = []ParseError{}
+
+	item := NewParseError(
+		"",
+		ParseErrorTypeBadInput,
+		err,
+	)
+
+	errs = append(errs, item)
+
+	return errs
+}
--- a/errorparser/json_errors_test.go
+++ b/errorparser/json_errors_test.go
@ -0,0 +1,94 @@
+package errorparser
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/gin-gonic/gin"
+)
+
+func TestParseJsonDecodeError(t *testing.T) {
+
+	_, ok := parseJsonDecodeError(fmt.Errorf("not match"))
+	assert.False(t, ok)
+
+	_, ok = parseJsonDecodeError(&json.UnmarshalTypeError{})
+	assert.True(t, ok)
+
+	_, ok = parseJsonDecodeError(&json.SyntaxError{})
+	assert.True(t, ok)
+
+}
+
+func TestParseJsonUnmarshalTypeError(t *testing.T) {
+
+	jsonData := `{
+		"text": "text",
+		"count": "1"
+	}`
+
+	rbody := bytes.NewReader([]byte(jsonData))
+
+	c, _ := gin.CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest("POST", "/", rbody)
+	c.Request.Header.Add("Content-Type", gin.MIMEJSON)
+
+	var obj struct {
+		Text  string `json:"text"`
+		Count int    `json:"count"`
+	}
+
+	err := c.Bind(&obj)
+	require.Error(t, err)
+
+	typeErr, ok := err.(*json.UnmarshalTypeError)
+	require.True(t, ok)
+
+	parseErrs := parseJsonUnmarshalTypeError(typeErr)
+	require.Equal(t, len(parseErrs), 1)
+
+	assert.Equal(t, parseErrs[0].ParamName, "count")
+	assert.Equal(t, parseErrs[0].ErrorType, ParseErrorTypeMismatch)
+	assert.Equal(t, parseErrs[0].InitialError, err)
+
+}
+
+func TestParseJsonSyntaxError(t *testing.T) {
+
+	jsonData := `{
+		"text": "text"
+		"count": 1
+	}`
+
+	rbody := bytes.NewReader([]byte(jsonData))
+
+	c, _ := gin.CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest("POST", "/", rbody)
+	c.Request.Header.Add("Content-Type", gin.MIMEJSON)
+
+	var obj struct {
+		Text  string `json:"text"`
+		Count int    `json:"count"`
+	}
+
+	err := c.Bind(&obj)
+	require.Error(t, err)
+
+	typeErr, ok := err.(*json.SyntaxError)
+	require.True(t, ok)
+
+	parseErrs := parseJsonSyntaxError(typeErr)
+	require.Equal(t, len(parseErrs), 1)
+
+	assert.Equal(t, parseErrs[0].ParamName, "")
+	assert.Equal(t, parseErrs[0].ErrorType, ParseErrorTypeBadInput)
+	assert.Equal(t, parseErrs[0].InitialError, err)
+
+}
--- a/errorparser/parse_error.go
+++ b/errorparser/parse_error.go
@ -0,0 +1,28 @@
+package errorparser
+
+type ParseError struct {
+	ParamName    string
+	ErrorType    ParseErrorType
+	InitialError error
+}
+
+func NewParseError(
+	paramName string,
+	errorType ParseErrorType,
+	initialError error,
+) ParseError {
+	return ParseError{
+		ParamName:    paramName,
+		ErrorType:    errorType,
+		InitialError: initialError,
+	}
+}
+
+type ParseErrorType string
+
+const (
+	ParseErrorTypeNone       ParseErrorType = ""
+	ParseErrorTypeBadInput   ParseErrorType = "bad_input"
+	ParseErrorTypeMismatch   ParseErrorType = "type_mismatch"
+	ParseErrorTypeValidation ParseErrorType = "validation"
+)
--- a/errorparser/validation_errors.go
+++ b/errorparser/validation_errors.go
@ -0,0 +1,27 @@
+package errorparser
+
+import (
+	"github.com/go-playground/validator/v10"
+)
+
+func parseValidatorError(err error) (errs []ParseError, match bool) {
+	if vErr, ok := err.(validator.ValidationErrors); ok {
+		return parseValidatorValidationErrors(vErr), true
+	}
+	return nil, false
+}
+
+func parseValidatorValidationErrors(vErr validator.ValidationErrors) (errs []ParseError) {
+	fErrs := []validator.FieldError(vErr)
+	errs = make([]ParseError, 0, len(fErrs))
+	for _, fErr := range fErrs {
+		item := NewParseError(
+			fErr.Field(),
+			ParseErrorTypeValidation,
+			fErr,
+		)
+
+		errs = append(errs, item)
+	}
+	return errs
+}
--- a/errorparser/validation_errors_test.go
+++ b/errorparser/validation_errors_test.go
@ -0,0 +1,61 @@
+package errorparser
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/gin-gonic/gin"
+)
+
+func TestParseValidatorError(t *testing.T) {
+
+	_, ok := parseValidatorError(fmt.Errorf("not match"))
+	assert.False(t, ok)
+
+	_, ok = parseValidatorError(validator.ValidationErrors{})
+	assert.True(t, ok)
+
+}
+
+func TestParseValidatorValidationErrors(t *testing.T) {
+
+	jsonData := `{
+		"text": "",
+		"count": 1
+	}`
+
+	rbody := bytes.NewReader([]byte(jsonData))
+
+	c, _ := gin.CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest("POST", "/", rbody)
+	c.Request.Header.Add("Content-Type", gin.MIMEJSON)
+
+	var obj struct {
+		Text  string `json:"text" binding:"required"`
+		Count int    `json:"count"`
+	}
+
+	err := c.Bind(&obj)
+	require.Error(t, err)
+
+	vErr, ok := err.(validator.ValidationErrors)
+	require.True(t, ok)
+
+	fErrs := []validator.FieldError(vErr)
+	require.Equal(t, len(fErrs), 1)
+
+	parseErrs := parseValidatorValidationErrors(vErr)
+	require.Equal(t, len(parseErrs), 1)
+
+	assert.Equal(t, parseErrs[0].ParamName, fErrs[0].Field())
+	assert.Equal(t, parseErrs[0].ErrorType, ParseErrorTypeValidation)
+	assert.Equal(t, parseErrs[0].InitialError, fErrs[0])
+
+}
--- a/gin.go
+++ b/gin.go
@ -11,7 +11,6 @@ import (
 	"net/http"
 	"os"
 	"path"
-	"regexp"
 	"strings"
 	"sync"

@ -48,11 +47,6 @@ var defaultTrustedCIDRs = []*net.IPNet{
 	},
 }

-var (
-	regSafePrefix         = regexp.MustCompile("[^a-zA-Z0-9/-]+")
-	regRemoveRepeatedChar = regexp.MustCompile("/{2,}")
-)
-
 // HandlerFunc defines the handler used by gin middleware as return value.
 type HandlerFunc func(*Context)

@ -141,10 +135,16 @@ type Engine struct {
 	AppEngine bool

 	// UseRawPath if enabled, the url.RawPath will be used to find parameters.
+	// The RawPath is only a hint, EscapedPath() should be use instead. (https://pkg.go.dev/net/url@master#URL)
+	// Only use RawPath if you know what you are doing.
 	UseRawPath bool

+	// UseEscapedPath if enable, the url.EscapedPath() will be used to find parameters
+	// It overrides UseRawPath
+	UseEscapedPath bool
+
 	// UnescapePathValues if true, the path value will be unescaped.
-	// If UseRawPath is false (by default), the UnescapePathValues effectively is true,
+	// If UseRawPath and UseEscapedPath are false (by default), the UnescapePathValues effectively is true,
 	// as url.Path gonna be used, which is already unescaped.
 	UnescapePathValues bool

@ -197,6 +197,7 @@ var _ IRouter = (*Engine)(nil)
 // - HandleMethodNotAllowed: false
 // - ForwardedByClientIP:    true
 // - UseRawPath:             false
+// - UseEscapedPath: 		 false
 // - UnescapePathValues:     true
 func New(opts ...OptionFunc) *Engine {
 	debugPrintWARNINGNew()
@ -214,6 +215,7 @@ func New(opts ...OptionFunc) *Engine {
 		RemoteIPHeaders:        []string{"X-Forwarded-For", "X-Real-IP"},
 		TrustedPlatform:        defaultPlatform,
 		UseRawPath:             false,
+		UseEscapedPath:         false,
 		RemoveExtraSlash:       false,
 		UnescapePathValues:     true,
 		MaxMultipartMemory:     defaultMultipartMemory,
@ -689,7 +691,11 @@ func (engine *Engine) handleHTTPRequest(c *Context) {
 	httpMethod := c.Request.Method
 	rPath := c.Request.URL.Path
 	unescape := false
-	if engine.UseRawPath && len(c.Request.URL.RawPath) > 0 {
+
+	if engine.UseEscapedPath {
+		rPath = c.Request.URL.EscapedPath()
+		unescape = engine.UnescapePathValues
+	} else if engine.UseRawPath && len(c.Request.URL.RawPath) > 0 {
 		rPath = c.Request.URL.RawPath
 		unescape = engine.UnescapePathValues
 	}
@ -776,8 +782,8 @@ func redirectTrailingSlash(c *Context) {
 	req := c.Request
 	p := req.URL.Path
 	if prefix := path.Clean(c.Request.Header.Get("X-Forwarded-Prefix")); prefix != "." {
-		prefix = regSafePrefix.ReplaceAllString(prefix, "")
-		prefix = regRemoveRepeatedChar.ReplaceAllString(prefix, "/")
+		prefix = sanitizePathChars(prefix)
+		prefix = removeRepeatedChar(prefix, '/')

 		p = prefix + "/" + req.URL.Path
 	}
@ -788,6 +794,17 @@ func redirectTrailingSlash(c *Context) {
 	redirectRequest(c)
 }

+// sanitizePathChars removes unsafe characters from path strings,
+// keeping only ASCII letters, ASCII numbers, forward slashes, and hyphens.
+func sanitizePathChars(s string) string {
+	return strings.Map(func(r rune) rune {
+		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '/' || r == '-' {
+			return r
+		}
+		return -1
+	}, s)
+}
+
 func redirectFixedPath(c *Context, root *node, trailingSlash bool) bool {
 	req := c.Request
 	rPath := req.URL.Path
--- a/ginS/gins_test.go
+++ b/ginS/gins_test.go
@ -0,0 +1,246 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package ginS
+
+import (
+	"html/template"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+)
+
+func init() {
+	gin.SetMode(gin.TestMode)
+}
+
+func TestGET(t *testing.T) {
+	GET("/test", func(c *gin.Context) {
+		c.String(http.StatusOK, "test")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/test", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "test", w.Body.String())
+}
+
+func TestPOST(t *testing.T) {
+	POST("/post", func(c *gin.Context) {
+		c.String(http.StatusCreated, "created")
+	})
+
+	req := httptest.NewRequest(http.MethodPost, "/post", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusCreated, w.Code)
+	assert.Equal(t, "created", w.Body.String())
+}
+
+func TestPUT(t *testing.T) {
+	PUT("/put", func(c *gin.Context) {
+		c.String(http.StatusOK, "updated")
+	})
+
+	req := httptest.NewRequest(http.MethodPut, "/put", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "updated", w.Body.String())
+}
+
+func TestDELETE(t *testing.T) {
+	DELETE("/delete", func(c *gin.Context) {
+		c.String(http.StatusOK, "deleted")
+	})
+
+	req := httptest.NewRequest(http.MethodDelete, "/delete", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "deleted", w.Body.String())
+}
+
+func TestPATCH(t *testing.T) {
+	PATCH("/patch", func(c *gin.Context) {
+		c.String(http.StatusOK, "patched")
+	})
+
+	req := httptest.NewRequest(http.MethodPatch, "/patch", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "patched", w.Body.String())
+}
+
+func TestOPTIONS(t *testing.T) {
+	OPTIONS("/options", func(c *gin.Context) {
+		c.String(http.StatusOK, "options")
+	})
+
+	req := httptest.NewRequest(http.MethodOptions, "/options", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "options", w.Body.String())
+}
+
+func TestHEAD(t *testing.T) {
+	HEAD("/head", func(c *gin.Context) {
+		c.String(http.StatusOK, "head")
+	})
+
+	req := httptest.NewRequest(http.MethodHead, "/head", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestAny(t *testing.T) {
+	Any("/any", func(c *gin.Context) {
+		c.String(http.StatusOK, "any")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/any", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "any", w.Body.String())
+}
+
+func TestHandle(t *testing.T) {
+	Handle(http.MethodGet, "/handle", func(c *gin.Context) {
+		c.String(http.StatusOK, "handle")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/handle", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "handle", w.Body.String())
+}
+
+func TestGroup(t *testing.T) {
+	group := Group("/group")
+	group.GET("/test", func(c *gin.Context) {
+		c.String(http.StatusOK, "group test")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/group/test", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "group test", w.Body.String())
+}
+
+func TestUse(t *testing.T) {
+	var middlewareExecuted bool
+	Use(func(c *gin.Context) {
+		middlewareExecuted = true
+		c.Next()
+	})
+
+	GET("/middleware-test", func(c *gin.Context) {
+		c.String(http.StatusOK, "ok")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/middleware-test", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.True(t, middlewareExecuted)
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestNoRoute(t *testing.T) {
+	NoRoute(func(c *gin.Context) {
+		c.String(http.StatusNotFound, "custom 404")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusNotFound, w.Code)
+	assert.Equal(t, "custom 404", w.Body.String())
+}
+
+func TestNoMethod(t *testing.T) {
+	NoMethod(func(c *gin.Context) {
+		c.String(http.StatusMethodNotAllowed, "method not allowed")
+	})
+
+	// This just verifies that NoMethod is callable
+	// Testing the actual behavior would require a separate engine instance
+	assert.NotNil(t, engine())
+}
+
+func TestRoutes(t *testing.T) {
+	GET("/routes-test", func(c *gin.Context) {})
+
+	routes := Routes()
+	assert.NotEmpty(t, routes)
+
+	found := false
+	for _, route := range routes {
+		if route.Path == "/routes-test" && route.Method == http.MethodGet {
+			found = true
+			break
+		}
+	}
+	assert.True(t, found)
+}
+
+func TestSetHTMLTemplate(t *testing.T) {
+	tmpl := template.Must(template.New("test").Parse("Hello {{.}}"))
+	SetHTMLTemplate(tmpl)
+
+	// Verify engine has template set
+	assert.NotNil(t, engine())
+}
+
+func TestStaticFile(t *testing.T) {
+	StaticFile("/static-file", "../testdata/test_file.txt")
+
+	req := httptest.NewRequest(http.MethodGet, "/static-file", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestStatic(t *testing.T) {
+	Static("/static-dir", "../testdata")
+
+	req := httptest.NewRequest(http.MethodGet, "/static-dir/test_file.txt", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestStaticFS(t *testing.T) {
+	fs := http.Dir("../testdata")
+	StaticFS("/static-fs", fs)
+
+	req := httptest.NewRequest(http.MethodGet, "/static-fs/test_file.txt", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
--- a/gin_integration_test.go
+++ b/gin_integration_test.go
@ -70,9 +70,10 @@ func TestRunEmpty(t *testing.T) {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.Run())
 	}()
-	// have to wait for the goroutine to start and run the server
-	// otherwise the main thread will complete
-	time.Sleep(5 * time.Millisecond)
+
+	// Wait for server to be ready with exponential backoff
+	err := waitForServerReady("http://localhost:8080/example", 10)
+	require.NoError(t, err, "server should start successfully")

 	require.Error(t, router.Run(":8080"))
 	testRequest(t, "http://localhost:8080/example")
@ -213,9 +214,10 @@ func TestRunEmptyWithEnv(t *testing.T) {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.Run())
 	}()
-	// have to wait for the goroutine to start and run the server
-	// otherwise the main thread will complete
-	time.Sleep(5 * time.Millisecond)
+
+	// Wait for server to be ready with exponential backoff
+	err := waitForServerReady("http://localhost:3123/example", 10)
+	require.NoError(t, err, "server should start successfully")

 	require.Error(t, router.Run(":3123"))
 	testRequest(t, "http://localhost:3123/example")
@ -234,9 +236,10 @@ func TestRunWithPort(t *testing.T) {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.Run(":5150"))
 	}()
-	// have to wait for the goroutine to start and run the server
-	// otherwise the main thread will complete
-	time.Sleep(5 * time.Millisecond)
+
+	// Wait for server to be ready with exponential backoff
+	err := waitForServerReady("http://localhost:5150/example", 10)
+	require.NoError(t, err, "server should start successfully")

 	require.Error(t, router.Run(":5150"))
 	testRequest(t, "http://localhost:5150/example")
--- a/gin_test.go
+++ b/gin_test.go
@ -83,7 +83,7 @@ func TestLoadHTMLGlobDebugMode(t *testing.T) {
 }

 func TestH2c(t *testing.T) {
-	ln, err := net.Listen("tcp", "127.0.0.1:0")
+	ln, err := net.Listen("tcp", localhostIP+":0")
 	if err != nil {
 		t.Error(err)
 	}
@ -545,6 +545,29 @@ func TestNoMethodWithoutGlobalHandlers(t *testing.T) {
 }

 func TestRebuild404Handlers(t *testing.T) {
+	var middleware0 HandlerFunc = func(c *Context) {}
+	var middleware1 HandlerFunc = func(c *Context) {}
+
+	router := New()
+
+	// Initially, allNoRoute should be nil
+	assert.Nil(t, router.allNoRoute)
+
+	// Set NoRoute handlers
+	router.NoRoute(middleware0)
+	assert.Len(t, router.allNoRoute, 1)
+	assert.Len(t, router.noRoute, 1)
+	compareFunc(t, router.allNoRoute[0], middleware0)
+
+	// Add Use middleware should trigger rebuild404Handlers
+	router.Use(middleware1)
+	assert.Len(t, router.allNoRoute, 2)
+	assert.Len(t, router.Handlers, 1)
+	assert.Len(t, router.noRoute, 1)
+
+	// Global middleware should come first
+	compareFunc(t, router.allNoRoute[0], middleware1)
+	compareFunc(t, router.allNoRoute[1], middleware0)
 }

 func TestNoMethodWithGlobalHandlers(t *testing.T) {
@ -720,6 +743,55 @@ func TestEngineHandleContextPreventsMiddlewareReEntry(t *testing.T) {
 	assert.Equal(t, int64(1), handlerCounterV2)
 }

+func TestEngineHandleContextUseEscapedPathPercentEncoded(t *testing.T) {
+	r := New()
+	r.UseEscapedPath = true
+	r.UnescapePathValues = false
+
+	r.GET("/v1/:path", func(c *Context) {
+		// Path is Escaped, the %25 is not interpreted as %
+		assert.Equal(t, "foo%252Fbar", c.Param("path"))
+		c.Status(http.StatusOK)
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/v1/foo%252Fbar", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+}
+
+func TestEngineHandleContextUseRawPathPercentEncoded(t *testing.T) {
+	r := New()
+	r.UseRawPath = true
+	r.UnescapePathValues = false
+
+	r.GET("/v1/:path", func(c *Context) {
+		// Path is used, the %25 is interpreted as %
+		assert.Equal(t, "foo%2Fbar", c.Param("path"))
+		c.Status(http.StatusOK)
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/v1/foo%252Fbar", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+}
+
+func TestEngineHandleContextUseEscapedPathOverride(t *testing.T) {
+	r := New()
+	r.UseEscapedPath = true
+	r.UseRawPath = true
+	r.UnescapePathValues = false
+
+	r.GET("/v1/:path", func(c *Context) {
+		assert.Equal(t, "foo%25bar", c.Param("path"))
+		c.Status(http.StatusOK)
+	})
+
+	assert.NotPanics(t, func() {
+		w := PerformRequest(r, http.MethodGet, "/v1/foo%25bar")
+		assert.Equal(t, 200, w.Code)
+	})
+}
+
 func TestPrepareTrustedCIRDsWith(t *testing.T) {
 	r := New()

--- a/go.mod
+++ b/go.mod
@ -7,12 +7,12 @@ require (
 	github.com/gin-contrib/sse v1.1.0
 	github.com/go-playground/validator/v10 v10.28.0
 	github.com/goccy/go-json v0.10.2
-	github.com/goccy/go-yaml v1.18.0
+	github.com/goccy/go-yaml v1.19.0
 	github.com/json-iterator/go v1.1.12
 	github.com/mattn/go-isatty v0.0.20
 	github.com/modern-go/reflect2 v1.0.2
 	github.com/pelletier/go-toml/v2 v2.2.4
-	github.com/quic-go/quic-go v0.56.0
+	github.com/quic-go/quic-go v0.57.1
 	github.com/stretchr/testify v1.11.1
 	github.com/ugorji/go/codec v1.3.1
 	golang.org/x/net v0.47.0
@ -32,10 +32,10 @@ require (
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	golang.org/x/arch v0.20.0 // indirect
-	golang.org/x/crypto v0.44.0 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -24,8 +24,8 @@ github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0
 github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
-github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.19.0 h1:EmkZ9RIsX+Uq4DYFowegAuJo8+xdX3T/2dwNPXbxEYE=
+github.com/goccy/go-yaml v1.19.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@ -49,10 +49,10 @@ github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
-github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
-github.com/quic-go/quic-go v0.56.0 h1:q/TW+OLismmXAehgFLczhCDTYB3bFmua4D9lsNBWxvY=
-github.com/quic-go/quic-go v0.56.0/go.mod h1:9gx5KsFQtw2oZ6GZTyh+7YEvOxWCL9WZAepnHxgAo6c=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI10=
+github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -74,8 +74,8 @@ go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
 go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
 golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
-golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU=
-golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
 golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
--- a/internal/bytesconv/bytesconv_test.go
+++ b/internal/bytesconv/bytesconv_test.go
@ -41,6 +41,15 @@ func TestBytesToString(t *testing.T) {
 	}
 }

+func TestBytesToStringEmpty(t *testing.T) {
+	if got := BytesToString([]byte{}); got != "" {
+		t.Fatalf("BytesToString([]byte{}) = %q; want empty string", got)
+	}
+	if got := BytesToString(nil); got != "" {
+		t.Fatalf("BytesToString(nil) = %q; want empty string", got)
+	}
+}
+
 const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 const (
 	letterIdxBits = 6                    // 6 bits to represent a letter index
@ -78,6 +87,16 @@ func TestStringToBytes(t *testing.T) {
 	}
 }

+func TestStringToBytesEmpty(t *testing.T) {
+	b := StringToBytes("")
+	if len(b) != 0 {
+		t.Fatalf(`StringToBytes("") length = %d; want 0`, len(b))
+	}
+	if !bytes.Equal(b, []byte("")) {
+		t.Fatalf(`StringToBytes("") = %v; want []byte("")`, b)
+	}
+}
+
 // go test -v -run=none -bench=^BenchmarkBytesConv -benchmem=true

 func BenchmarkBytesConvBytesToStrRaw(b *testing.B) {
--- a/path.go
+++ b/path.go
@ -5,6 +5,8 @@

 package gin

+const stackBufSize = 128
+
 // cleanPath is the URL version of path.Clean, it returns a canonical URL path
 // for p, eliminating . and .. elements.
 //
@ -19,7 +21,6 @@ package gin
 //
 // If the result of this process is an empty string, "/" is returned.
 func cleanPath(p string) string {
-	const stackBufSize = 128
 	// Turn empty string into "/"
 	if p == "" {
 		return "/"
@ -148,3 +149,55 @@ func bufApp(buf *[]byte, s string, w int, c byte) {
 	}
 	b[w] = c
 }
+
+// removeRepeatedChar removes multiple consecutive 'char's from a string.
+// if s == "/a//b///c////" && char == '/', it returns "/a/b/c/"
+func removeRepeatedChar(s string, char byte) string {
+	// Check if there are any consecutive chars
+	hasRepeatedChar := false
+	for i := 1; i < len(s); i++ {
+		if s[i] == char && s[i-1] == char {
+			hasRepeatedChar = true
+			break
+		}
+	}
+	if !hasRepeatedChar {
+		return s
+	}
+
+	// Reasonably sized buffer on stack to avoid allocations in the common case.
+	buf := make([]byte, 0, stackBufSize)
+
+	// Invariants:
+	//      reading from s; r is index of next byte to process.
+	//      writing to buf; w is index of next byte to write.
+	r := 0
+	w := 0
+
+	for n := len(s); r < n; {
+		if s[r] == char {
+			// Write the first char
+			bufApp(&buf, s, w, char)
+			w++
+			r++
+
+			// Skip all consecutive chars
+			for r < n && s[r] == char {
+				r++
+			}
+		} else {
+			// Copy non-char character
+			bufApp(&buf, s, w, s[r])
+			w++
+			r++
+		}
+	}
+
+	// If the original string was not modified (or only shortened at the end),
+	// return the respective substring of the original string.
+	// Otherwise, return a new string from the buffer.
+	if len(buf) == 0 {
+		return s[:w]
+	}
+	return string(buf[:w])
+}
--- a/path_test.go
+++ b/path_test.go
@ -143,3 +143,50 @@ func BenchmarkPathCleanLong(b *testing.B) {
 		}
 	}
 }
+
+func TestRemoveRepeatedChar(t *testing.T) {
+	testCases := []struct {
+		name string
+		str  string
+		char byte
+		want string
+	}{
+		{
+			name: "empty",
+			str:  "",
+			char: 'a',
+			want: "",
+		},
+		{
+			name: "noSlash",
+			str:  "abc",
+			char: ',',
+			want: "abc",
+		},
+		{
+			name: "withSlash",
+			str:  "/a/b/c/",
+			char: '/',
+			want: "/a/b/c/",
+		},
+		{
+			name: "withRepeatedSlashes",
+			str:  "/a//b///c////",
+			char: '/',
+			want: "/a/b/c/",
+		},
+		{
+			name: "threeSlashes",
+			str:  "///",
+			char: '/',
+			want: "/",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			res := removeRepeatedChar(tc.str, tc.char)
+			assert.Equal(t, tc.want, res)
+		})
+	}
+}
--- a/recovery.go
+++ b/recovery.go
@ -5,7 +5,9 @@
 package gin

 import (
+	"bufio"
 	"bytes"
+	"cmp"
 	"errors"
 	"fmt"
 	"io"
@ -21,9 +23,10 @@ import (
 	"github.com/gin-gonic/gin/internal/bytesconv"
 )

-const dunno = "???"
-
-var dunnoBytes = []byte(dunno)
+const (
+	dunno     = "???"
+	stackSkip = 3
+)

 // RecoveryFunc defines the function passable to CustomRecovery.
 type RecoveryFunc func(c *Context, err any)
@ -68,8 +71,10 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 						}
 					}
 				}
+				if e, ok := err.(error); ok && errors.Is(e, http.ErrAbortHandler) {
+					brokenPipe = true
+				}
 				if logger != nil {
-					const stackSkip = 3
 					if brokenPipe {
 						logger.Printf("%s\n%s%s", err, secureRequestDump(c.Request), reset)
 					} else if IsDebugging() {
@ -117,8 +122,11 @@ func stack(skip int) []byte {
 	buf := new(bytes.Buffer) // the returned data
 	// As we loop, we open files and read them. These variables record the currently
 	// loaded file.
-	var lines [][]byte
-	var lastFile string
+	var (
+		nLine    string
+		lastFile string
+		err      error
+	)
 	for i := skip; ; i++ { // Skip the expected number of frames
 		pc, file, line, ok := runtime.Caller(i)
 		if !ok {
@ -127,25 +135,44 @@ func stack(skip int) []byte {
 		// Print this much at least.  If we can't find the source, it won't show.
 		fmt.Fprintf(buf, "%s:%d (0x%x)\n", file, line, pc)
 		if file != lastFile {
-			data, err := os.ReadFile(file)
+			nLine, err = readNthLine(file, line-1)
 			if err != nil {
 				continue
 			}
-			lines = bytes.Split(data, []byte{'\n'})
 			lastFile = file
 		}
-		fmt.Fprintf(buf, "\t%s: %s\n", function(pc), source(lines, line))
+		fmt.Fprintf(buf, "\t%s: %s\n", function(pc), cmp.Or(nLine, dunno))
 	}
 	return buf.Bytes()
 }

-// source returns a space-trimmed slice of the n'th line.
-func source(lines [][]byte, n int) []byte {
-	n-- // in stack trace, lines are 1-indexed but our array is 0-indexed
-	if n < 0 || n >= len(lines) {
-		return dunnoBytes
+// readNthLine reads the nth line from the file.
+// It returns the trimmed content of the line if found,
+// or an empty string if the line doesn't exist.
+// If there's an error opening the file, it returns the error.
+func readNthLine(file string, n int) (string, error) {
+	if n < 0 {
+		return "", nil
 	}
-	return bytes.TrimSpace(lines[n])
+
+	f, err := os.Open(file)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for i := 0; i < n; i++ {
+		if !scanner.Scan() {
+			return "", nil
+		}
+	}
+
+	if scanner.Scan() {
+		return strings.TrimSpace(scanner.Text()), nil
+	}
+
+	return "", nil
 }

 // function returns, if possible, the name of the function containing the PC.
--- a/recovery_test.go
+++ b/recovery_test.go
@ -88,21 +88,6 @@ func TestPanicWithAbort(t *testing.T) {
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 }

-func TestSource(t *testing.T) {
-	bs := source(nil, 0)
-	assert.Equal(t, dunnoBytes, bs)
-
-	in := [][]byte{
-		[]byte("Hello world."),
-		[]byte("Hi, gin.."),
-	}
-	bs = source(in, 10)
-	assert.Equal(t, dunnoBytes, bs)
-
-	bs = source(in, 1)
-	assert.Equal(t, []byte("Hello world."), bs)
-}
-
 func TestFunction(t *testing.T) {
 	bs := function(1)
 	assert.Equal(t, dunno, bs)
@ -142,6 +127,30 @@ func TestPanicWithBrokenPipe(t *testing.T) {
 	}
 }

+// TestPanicWithAbortHandler asserts that recovery handles http.ErrAbortHandler as broken pipe
+func TestPanicWithAbortHandler(t *testing.T) {
+	const expectCode = 204
+
+	var buf strings.Builder
+	router := New()
+	router.Use(RecoveryWithWriter(&buf))
+	router.GET("/recovery", func(c *Context) {
+		// Start writing response
+		c.Header("X-Test", "Value")
+		c.Status(expectCode)
+
+		// Panic with ErrAbortHandler which should be treated as broken pipe
+		panic(http.ErrAbortHandler)
+	})
+	// RUN
+	w := PerformRequest(router, http.MethodGet, "/recovery")
+	// TEST
+	assert.Equal(t, expectCode, w.Code)
+	out := buf.String()
+	assert.Contains(t, out, "net/http: abort Handler")
+	assert.NotContains(t, out, "panic recovered")
+}
+
 func TestCustomRecoveryWithWriter(t *testing.T) {
 	errBuffer := new(strings.Builder)
 	buffer := new(strings.Builder)
@ -307,3 +316,53 @@ func TestSecureRequestDump(t *testing.T) {
 		})
 	}
 }
+
+// TestReadNthLine tests the readNthLine function with various scenarios.
+func TestReadNthLine(t *testing.T) {
+	// Create a temporary test file
+	testContent := "line 0 \n line 1  \nline 2 \nline 3  \nline 4"
+	tempFile, err := os.CreateTemp("", "testfile*.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(tempFile.Name())
+
+	// Write test content to the temporary file
+	if _, err := tempFile.WriteString(testContent); err != nil {
+		t.Fatal(err)
+	}
+	if err := tempFile.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Test cases
+	tests := []struct {
+		name     string
+		lineNum  int
+		fileName string
+		want     string
+		wantErr  bool
+	}{
+		{name: "Read first line", lineNum: 0, fileName: tempFile.Name(), want: "line 0", wantErr: false},
+		{name: "Read middle line", lineNum: 2, fileName: tempFile.Name(), want: "line 2", wantErr: false},
+		{name: "Read last line", lineNum: 4, fileName: tempFile.Name(), want: "line 4", wantErr: false},
+		{name: "Line number exceeds file length", lineNum: 10, fileName: tempFile.Name(), want: "", wantErr: false},
+		{name: "Negative line number", lineNum: -1, fileName: tempFile.Name(), want: "", wantErr: false},
+		{name: "Non-existent file", lineNum: 1, fileName: "/non/existent/file.txt", want: "", wantErr: true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := readNthLine(tt.fileName, tt.lineNum)
+			assert.Equal(t, tt.wantErr, err != nil)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func BenchmarkStack(b *testing.B) {
+	b.ReportAllocs()
+	for b.Loop() {
+		_ = stack(stackSkip)
+	}
+}
--- a/response_writer.go
+++ b/response_writer.go
@ -128,7 +128,9 @@ func (w *responseWriter) CloseNotify() <-chan bool {
 // Flush implements the http.Flusher interface.
 func (w *responseWriter) Flush() {
 	w.WriteHeaderNow()
-	w.ResponseWriter.(http.Flusher).Flush()
+	if f, ok := w.ResponseWriter.(http.Flusher); ok {
+		f.Flush()
+	}
 }

 func (w *responseWriter) Pusher() (pusher http.Pusher) {
--- a/test_helpers.go
+++ b/test_helpers.go
@ -4,7 +4,11 @@

 package gin

-import "net/http"
+import (
+	"fmt"
+	"net/http"
+	"time"
+)

 // CreateTestContext returns a fresh Engine and a Context associated with it.
 // This is useful for tests that need to set up a new Gin engine instance
@ -29,3 +33,28 @@ func CreateTestContextOnly(w http.ResponseWriter, r *Engine) (c *Context) {
 	c.writermem.reset(w)
 	return
 }
+
+// waitForServerReady waits for a server to be ready by making HTTP requests
+// with exponential backoff. This is more reliable than time.Sleep() for testing.
+func waitForServerReady(url string, maxAttempts int) error {
+	client := &http.Client{
+		Timeout: 100 * time.Millisecond,
+	}
+
+	for i := 0; i < maxAttempts; i++ {
+		resp, err := client.Get(url)
+		if err == nil {
+			resp.Body.Close()
+			return nil
+		}
+
+		// Exponential backoff: 10ms, 20ms, 40ms, 80ms, 160ms...
+		backoff := time.Duration(10*(1<<uint(i))) * time.Millisecond
+		if backoff > 500*time.Millisecond {
+			backoff = 500 * time.Millisecond
+		}
+		time.Sleep(backoff)
+	}
+
+	return fmt.Errorf("server at %s did not become ready after %d attempts", url, maxAttempts)
+}
--- a/tree.go
+++ b/tree.go
@ -5,7 +5,6 @@
 package gin

 import (
-	"math"
 	"net/url"
 	"strings"
 	"unicode"
@ -78,14 +77,6 @@ func (n *node) addChild(child *node) {
 	}
 }

-// safeUint16 converts int to uint16 safely, capping at math.MaxUint16
-func safeUint16(n int) uint16 {
-	if n > math.MaxUint16 {
-		return math.MaxUint16
-	}
-	return uint16(n)
-}
-
 func countParams(path string) uint16 {
 	colons := strings.Count(path, ":")
 	stars := strings.Count(path, "*")
--- a/utils.go
+++ b/utils.go
@ -6,6 +6,7 @@ package gin

 import (
 	"encoding/xml"
+	"math"
 	"net/http"
 	"os"
 	"path"
@ -18,6 +19,12 @@ import (
 // BindKey indicates a default bind key.
 const BindKey = "_gin-gonic/gin/bindkey"

+// localhostIP indicates the default localhost IP address.
+const localhostIP = "127.0.0.1"
+
+// localhostIPv6 indicates the default localhost IPv6 address.
+const localhostIPv6 = "::1"
+
 // Bind is a helper function for given interface object and returns a Gin middleware.
 func Bind(val any) HandlerFunc {
 	value := reflect.ValueOf(val)
@ -162,3 +169,19 @@ func isASCII(s string) bool {
 	}
 	return true
 }
+
+// safeInt8 converts int to int8 safely, capping at math.MaxInt8
+func safeInt8(n int) int8 {
+	if n > math.MaxInt8 {
+		return math.MaxInt8
+	}
+	return int8(n)
+}
+
+// safeUint16 converts int to uint16 safely, capping at math.MaxUint16
+func safeUint16(n int) uint16 {
+	if n > math.MaxUint16 {
+		return math.MaxUint16
+	}
+	return uint16(n)
+}
--- a/utils_test.go
+++ b/utils_test.go
@ -8,6 +8,7 @@ import (
 	"bytes"
 	"encoding/xml"
 	"fmt"
+	"math"
 	"net/http"
 	"testing"

@ -148,3 +149,13 @@ func TestIsASCII(t *testing.T) {
 	assert.True(t, isASCII("test"))
 	assert.False(t, isASCII("🧡💛💚💙💜"))
 }
+
+func TestSafeInt8(t *testing.T) {
+	assert.Equal(t, int8(100), safeInt8(100))
+	assert.Equal(t, int8(math.MaxInt8), safeInt8(int(math.MaxInt8)+123))
+}
+
+func TestSafeUint16(t *testing.T) {
+	assert.Equal(t, uint16(100), safeUint16(100))
+	assert.Equal(t, uint16(math.MaxUint16), safeUint16(int(math.MaxUint16)+123))
+}
Author	SHA1	Message	Date
p8bin	ee2b4e3970	Merge 8e66616db7f23072b4613cbbb833a919d463611d into 9914178584e42458ff7d23891463a880f58c9d86	2026-01-13 17:29:14 +03:00
Nurysso	9914178584	fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472 ) * Fix ClientIP calculation by concatenating all RemoteIPHeaders values * test: used http.MethodGet instead constants and fix lints * lint error fixed * Refactor ClientIP X-Forwarded-For tests --------- Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2026-01-02 10:15:27 +08:00
Paulo Henrique	915e4c90d2	refactor(context): replace hardcoded localhost IPs with constants (#4481 )	2025-12-27 19:25:17 +08:00
Twacqwq	26c3a62865	chore(response): prevent Flush() panic when `http.Flusher` (#4479 )	2025-12-24 18:35:20 +08:00
dependabot[bot]	22c274c84b	chore(deps): bump actions/cache from 4 to 5 in the actions group (#4469 ) Bumps the actions group with 1 update: [actions/cache](https://github.com/actions/cache). Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-24 18:33:46 +08:00
OHZEKI Naoki	d1a15347b1	refactor(utils): move util functions to utils.go (#4467 ) Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-12 13:43:25 +08:00
Name	64a6ed9a41	perf(recovery): optimize line reading in stack function (#4466 ) Co-authored-by: 1911860538 <alxps1911@gmail.com>	2025-12-12 13:42:03 +08:00
OHZEKI Naoki	19b877fa50	test(debug): improve the test coverage of debug.go to 100% (#4404 )	2025-12-05 11:18:08 +08:00
OHZEKI Naoki	2a794cd0b0	fix(debug): version mismatch (#4403 ) Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-04 10:49:37 +08:00
guonaihong	b917b14ff9	fix(binding): empty value error (#2169 ) * fix empty value error Here is the code that can report an error ```go package main import ( "fmt" "github.com/gin-gonic/gin" "io" "net/http" "os" "time" ) type header struct { Duration time.Duration `header:"duration"` CreateTime time.Time `header:"createTime" time_format:"unix"` } func needFix1() { g := gin.Default() g.GET("/", func(c gin.Context) { h := header{} err := c.ShouldBindHeader(&h) if err != nil { c.JSON(500, fmt.Sprintf("fail:%s\n", err)) return } c.JSON(200, h) }) g.Run(":8081") } func needFix2() { g := gin.Default() g.GET("/", func(c gin.Context) { h := header{} err := c.ShouldBindHeader(&h) if err != nil { c.JSON(500, fmt.Sprintf("fail:%s\n", err)) return } c.JSON(200, h) }) g.Run(":8082") } func sendNeedFix1() { // send to needFix1 sendBadData("http://127.0.0.1:8081", "duration") } func sendNeedFix2() { // send to needFix2 sendBadData("http://127.0.0.1:8082", "createTime") } func sendBadData(url, key string) { req, err := http.NewRequest("GET", "http://127.0.0.1:8081", nil) if err != nil { fmt.Printf("err:%s\n", err) return } // Only the key and no value can cause an error req.Header.Add(key, "") rsp, err := http.DefaultClient.Do(req) if err != nil { return } io.Copy(os.Stdout, rsp.Body) rsp.Body.Close() } func main() { go needFix1() go needFix2() time.Sleep(time.Second / 1000 * 200) // 200ms sendNeedFix1() sendNeedFix2() } ``` * modify code * add comment * test(binding): use 'any' alias and require.NoError in form mapping tests - Replace 'interface{}' with 'any' alias in bindTestData struct - Change assert.NoError to require.NoError in TestMappingTimeUnixNano and TestMappingTimeDuration to fail fast on mapping errors --------- Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-03 19:18:10 +08:00
dependabot[bot]	fad706f121	chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 (#4458 ) Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/goccy/go-yaml/releases) - [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/goccy/go-yaml/compare/v1.18.0...v1.19.0) --- updated-dependencies: - dependency-name: github.com/goccy/go-yaml dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 20:09:41 +08:00
Wayne Aki	f416d1e594	test(gin): resolve race conditions in integration tests (#4453 ) - Implement TestRebuild404Handlers to verify 404 handler chain rebuilding when global middleware is added via Use() - Add waitForServerReady helper with exponential backoff to replace unreliable time.Sleep() calls in integration tests - Fix race conditions in TestRunEmpty, TestRunEmptyWithEnv, and TestRunWithPort by using proper server readiness checks - All tests now pass consistently with -race flag This addresses the empty test function and eliminates flaky test failures caused by insufficient wait times for server startup. Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-11-30 15:38:07 +08:00
Milad	583db590ec	test(bytesconv): add tests for empty/nil cases (#4454 ) Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-11-30 15:25:46 +08:00
appleboy	af6e8b70b8	chore(deps): upgrade quic-go to v0.57.1 Fix CVE-2025-59530 vulnerability (quic-go Crash Due to Premature HANDSHAKE_DONE Frame) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-30 11:52:47 +08:00
Yilong Li	63dd3e60ca	fix(recover): suppress http.ErrAbortHandler in recover (#4336 ) Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-11-27 23:20:52 +08:00
Milad	c358d5656d	test(gin): Add comprehensive test coverage for ginS package (#4442 ) * test(ginS): add comprehensive test coverage for ginS package Improve test coverage for ginS package by adding 18 test functions covering HTTP methods, routing, middleware, static files, and templates. * use http.Method* constants instead of raw strings in gins_test.go * copyright updated in gins_test.go --------- Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-11-27 23:01:57 +08:00
Aeddis Desauw	771dcc6476	feat(gin): add option to use escaped path (#4420 ) Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-11-27 17:55:34 +08:00
dependabot[bot]	52ecf029bd	chore(deps): bump actions/checkout from 5 to 6 in the actions group (#4446 ) Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-11-26 23:33:08 +08:00
Name	440eb14ab8	perf(path): replace regex with custom functions in redirectTrailingSlash (#4414 ) * perf: replace regex with custom functions in redirectTrailingSlash * perf: use more efficient removeRepeatedChar for path slash handling --------- Co-authored-by: 1911860538 <alxps1911@gmail.com>	2025-11-26 23:32:18 +08:00
Bo-Yi Wu	ecb3f7b5e2	chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449 ) - Update golang.org/x/crypto dependency to version 0.45.0 1. https://avd.aquasec.com/nvd/cve-2025-47914 2. https://avd.aquasec.com/nvd/cve-2025-58181 Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-11-23 11:46:13 +08:00
nibi8	8e66616db7	Error parser	2022-05-11 21:56:28 +03:00