chore(response): prevent Flush() panic when http.Flusher (#4479)

Bumps the actions group with 1 update: [actions/cache](https://github.com/actions/cache).


Updates `actions/cache` from 4 to 5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/ISSUE_TEMPLATE.md

@@ -1,49 +0,0 @@
-- With issues:
-  - Use the search tool before opening a new issue.
-  - Please provide source code and commit sha if you found a bug.
-  - Review existing issues and provide feedback or react to them.
-
-## Description
-
-<!-- Description of a problem -->
-
-## How to reproduce
-
-<!-- The smallest possible code example to show the problem that can be compiled, like -->
-```
-package main
-
-import (
-	"github.com/gin-gonic/gin"
-)
-
-func main() {
-	g := gin.Default()
-	g.GET("/hello/:name", func(c *gin.Context) {
-		c.String(200, "Hello %s", c.Param("name"))
-	})
-	g.Run(":9000")
-}
-```
-
-## Expectations
-
-<!-- Your expectation result of 'curl' command, like -->
-```
-$ curl http://localhost:8201/hello/world
-Hello world
-```
-
-## Actual result
-
-<!-- Actual result showing the problem -->
-```
-$ curl -i http://localhost:8201/hello/world
-<YOUR RESULT>
-```
-
-## Environment
-
-- go version:
-- gin version (or commit ref):
-- operating system:

.github/ISSUE_TEMPLATE/bug-report.yaml

@@ -0,0 +1,60 @@
+name: Bug Report
+description: Found something you weren't expecting? Report it here!
+labels: ["type/bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        NOTE: If your issue is a security concern, please send an email to appleboy.tw@gmail.com instead of opening a public issue.
+  - type: markdown
+    attributes:
+      value: |
+        1. Please speak English, this is the language all maintainers can speak and write.
+        2. Please ask questions problems on our Discussions Forum (https://github.com/gin-gonic/gin/discussions).
+        3. Make sure you are using the latest release and
+           take a moment to check that your issue hasn't been reported before.
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: |
+        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
+  - type: input
+    id: gin-ver
+    attributes:
+      label: Gin Version
+      description: Gin version (or commit reference) of your instance
+    validations:
+      required: true
+  - type: dropdown
+    id: can-reproduce
+    attributes:
+      label: Can you reproduce the bug?
+      description: |
+        If so, please write the steps to reproduce the bug.
+      options:
+        - "Yes"
+        - "No"
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        It's really important to provide pertinent logs
+        Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help
+        In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
+  - type: textarea
+    id: source-code
+    attributes:
+      label: Source Code
+      description: If this issue involves source code, please provide a minimal reproducible example
+  - type: input
+    id: go-ver
+    attributes:
+      label: Go Version
+      description: The version of Go running on the server
+  - type: input
+    id: os-ver
+    attributes:
+      label: Operating System
+      description: The operating system you are using to run Gin

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Go.dev API Documentation
+    url: https://pkg.go.dev/github.com/gin-gonic/gin
+    about: Comprehensive API documentation for Gin.
+  - name: Gin User Guides
+    url: https://gin-gonic.com/
+    about: In-depth user guides and tutorials for using Gin.
+  - name: Discussions Forum
+    url: https://github.com/gin-gonic/gin/discussions
+    about: Questions and configuration or deployment problems can also be discussed.

.github/ISSUE_TEMPLATE/feature-request.yaml

@@ -0,0 +1,18 @@
+name: Feature Request
+description: Got an idea for a feature that Gin doesn't have currently?  Submit your idea here!
+labels: ["type/proposal"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        1. Please speak English, this is the language all maintainers can speak and write.
+        2. Please ask questions problems on our Discussions Forum (https://github.com/gin-gonic/gin/discussions).
+        3. Please take a moment to check that your feature hasn't already been suggested.
+  - type: textarea
+    id: description
+    attributes:
+      label: Feature Description
+      placeholder: |
+        I think it would be great if Gin had...
+    validations:
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1,10 @@
-- With pull requests:
-  - Open your pull request against `master`
-  - Your pull request should have no more than two commits, if not you should squash them.
-  - It should pass all tests in the available continuous integration systems such as GitHub Actions.
-  - You should add/modify tests to cover your proposed code changes.
-  - If your pull request contains a new feature, please document it on the README.
+# Pull Request Checklist
 
+Please ensure your pull request meets the following requirements:
+
+- [ ] Open your pull request against the `master` branch.
+- [ ] All tests pass in available continuous integration systems (e.g., GitHub Actions).
+- [ ] Tests are added or modified as needed to cover code changes.
+- [ ] If the pull request introduces a new feature, the feature is documented in the `docs/doc.md`.
+
+Thank you for contributing!

.github/dependabot.yml

@@ -1,10 +1,14 @@
 version: 2
 updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: weekly
   - package-ecosystem: gomod
     directory: /
     schedule:
-      interval: weekly
+      interval: daily
+  - package-ecosystem: github-actions
+    directory: /
+    groups:
+      actions:
+        patterns:
+          - "*"
+    schedule:
+      interval: daily

.github/workflows/codeql.yml

@@ -7,12 +7,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
-    - cron: '0 17 * * 5'
+    - cron: "0 17 * * 5"
 
 jobs:
   analyze:
@@ -29,15 +29,15 @@ jobs:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
         # TODO: Enable for javascript later
-        language: [ 'go']
+        language: ["go"]
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -46,4 +46,4 @@ jobs:
           # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v4

.github/workflows/gin.yml

@@ -15,24 +15,33 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - name: Setup go
-        uses: actions/setup-go@v3
+      - name: Checkout
+        uses: actions/checkout@v6
         with:
-          go-version: '^1.16'
-      - name: Checkout repository
-        uses: actions/checkout@v3
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "^1"
       - name: Setup golangci-lint
-        uses: golangci/golangci-lint-action@v3.4.0
+        uses: golangci/golangci-lint-action@v9
         with:
-          version: v1.48.0
+          version: v2.6
           args: --verbose
   test:
     needs: lint
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
-        go: ['1.16', '1.17', '1.18', '1.19', '1.20']
-        test-tags: ['', '-tags nomsgpack', '-tags "sonic avx"', '-tags go_json']
+        go: ["1.24", "1.25"]
+        test-tags:
+          [
+            "",
+            "-tags nomsgpack",
+            '--ldflags="-checklinkname=0" -tags sonic',
+            "-tags go_json",
+            "-race",
+          ]
         include:
           - os: ubuntu-latest
             go-build: ~/.cache/go-build
@@ -46,16 +55,17 @@ jobs:
       GOPROXY: https://proxy.golang.org
     steps:
       - name: Set up Go ${{ matrix.go }}
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go }}
+          cache: false
 
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.ref }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v5
         with:
           path: |
             ${{ matrix.go-build }}
@@ -68,24 +78,6 @@ jobs:
         run: make test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
         with:
           flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }}
-
-      - name: Format
-        if: matrix.go-version == '1.19.x'
-        run: diff -u <(echo -n) <(gofmt -d .)
-  notification-gitter:
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notification failure message
-        if: failure()
-        run: |
-          PR_OR_COMPARE="$(if [ "${{ github.event.pull_request }}" != "" ]; then echo "${{ github.event.pull_request.html_url }}"; else echo "${{ github.event.compare }}"; fi)"
-          curl -d message="GitHub Actions [$GITHUB_REPOSITORY]($PR_OR_COMPARE) ($GITHUB_REF) [normal]($GITHUB_API_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) ($GITHUB_RUN_NUMBER)" -d level=error https://webhooks.gitter.im/e/7f95bf605c4d356372f4
-      - name: Notification success message
-        if: success()
-        run: |
-          PR_OR_COMPARE="$(if [ "${{ github.event.pull_request }}" != "" ]; then echo "${{ github.event.pull_request.html_url }}"; else echo "${{ github.event.compare }}"; fi)"
-          curl -d message="GitHub Actions [$GITHUB_REPOSITORY]($PR_OR_COMPARE) ($GITHUB_REF) [normal]($GITHUB_API_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) ($GITHUB_RUN_NUMBER)" https://webhooks.gitter.im/e/7f95bf605c4d356372f4

.github/workflows/goreleaser.yml

@@ -3,7 +3,7 @@ name: Goreleaser
 on:
   push:
     tags:
-      - '*'
+      - "*"
 
 permissions:
   contents: write
@@ -12,23 +12,25 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
+      - name: Set up Go
+        uses: actions/setup-go@v6
         with:
-          go-version: 1.17
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+          go-version: "^1"
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Trigger Go module reindex (pkg.go.dev)
+        run: |
+          echo "Triggering Go module reindex at proxy.golang.org"
+          curl -sSf "https://proxy.golang.org/github.com/${GITHUB_REPOSITORY,,}/@v/${GITHUB_REF_NAME}.info"

.github/workflows/trivy-scan.yml

@@ -0,0 +1,56 @@
+name: Trivy Security Scan
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    # Run daily at 00:00 UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch: # Allow manual trigger
+
+permissions:
+  contents: read
+  security-events: write # Required for uploading SARIF results
+
+jobs:
+  trivy-scan:
+    name: Trivy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Run Trivy vulnerability scanner (source code)
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          scanners: 'vuln,secret,misconfig'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          ignore-unfixed: true
+
+      - name: Upload Trivy results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Run Trivy scanner (table output for logs)
+        uses: aquasecurity/trivy-action@0.33.1
+        if: always()
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          scanners: 'vuln,secret,misconfig'
+          format: 'table'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          ignore-unfixed: true
+          exit-code: '1'

.gitignore

@@ -5,3 +5,7 @@ count.out
 test
 profile.out
 tmp.out
+
+# Develop tools
+.idea/
+.vscode/

.golangci.yml

@@ -1,39 +1,75 @@
-run:
-  timeout: 5m
+version: "2"
 linters:
   enable:
     - asciicheck
-    - depguard
+    - copyloopvar
     - dogsled
     - durationcheck
-    - errcheck
     - errorlint
-    - exportloopref
-    - gci
-    - gofmt
-    - goimports
     - gosec
     - misspell
     - nakedret
     - nilerr
     - nolintlint
+    - perfsprint
     - revive
+    - testifylint
+    - usestdlibvars
     - wastedassign
-issues:
-  exclude-rules:
-    - linters:
-        - structcheck
-        - unused
-      text: "`data` is unused"
-    - linters:
-        - staticcheck
-      text: "SA1019:"
-    - linters:
-        - revive
-      text: "var-naming:"
-    - linters:
-        - revive
-      text: "exported:"
-    - path: _test\.go
-      linters:
-        - gosec # security is not make sense in tests
+  settings:
+    gosec:
+      excludes:
+        - G115
+    perfsprint:
+      int-conversion: true
+      err-error: true
+      errorf: true
+      sprintf1: true
+      strconcat: true
+    testifylint:
+      enable-all: true
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - structcheck
+          - unused
+        text: '`data` is unused'
+      - linters:
+          - staticcheck
+        text: 'SA1019:'
+      - linters:
+          - revive
+        text: 'var-naming:'
+      - linters:
+          - revive
+        text: 'exported:'
+      - linters:
+          - gosec
+        path: _test\.go
+      - linters:
+          - revive
+        path: _test\.go
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gofmt:
+      rewrite-rules:
+        - pattern: 'interface{}'
+          replacement: 'any'
+  exclusions:
+    generated: lax
+    paths:
+      - gin.go

.goreleaser.yaml

@@ -1,8 +1,7 @@
 project_name: gin
 
 builds:
-  -
-    # If true, skip the build.
+  - # If true, skip the build.
     # Useful for library projects.
     # Default is false
     skip: true
@@ -10,7 +9,7 @@ builds:
 changelog:
   # Set it to true if you wish to skip the changelog generation.
   # This may result in an empty release notes on GitHub/GitLab/Gitea.
-  skip: false
+  disable: false
 
   # Changelog generation implementation to use.
   #
@@ -21,7 +20,7 @@ changelog:
   # - `github-native`: uses the GitHub release notes generation API, disables the groups feature.
   #
   # Defaults to `git`.
-  use: git
+  use: github
 
   # Sorts the changelog by the commit's messages.
   # Could either be asc, desc or empty
@@ -38,20 +37,20 @@ changelog:
     - title: Features
       regexp: "^.*feat[(\\w)]*:+.*$"
       order: 0
-    - title: 'Bug fixes'
+    - title: "Bug fixes"
       regexp: "^.*fix[(\\w)]*:+.*$"
       order: 1
-    - title: 'Enhancements'
+    - title: "Enhancements"
       regexp: "^.*chore[(\\w)]*:+.*$"
       order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 4
     - title: Others
       order: 999
-
-  filters:
-    # Commit messages matching the regexp listed here will be removed from
-    # the changelog
-    # Default is empty
-    exclude:
-      - '^docs'
-      - 'CICD'
-      - typo

CHANGELOG.md

@@ -1,5 +1,194 @@
 # Gin ChangeLog
 
+## Gin v1.11.0
+
+### Features
+
+* feat(gin): Experimental support for HTTP/3 using quic-go/quic-go ([#3210](https://github.com/gin-gonic/gin/pull/3210))
+* feat(form): add array collection format in form binding ([#3986](https://github.com/gin-gonic/gin/pull/3986)), add custom string slice for form tag unmarshal ([#3970](https://github.com/gin-gonic/gin/pull/3970))
+* feat(binding): add BindPlain ([#3904](https://github.com/gin-gonic/gin/pull/3904))
+* feat(fs): Export, test and document OnlyFilesFS ([#3939](https://github.com/gin-gonic/gin/pull/3939))
+* feat(binding): add support for unixMilli and unixMicro ([#4190](https://github.com/gin-gonic/gin/pull/4190))
+* feat(form): Support default values for collections in form binding ([#4048](https://github.com/gin-gonic/gin/pull/4048))
+* feat(context): GetXxx added support for more go native types ([#3633](https://github.com/gin-gonic/gin/pull/3633))
+
+### Enhancements
+
+* perf(context): optimize getMapFromFormData performance ([#4339](https://github.com/gin-gonic/gin/pull/4339))
+* refactor(tree): replace string(/) with "/" in node.insertChild ([#4354](https://github.com/gin-gonic/gin/pull/4354))
+* refactor(render): remove headers parameter from writeHeader ([#4353](https://github.com/gin-gonic/gin/pull/4353))
+* refactor(context): simplify "GetType()" functions ([#4080](https://github.com/gin-gonic/gin/pull/4080))
+* refactor(slice): simplify SliceValidationError Error method ([#3910](https://github.com/gin-gonic/gin/pull/3910))
+* refactor(context):Avoid using filepath.Dir twice in SaveUploadedFile ([#4181](https://github.com/gin-gonic/gin/pull/4181))
+* refactor(context): refactor context handling and improve test robustness ([#4066](https://github.com/gin-gonic/gin/pull/4066))
+* refactor(binding): use strings.Cut to replace strings.Index ([#3522](https://github.com/gin-gonic/gin/pull/3522))
+* refactor(context): add an optional permission parameter to SaveUploadedFile ([#4068](https://github.com/gin-gonic/gin/pull/4068))
+* refactor(context): verify URL is Non-nil in initQueryCache() ([#3969](https://github.com/gin-gonic/gin/pull/3969))
+* refactor(context): YAML judgment logic in Negotiate ([#3966](https://github.com/gin-gonic/gin/pull/3966))
+* tree: replace the self-defined 'min' to official one ([#3975](https://github.com/gin-gonic/gin/pull/3975))
+* context: Remove redundant filepath.Dir usage ([#4181](https://github.com/gin-gonic/gin/pull/4181))
+
+### Bug Fixes
+
+* fix: prevent middleware re-entry issue in HandleContext ([#3987](https://github.com/gin-gonic/gin/pull/3987))
+* fix(binding): prevent duplicate decoding and add validation in decodeToml ([#4193](https://github.com/gin-gonic/gin/pull/4193))
+* fix(gin): Do not panic when handling method not allowed on empty tree ([#4003](https://github.com/gin-gonic/gin/pull/4003))
+* fix(gin): data race warning for gin mode ([#1580](https://github.com/gin-gonic/gin/pull/1580))
+* fix(context): verify URL is Non-nil in initQueryCache() ([#3969](https://github.com/gin-gonic/gin/pull/3969))
+* fix(context): YAML judgment logic in Negotiate ([#3966](https://github.com/gin-gonic/gin/pull/3966))
+* fix(context): check handler is nil ([#3413](https://github.com/gin-gonic/gin/pull/3413))
+* fix(readme): fix broken link to English documentation ([#4222](https://github.com/gin-gonic/gin/pull/4222))
+* fix(tree): Keep panic infos consistent when wildcard type build faild ([#4077](https://github.com/gin-gonic/gin/pull/4077))
+
+### Build process updates / CI
+
+* ci: integrate Trivy vulnerability scanning into CI workflow ([#4359](https://github.com/gin-gonic/gin/pull/4359))
+* ci: support Go 1.25 in CI/CD ([#4341](https://github.com/gin-gonic/gin/pull/4341))
+* build(deps): upgrade github.com/bytedance/sonic from v1.13.2 to v1.14.0 ([#4342](https://github.com/gin-gonic/gin/pull/4342))
+* ci: add Go version 1.24 to GitHub Actions ([#4154](https://github.com/gin-gonic/gin/pull/4154))
+* build: update Gin minimum Go version to 1.21 ([#3960](https://github.com/gin-gonic/gin/pull/3960))
+* ci(lint): enable new linters (testifylint, usestdlibvars, perfsprint, etc.) ([#4010](https://github.com/gin-gonic/gin/pull/4010), [#4091](https://github.com/gin-gonic/gin/pull/4091), [#4090](https://github.com/gin-gonic/gin/pull/4090))
+* ci(lint): update workflows and improve test request consistency ([#4126](https://github.com/gin-gonic/gin/pull/4126))
+
+### Dependency updates
+
+* chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.9 ([#4346](https://github.com/gin-gonic/gin/pull/4346), [#4356](https://github.com/gin-gonic/gin/pull/4356))
+* chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 ([#4347](https://github.com/gin-gonic/gin/pull/4347))
+* chore(deps): bump actions/setup-go from 5 to 6 ([#4351](https://github.com/gin-gonic/gin/pull/4351))
+* chore(deps): bump github.com/quic-go/quic-go from 0.53.0 to 0.54.0 ([#4328](https://github.com/gin-gonic/gin/pull/4328))
+* chore(deps): bump golang.org/x/net from 0.33.0 to 0.38.0 ([#4178](https://github.com/gin-gonic/gin/pull/4178), [#4221](https://github.com/gin-gonic/gin/pull/4221))
+* chore(deps): bump github.com/go-playground/validator/v10 from 10.20.0 to 10.22.1 ([#4052](https://github.com/gin-gonic/gin/pull/4052))
+
+### Documentation updates
+
+* docs(changelog): update release notes for Gin v1.10.1 ([#4360](https://github.com/gin-gonic/gin/pull/4360))
+* docs: Fixing English grammar mistakes and awkward sentence structure in doc/doc.md ([#4207](https://github.com/gin-gonic/gin/pull/4207))
+* docs: update documentation and release notes for Gin v1.10.0 ([#3953](https://github.com/gin-gonic/gin/pull/3953))
+* docs: fix typo in Gin Quick Start ([#3997](https://github.com/gin-gonic/gin/pull/3997))
+* docs: fix comment and link issues ([#4205](https://github.com/gin-gonic/gin/pull/4205), [#3938](https://github.com/gin-gonic/gin/pull/3938))
+* docs: fix route group example code ([#4020](https://github.com/gin-gonic/gin/pull/4020))
+* docs(readme): add Portuguese documentation ([#4078](https://github.com/gin-gonic/gin/pull/4078))
+* docs(context): fix some function names in comment ([#4079](https://github.com/gin-gonic/gin/pull/4079))
+
+---
+
+## Gin v1.10.1
+
+### Features
+
+* refactor: strengthen HTTPS security and improve code organization
+* feat(binding): Support custom BindUnmarshaler for binding. (#3933)
+
+### Enhancements
+
+* chore(deps): bump github.com/bytedance/sonic from 1.11.3 to 1.11.6 (#3940)
+* chore(deps): bump golangci/golangci-lint-action from 4 to 5 (#3941)
+* chore: update external dependencies to latest versions (#3950)
+* chore: update various Go dependencies to latest versions (#3901)
+* chore: refactor configuration files for better readability (#3951)
+* chore: update changelog categories and improve documentation (#3917)
+* feat: update version constant to v1.10.0 (#3952)
+
+### Build process updates
+
+* ci(release): refactor changelog regex patterns and exclusions (#3914)
+* ci(Makefile): vet command add .PHONY (#3915)
+
+## Gin v1.10.0
+
+### Features
+
+* feat(auth): add proxy-server authentication (#3877) (@EndlessParadox1)
+* feat(bind): ShouldBindBodyWith shortcut and change doc (#3871) (@RedCrazyGhost)
+* feat(binding): Support custom BindUnmarshaler for binding. (#3933) (@dkkb)
+* feat(binding): support override default binding implement (#3514) (@ssfyn)
+* feat(engine): Added `OptionFunc` and `With` (#3572) (@flc1125)
+* feat(logger): ability to skip logs based on user-defined logic (#3593) (@palvaneh)
+
+### Bug fixes
+
+* Revert "fix(uri): query binding bug (#3236)" (#3899) (@appleboy)
+* fix(binding): binding error while not upload file (#3819) (#3820) (@clearcodecn)
+* fix(binding): dereference pointer to struct (#3199) (@echovl)
+* fix(context): make context Value method adhere to Go standards (#3897) (@FarmerChillax)
+* fix(engine): fix unit test (#3878) (@flc1125)
+* fix(header): Allow header according to RFC 7231 (HTTP 405) (#3759) (@Crocmagnon)
+* fix(route): Add fullPath in context copy (#3784) (@KarthikReddyPuli)
+* fix(router): catch-all conflicting wildcard (#3812) (@FirePing32)
+* fix(sec): upgrade golang.org/x/crypto to 0.17.0 (#3832) (@chncaption)
+* fix(tree): correctly expand the capacity of params (#3502) (@georgijd-form3)
+* fix(uri): query binding bug (#3236) (@illiafox)
+* fix: Add pointer support for url query params (#3659) (#3666) (@omkar-foss)
+* fix: protect Context.Keys map when call Copy method (#3873) (@kingcanfish)
+
+### Enhancements
+
+* chore(CI): update release args (#3595) (@qloog)
+* chore(IP): add TrustedPlatform constant for Fly.io. (#3839) (@ab)
+* chore(debug): add ability to override the debugPrint statement (#2337) (@josegonzalez)
+* chore(deps): update dependencies to latest versions (#3835) (@appleboy)
+* chore(header): Add support for RFC 9512: application/yaml (#3851) (@vincentbernat)
+* chore(http): use white color for HTTP 1XX (#3741) (@viralparmarme)
+* chore(optimize): the ShouldBindUri method of the Context struct (#3911) (@1911860538)
+* chore(perf): Optimize the Copy method of the Context struct (#3859) (@1911860538)
+* chore(refactor): modify interface check way (#3855) (@demoManito)
+* chore(request): check reader if it's nil before reading (#3419) (@noahyao1024)
+* chore(security): upgrade Protobuf for CVE-2024-24786 (#3893) (@Fotkurz)
+* chore: refactor CI and update dependencies (#3848) (@appleboy)
+* chore: refactor configuration files for better readability (#3951) (@appleboy)
+* chore: update GitHub Actions configuration (#3792) (@appleboy)
+* chore: update changelog categories and improve documentation (#3917) (@appleboy)
+* chore: update dependencies to latest versions (#3694) (@appleboy)
+* chore: update external dependencies to latest versions (#3950) (@appleboy)
+* chore: update various Go dependencies to latest versions (#3901) (@appleboy)
+
+### Build process updates
+
+* build(codecov): Added a codecov configuration (#3891) (@flc1125)
+* ci(Makefile): vet command add .PHONY (#3915) (@imalasong)
+* ci(lint): update tooling and workflows for consistency (#3834) (@appleboy)
+* ci(release): refactor changelog regex patterns and exclusions (#3914) (@appleboy)
+* ci(testing): add go1.22 version (#3842) (@appleboy)
+
+### Documentation updates
+
+* docs(context): Added deprecation comments to BindWith (#3880) (@flc1125)
+* docs(middleware): comments to function `BasicAuthForProxy` (#3881) (@EndlessParadox1)
+* docs: Add document  to constant `AuthProxyUserKey` and  `BasicAuthForProxy`. (#3887) (@EndlessParadox1)
+* docs: fix typo in comment (#3868) (@testwill)
+* docs: fix typo in function documentation (#3872) (@TotomiEcio)
+* docs: remove redundant comments (#3765) (@WeiTheShinobi)
+* feat: update version constant to v1.10.0 (#3952) (@appleboy)
+
+### Others
+
+* Upgrade golang.org/x/net -> v0.13.0 (#3684) (@cpcf)
+* test(git): gitignore add develop tools (#3370) (@demoManito)
+* test(http): use constant instead of numeric literal (#3863) (@testwill)
+* test(path): Optimize unit test execution results (#3883) (@flc1125)
+* test(render): increased unit tests coverage (#3691) (@araujo88)
+
+## Gin v1.9.1
+
+### BUG FIXES
+
+* fix Request.Context() checks [#3512](https://github.com/gin-gonic/gin/pull/3512)
+
+### SECURITY
+
+* fix lack of escaping of filename in Content-Disposition [#3556](https://github.com/gin-gonic/gin/pull/3556) 
+
+### ENHANCEMENTS
+
+* refactor: use bytes.ReplaceAll directly [#3455](https://github.com/gin-gonic/gin/pull/3455)
+* convert strings and slices using the officially recommended way [#3344](https://github.com/gin-gonic/gin/pull/3344)
+* improve render code coverage [#3525](https://github.com/gin-gonic/gin/pull/3525)
+
+### DOCS
+
+* docs: changed documentation link for trusted proxies [#3575](https://github.com/gin-gonic/gin/pull/3575)
+* chore: improve linting, testing, and GitHub Actions setup [#3583](https://github.com/gin-gonic/gin/pull/3583)
+
 ## Gin v1.9.0
 
 ### BREAK CHANGES
@@ -393,7 +582,7 @@
 - [FIX] Refactor render
 - [FIX] Reworked tests
 - [FIX] logger now supports cygwin
-- [FIX] Use X-Forwarded-For before X-Real-Ip
+- [FIX] Use X-Forwarded-For before X-Real-IP
 - [FIX] time.Time binding (#904)
 
 ## Gin 1.1.4

CONTRIBUTING.md

@@ -1,13 +1,41 @@
-## Contributing
+# Contributing
 
-- With issues:
-  - Use the search tool before opening a new issue.
-  - Please provide source code and commit sha if you found a bug.
+We welcome both issue reports and pull requests! Please follow these guidelines to help maintainers respond effectively.
+
+## Issues
+
+- **Before opening a new issue:**
+  - Use the search tool to check for existing issues or feature requests.
   - Review existing issues and provide feedback or react to them.
+  - Use English for all communications — it is the language all maintainers read and write.
+  - For questions, configuration or deployment problems, please use the [Discussions Forum](https://github.com/gin-gonic/gin/discussions).
+  - For bug reports involving sensitive security issues, email <appleboy.tw@gmail.com> instead of posting publicly.
 
-- With pull requests:
-  - Open your pull request against `master`
-  - Your pull request should have no more than two commits, if not you should squash them.
-  - It should pass all tests in the available continuous integration systems such as GitHub Actions.
-  - You should add/modify tests to cover your proposed code changes.
-  - If your pull request contains a new feature, please document it on the README.
+- **Reporting a bug:**
+  - Please provide a clear description of your issue, and a minimal reproducible code example if possible.
+  - Include the Gin version (or commit reference), Go version, and operating system.
+  - Indicate whether you can reproduce the bug and describe steps to do so.
+  - Attach relevant logs per [Logging Documentation](https://docs.gitea.com/administration/logging-config#collecting-logs-for-help).
+
+- **Feature requests:**
+  - Before opening a request, check that a similar idea hasn’t already been suggested.
+  - Clearly describe your proposed feature and its benefits.
+
+_For API Documentation, User Guides, and more, see:_
+
+- [Go.dev API Documentation](https://pkg.go.dev/github.com/gin-gonic/gin)
+- [Gin User Guides](https://gin-gonic.com/)
+- [Discussions Forum](https://github.com/gin-gonic/gin/discussions)
+
+## Pull Requests
+
+Please ensure your pull request meets the following requirements:
+
+- Open your pull request against the `master` branch.
+- Your pull request should have no more than two commits — squash them if necessary.
+- All tests pass in available continuous integration systems (e.g., GitHub Actions).
+- Add or modify tests to cover your code changes.
+- If your pull request introduces a new feature, document it in [`docs/doc.md`](docs/doc.md), not in the README.
+- Follow the checklist in the [Pull Request Template](.github/PULL_REQUEST_TEMPLATE.md:1).
+
+Thank you for contributing!

Makefile

@@ -8,6 +8,7 @@ TESTFOLDER := $(shell $(GO) list ./... | grep -E 'gin$$|binding$$|render$$' | gr
 TESTTAGS ?= ""
 
 .PHONY: test
+# Run tests to verify code functionality.
 test:
 	echo "mode: count" > coverage.out
 	for d in $(TESTFOLDER); do \
@@ -30,10 +31,12 @@ test:
 	done
 
 .PHONY: fmt
+# Ensure consistent code formatting.
 fmt:
 	$(GOFMT) -w $(GOFILES)
 
 .PHONY: fmt-check
+# format (check only).
 fmt-check:
 	@diff=$$($(GOFMT) -d $(GOFILES)); \
 	if [ -n "$$diff" ]; then \
@@ -42,31 +45,37 @@ fmt-check:
 		exit 1; \
 	fi;
 
+.PHONY: vet
+# Examine packages and report suspicious constructs if any.
 vet:
 	$(GO) vet $(VETPACKAGES)
 
 .PHONY: lint
+# Inspect source code for stylistic errors or potential bugs.
 lint:
 	@hash golint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u golang.org/x/lint/golint; \
 	fi
 	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
 
-.PHONY: misspell-check
-misspell-check:
-	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
-	fi
-	misspell -error $(GOFILES)
-
 .PHONY: misspell
+# Correct commonly misspelled English words in source code.
 misspell:
 	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
 	misspell -w $(GOFILES)
 
+.PHONY: misspell-check
+# misspell (check only).
+misspell-check:
+	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
+	fi
+	misspell -error $(GOFILES)
+
 .PHONY: tools
+# Install tools (golint and misspell).
 tools:
 	@if [ $(GO_VERSION) -gt 15 ]; then \
 		$(GO) install golang.org/x/lint/golint@latest; \
@@ -75,3 +84,23 @@ tools:
 		$(GO) install golang.org/x/lint/golint; \
 		$(GO) install github.com/client9/misspell/cmd/misspell; \
 	fi
+
+.PHONY: help
+# Help.
+help:
+	@echo ''
+	@echo 'Usage:'
+	@echo ' make [target]'
+	@echo ''
+	@echo 'Targets:'
+	@awk '/^[a-zA-Z\-\0-9]+:/ { \
+	helpMessage = match(lastLine, /^# (.*)/); \
+		if (helpMessage) { \
+			helpCommand = substr($$1, 0, index($$1, ":")-1); \
+			helpMessage = substr(lastLine, RSTART + 2, RLENGTH); \
+			printf " - \033[36m%-20s\033[0m %s\n", helpCommand, helpMessage; \
+		} \
+	} \
+	{ lastLine = $$0 }' $(MAKEFILE_LIST)
+
+.DEFAULT_GOAL := help

README.md

@@ -2,122 +2,153 @@
 
 <img align="right" width="159px" src="https://raw.githubusercontent.com/gin-gonic/logo/master/color.png">
 
-[![Build Status](https://github.com/gin-gonic/gin/workflows/Run%20Tests/badge.svg?branch=master)](https://github.com/gin-gonic/gin/actions?query=branch%3Amaster)
+[![Build Status](https://github.com/gin-gonic/gin/actions/workflows/gin.yml/badge.svg?branch=master)](https://github.com/gin-gonic/gin/actions/workflows/gin.yml)
+[![Trivy Security Scan](https://github.com/gin-gonic/gin/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/gin-gonic/gin/actions/workflows/trivy-scan.yml)
 [![codecov](https://codecov.io/gh/gin-gonic/gin/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-gonic/gin)
 [![Go Report Card](https://goreportcard.com/badge/github.com/gin-gonic/gin)](https://goreportcard.com/report/github.com/gin-gonic/gin)
-[![GoDoc](https://pkg.go.dev/badge/github.com/gin-gonic/gin?status.svg)](https://pkg.go.dev/github.com/gin-gonic/gin?tab=doc)
-[![Join the chat at https://gitter.im/gin-gonic/gin](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gin-gonic/gin?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Go Reference](https://pkg.go.dev/badge/github.com/gin-gonic/gin?status.svg)](https://pkg.go.dev/github.com/gin-gonic/gin?tab=doc)
 [![Sourcegraph](https://sourcegraph.com/github.com/gin-gonic/gin/-/badge.svg)](https://sourcegraph.com/github.com/gin-gonic/gin?badge)
 [![Open Source Helpers](https://www.codetriage.com/gin-gonic/gin/badges/users.svg)](https://www.codetriage.com/gin-gonic/gin)
 [![Release](https://img.shields.io/github/release/gin-gonic/gin.svg?style=flat-square)](https://github.com/gin-gonic/gin/releases)
-[![TODOs](https://badgen.net/https/api.tickgit.com/badgen/github.com/gin-gonic/gin)](https://www.tickgit.com/browse?repo=github.com/gin-gonic/gin)
 
-Gin is a web framework written in [Go](https://go.dev/). It features a martini-like API with performance that is up to 40 times faster thanks to [httprouter](https://github.com/julienschmidt/httprouter). If you need performance and good productivity, you will love Gin.
+## 📰 [Announcing Gin 1.11.0!](https://gin-gonic.com/en/blog/news/gin-1-11-0-release-announcement/)
 
-**The key features of Gin are:**
+Read about the latest features and improvements in Gin 1.11.0 on our official blog.
 
-- Zero allocation router
-- Fast
-- Middleware support
-- Crash-free
-- JSON validation
-- Routes grouping
-- Error management
-- Rendering built-in
-- Extendable
+---
 
+Gin is a high-performance HTTP web framework written in [Go](https://go.dev/). It provides a Martini-like API but with significantly better performance—up to 40 times faster—thanks to [httprouter](https://github.com/julienschmidt/httprouter). Gin is designed for building REST APIs, web applications, and microservices where speed and developer productivity are essential.
 
-## Getting started
+**Why choose Gin?**
+
+Gin combines the simplicity of Express.js-style routing with Go's performance characteristics, making it ideal for:
+
+- Building high-throughput REST APIs
+- Developing microservices that need to handle many concurrent requests
+- Creating web applications that require fast response times
+- Prototyping web services quickly with minimal boilerplate
+
+**Gin's key features:**
+
+- **Zero allocation router** - Extremely memory-efficient routing with no heap allocations
+- **High performance** - Benchmarks show superior speed compared to other Go web frameworks
+- **Middleware support** - Extensible middleware system for authentication, logging, CORS, etc.
+- **Crash-free** - Built-in recovery middleware prevents panics from crashing your server
+- **JSON validation** - Automatic request/response JSON binding and validation
+- **Route grouping** - Organize related routes and apply common middleware
+- **Error management** - Centralized error handling and logging
+- **Built-in rendering** - Support for JSON, XML, HTML templates, and more
+- **Extensible** - Large ecosystem of community middleware and plugins
+
+## Getting Started
 
 ### Prerequisites
 
-- **[Go](https://go.dev/)**: ~~any one of the **three latest major** [releases](https://go.dev/doc/devel/release)~~ (now version **1.16+** is required).
+- **Go version**: Gin requires [Go](https://go.dev/) version [1.24](https://go.dev/doc/devel/release#go1.24.0) or above
+- **Basic Go knowledge**: Familiarity with Go syntax and package management is helpful
 
-### Getting Gin
+### Installation
 
-With [Go module](https://github.com/golang/go/wiki/Modules) support, simply add the following import
+With [Go's module support](https://go.dev/wiki/Modules#how-to-use-modules), simply import Gin in your code and Go will automatically fetch it during build:
 
-```
+```go
 import "github.com/gin-gonic/gin"
 ```
 
-to your code, and then `go [build|run|test]` will automatically fetch the necessary dependencies.
+### Your First Gin Application
 
-Otherwise, run the following Go command to install the `gin` package:
-
-```sh
-$ go get -u github.com/gin-gonic/gin
-```
-
-### Running Gin
-
-First you need to import Gin package for using Gin, one simplest example likes the follow `example.go`:
+Here's a complete example that demonstrates Gin's simplicity:
 
 ```go
 package main
 
 import (
+  "log"
   "net/http"
 
   "github.com/gin-gonic/gin"
 )
 
 func main() {
+  // Create a Gin router with default middleware (logger and recovery)
   r := gin.Default()
+
+  // Define a simple GET endpoint
   r.GET("/ping", func(c *gin.Context) {
+    // Return JSON response
     c.JSON(http.StatusOK, gin.H{
       "message": "pong",
     })
   })
-  r.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080")
+
+  // Start server on port 8080 (default)
+  // Server will listen on 0.0.0.0:8080 (localhost:8080 on Windows)
+  if err := r.Run(); err != nil {
+    log.Fatalf("failed to run server: %v", err)
+  }
 }
 ```
 
-And use the Go command to run the demo:
+**Running the application:**
 
-```
-# run example.go and visit 0.0.0.0:8080/ping on browser
-$ go run example.go
-```
+1. Save the code above as `main.go`
+2. Run the application:
 
-### Learn more examples
+   ```sh
+   go run main.go
+   ```
 
-#### Quick Start
+3. Open your browser and visit [`http://localhost:8080/ping`](http://localhost:8080/ping)
+4. You should see: `{"message":"pong"}`
 
-Learn and practice more examples, please read the [Gin Quick Start](docs/doc.md) which includes API examples and builds tag.
+**What this example demonstrates:**
 
-#### Examples
+- Creating a Gin router with default middleware
+- Defining HTTP endpoints with simple handler functions
+- Returning JSON responses
+- Starting an HTTP server
 
-A number of ready-to-run examples demonstrating various use cases of Gin on the [Gin examples](https://github.com/gin-gonic/examples) repository.
+### Next Steps
 
+After running your first Gin application, explore these resources to learn more:
 
-## Documentation
+#### 📚 Learning Resources
 
-See [API documentation and descriptions](https://godoc.org/github.com/gin-gonic/gin) for package.
+- **[Gin Quick Start Guide](docs/doc.md)** - Comprehensive tutorial with API examples and build configurations
+- **[Example Repository](https://github.com/gin-gonic/examples)** - Ready-to-run examples demonstrating various Gin use cases:
+  - REST API development
+  - Authentication & middleware
+  - File uploads and downloads
+  - WebSocket connections
+  - Template rendering
 
-All documentation is available on the Gin website.
+## 📖 Documentation
 
-- [English](https://gin-gonic.com/docs/)
-- [简体中文](https://gin-gonic.com/zh-cn/docs/)
-- [繁體中文](https://gin-gonic.com/zh-tw/docs/)
-- [日本語](https://gin-gonic.com/ja/docs/)
-- [Español](https://gin-gonic.com/es/docs/)
-- [한국어](https://gin-gonic.com/ko-kr/docs/)
-- [Turkish](https://gin-gonic.com/tr/docs/)
-- [Persian](https://gin-gonic.com/fa/docs/)
+### API Reference
 
-### Articles about Gin
+- **[Go.dev API Documentation](https://pkg.go.dev/github.com/gin-gonic/gin)** - Complete API reference with examples
 
-A curated list of awesome Gin framework.
+### User Guides
 
-- [Tutorial: Developing a RESTful API with Go and Gin](https://go.dev/doc/tutorial/web-service-gin)
+The comprehensive documentation is available on [gin-gonic.com](https://gin-gonic.com) in multiple languages:
 
-## Benchmarks
+- [English](https://gin-gonic.com/en/docs/) | [简体中文](https://gin-gonic.com/zh-cn/docs/) | [繁體中文](https://gin-gonic.com/zh-tw/docs/)
+- [日本語](https://gin-gonic.com/ja/docs/) | [한국어](https://gin-gonic.com/ko-kr/docs/) | [Español](https://gin-gonic.com/es/docs/)
+- [Turkish](https://gin-gonic.com/tr/docs/) | [Persian](https://gin-gonic.com/fa/docs/) | [Português](https://gin-gonic.com/pt/docs/)
+- [Russian](https://gin-gonic.com/ru/docs/) | [Indonesian](https://gin-gonic.com/id/docs/)
 
-Gin uses a custom version of [HttpRouter](https://github.com/julienschmidt/httprouter), [see all benchmarks details](/BENCHMARKS.md).
+### Official Tutorials
+
+- [Go.dev Tutorial: Developing a RESTful API with Go and Gin](https://go.dev/doc/tutorial/web-service-gin)
+
+## ⚡ Performance Benchmarks
+
+Gin demonstrates exceptional performance compared to other Go web frameworks. It uses a custom version of [HttpRouter](https://github.com/julienschmidt/httprouter) for maximum efficiency. [View detailed benchmarks →](/BENCHMARKS.md)
+
+**Gin vs. Other Go Frameworks** (GitHub API routing benchmark):
 
 | Benchmark name                 |       (1) |             (2) |          (3) |             (4) |
-| ------------------------------ | ---------:| ---------------:| ------------:| ---------------:|
+| ------------------------------ | --------: | --------------: | -----------: | --------------: |
 | BenchmarkGin_GithubAll         | **43550** | **27364 ns/op** |   **0 B/op** | **0 allocs/op** |
 | BenchmarkAce_GithubAll         |     40543 |     29670 ns/op |       0 B/op |     0 allocs/op |
 | BenchmarkAero_GithubAll        |     57632 |     20648 ns/op |       0 B/op |     0 allocs/op |
@@ -154,26 +185,43 @@ Gin uses a custom version of [HttpRouter](https://github.com/julienschmidt/httpr
 - (3): Heap Memory (B/op), lower is better
 - (4): Average Allocations per Repetition (allocs/op), lower is better
 
+## 🔌 Middleware Ecosystem
 
-## Middlewares
+Gin has a rich ecosystem of middleware for common web development needs. Explore community-contributed middleware:
 
-You can find many useful Gin middlewares at [gin-contrib](https://github.com/gin-contrib).
+- **[gin-contrib](https://github.com/gin-contrib)** - Official middleware collection including:
+  - Authentication (JWT, Basic Auth, Sessions)
+  - CORS, Rate limiting, Compression
+  - Logging, Metrics, Tracing
+  - Static file serving, Template engines
+- **[gin-gonic/contrib](https://github.com/gin-gonic/contrib)** - Additional community middleware
 
+## 🏢 Production Usage
 
-## Users
+Gin powers many high-traffic applications and services in production:
 
-Awesome project lists using [Gin](https://github.com/gin-gonic/gin) web framework.
+- **[gorush](https://github.com/appleboy/gorush)** - High-performance push notification server
+- **[fnproject](https://github.com/fnproject/fn)** - Container-native, serverless platform
+- **[photoprism](https://github.com/photoprism/photoprism)** - AI-powered personal photo management
+- **[lura](https://github.com/luraproject/lura)** - Ultra-performant API Gateway framework
+- **[picfit](https://github.com/thoas/picfit)** - Real-time image processing server
+- **[dkron](https://github.com/distribworks/dkron)** - Distributed job scheduling system
 
-* [gorush](https://github.com/appleboy/gorush): A push notification server written in Go.
-* [fnproject](https://github.com/fnproject/fn): The container native, cloud agnostic serverless platform.
-* [photoprism](https://github.com/photoprism/photoprism): Personal photo management powered by Go and Google TensorFlow.
-* [lura](https://github.com/luraproject/lura): Ultra performant API Gateway with middlewares.
-* [picfit](https://github.com/thoas/picfit): An image resizing server written in Go.
-* [dkron](https://github.com/distribworks/dkron): Distributed, fault tolerant job scheduling system.
+## 🤝 Contributing
 
+Gin is the work of hundreds of contributors from around the world. We welcome and appreciate your contributions!
 
-## Contributing
+### How to Contribute
 
-Gin is the work of hundreds of contributors. We appreciate your help!
+- 🐛 **Report bugs** - Help us identify and fix issues
+- 💡 **Suggest features** - Share your ideas for improvements
+- 📝 **Improve documentation** - Help make our docs clearer
+- 🔧 **Submit code** - Fix bugs or implement new features
+- 🧪 **Write tests** - Improve our test coverage
 
-Please see [CONTRIBUTING](CONTRIBUTING.md) for details on submitting patches and the contribution workflow.
+### Getting Started with Contributing
+
+1. Check out our [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines
+2. Join our community discussions and ask questions
+
+**All contributions are valued and help make Gin better for everyone!**

any.go

@@ -1,10 +0,0 @@
-// Copyright 2022 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.18
-// +build !go1.18
-
-package gin
-
-type any = interface{}

auth.go

@@ -16,6 +16,9 @@ import (
 // AuthUserKey is the cookie name for user credential in basic auth.
 const AuthUserKey = "user"
 
+// AuthProxyUserKey is the cookie name for proxy_user credential in basic auth for proxy.
+const AuthProxyUserKey = "proxy_user"
+
 // Accounts defines a key/value for user/pass list of authorized logins.
 type Accounts map[string]string
 
@@ -89,3 +92,25 @@ func authorizationHeader(user, password string) string {
 	base := user + ":" + password
 	return "Basic " + base64.StdEncoding.EncodeToString(bytesconv.StringToBytes(base))
 }
+
+// BasicAuthForProxy returns a Basic HTTP Proxy-Authorization middleware.
+// If the realm is empty, "Proxy Authorization Required" will be used by default.
+func BasicAuthForProxy(accounts Accounts, realm string) HandlerFunc {
+	if realm == "" {
+		realm = "Proxy Authorization Required"
+	}
+	realm = "Basic realm=" + strconv.Quote(realm)
+	pairs := processAccounts(accounts)
+	return func(c *Context) {
+		proxyUser, found := pairs.searchCredential(c.requestHeader("Proxy-Authorization"))
+		if !found {
+			// Credentials doesn't match, we return 407 and abort handlers chain.
+			c.Header("Proxy-Authenticate", realm)
+			c.AbortWithStatus(http.StatusProxyAuthRequired)
+			return
+		}
+		// The proxy_user credentials was found, set proxy_user's id to key AuthProxyUserKey in this context, the proxy_user's id can be read later using
+		// c.MustGet(gin.AuthProxyUserKey).
+		c.Set(AuthProxyUserKey, proxyUser)
+	}
+}

auth_test.go

@@ -90,7 +90,7 @@ func TestBasicAuthSucceed(t *testing.T) {
 	})
 
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "/login", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/login", nil)
 	req.Header.Set("Authorization", authorizationHeader("admin", "password"))
 	router.ServeHTTP(w, req)
 
@@ -109,7 +109,7 @@ func TestBasicAuth401(t *testing.T) {
 	})
 
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "/login", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/login", nil)
 	req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
 	router.ServeHTTP(w, req)
 
@@ -129,7 +129,7 @@ func TestBasicAuth401WithCustomRealm(t *testing.T) {
 	})
 
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "/login", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/login", nil)
 	req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
 	router.ServeHTTP(w, req)
 
@@ -137,3 +137,40 @@ func TestBasicAuth401WithCustomRealm(t *testing.T) {
 	assert.Equal(t, http.StatusUnauthorized, w.Code)
 	assert.Equal(t, "Basic realm=\"My Custom \\\"Realm\\\"\"", w.Header().Get("WWW-Authenticate"))
 }
+
+func TestBasicAuthForProxySucceed(t *testing.T) {
+	accounts := Accounts{"admin": "password"}
+	router := New()
+	router.Use(BasicAuthForProxy(accounts, ""))
+	router.Any("/*proxyPath", func(c *Context) {
+		c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string))
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	req.Header.Set("Proxy-Authorization", authorizationHeader("admin", "password"))
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "admin", w.Body.String())
+}
+
+func TestBasicAuthForProxy407(t *testing.T) {
+	called := false
+	accounts := Accounts{"foo": "bar"}
+	router := New()
+	router.Use(BasicAuthForProxy(accounts, ""))
+	router.Any("/*proxyPath", func(c *Context) {
+		called = true
+		c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string))
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
+	router.ServeHTTP(w, req)
+
+	assert.False(t, called)
+	assert.Equal(t, http.StatusProxyAuthRequired, w.Code)
+	assert.Equal(t, "Basic realm=\"Proxy Authorization Required\"", w.Header().Get("Proxy-Authenticate"))
+}

benchmarks_test.go

@@ -14,21 +14,21 @@ import (
 func BenchmarkOneRoute(B *testing.B) {
 	router := New()
 	router.GET("/ping", func(c *Context) {})
-	runRequest(B, router, "GET", "/ping")
+	runRequest(B, router, http.MethodGet, "/ping")
 }
 
 func BenchmarkRecoveryMiddleware(B *testing.B) {
 	router := New()
 	router.Use(Recovery())
 	router.GET("/", func(c *Context) {})
-	runRequest(B, router, "GET", "/")
+	runRequest(B, router, http.MethodGet, "/")
 }
 
 func BenchmarkLoggerMiddleware(B *testing.B) {
 	router := New()
 	router.Use(LoggerWithWriter(newMockWriter()))
 	router.GET("/", func(c *Context) {})
-	runRequest(B, router, "GET", "/")
+	runRequest(B, router, http.MethodGet, "/")
 }
 
 func BenchmarkManyHandlers(B *testing.B) {
@@ -37,7 +37,7 @@ func BenchmarkManyHandlers(B *testing.B) {
 	router.Use(func(c *Context) {})
 	router.Use(func(c *Context) {})
 	router.GET("/ping", func(c *Context) {})
-	runRequest(B, router, "GET", "/ping")
+	runRequest(B, router, http.MethodGet, "/ping")
 }
 
 func Benchmark5Params(B *testing.B) {
@@ -45,7 +45,7 @@ func Benchmark5Params(B *testing.B) {
 	router := New()
 	router.Use(func(c *Context) {})
 	router.GET("/param/:param1/:params2/:param3/:param4/:param5", func(c *Context) {})
-	runRequest(B, router, "GET", "/param/path/to/parameter/john/12345")
+	runRequest(B, router, http.MethodGet, "/param/path/to/parameter/john/12345")
 }
 
 func BenchmarkOneRouteJSON(B *testing.B) {
@@ -56,7 +56,7 @@ func BenchmarkOneRouteJSON(B *testing.B) {
 	router.GET("/json", func(c *Context) {
 		c.JSON(http.StatusOK, data)
 	})
-	runRequest(B, router, "GET", "/json")
+	runRequest(B, router, http.MethodGet, "/json")
 }
 
 func BenchmarkOneRouteHTML(B *testing.B) {
@@ -68,7 +68,7 @@ func BenchmarkOneRouteHTML(B *testing.B) {
 	router.GET("/html", func(c *Context) {
 		c.HTML(http.StatusOK, "index", "hola")
 	})
-	runRequest(B, router, "GET", "/html")
+	runRequest(B, router, http.MethodGet, "/html")
 }
 
 func BenchmarkOneRouteSet(B *testing.B) {
@@ -76,7 +76,7 @@ func BenchmarkOneRouteSet(B *testing.B) {
 	router.GET("/ping", func(c *Context) {
 		c.Set("key", "value")
 	})
-	runRequest(B, router, "GET", "/ping")
+	runRequest(B, router, http.MethodGet, "/ping")
 }
 
 func BenchmarkOneRouteString(B *testing.B) {
@@ -84,13 +84,13 @@ func BenchmarkOneRouteString(B *testing.B) {
 	router.GET("/text", func(c *Context) {
 		c.String(http.StatusOK, "this is a plain text")
 	})
-	runRequest(B, router, "GET", "/text")
+	runRequest(B, router, http.MethodGet, "/text")
 }
 
-func BenchmarkManyRoutesFist(B *testing.B) {
+func BenchmarkManyRoutesFirst(B *testing.B) {
 	router := New()
 	router.Any("/ping", func(c *Context) {})
-	runRequest(B, router, "GET", "/ping")
+	runRequest(B, router, http.MethodGet, "/ping")
 }
 
 func BenchmarkManyRoutesLast(B *testing.B) {
@@ -103,7 +103,7 @@ func Benchmark404(B *testing.B) {
 	router := New()
 	router.Any("/something", func(c *Context) {})
 	router.NoRoute(func(c *Context) {})
-	runRequest(B, router, "GET", "/ping")
+	runRequest(B, router, http.MethodGet, "/ping")
 }
 
 func Benchmark404Many(B *testing.B) {
@@ -118,7 +118,7 @@ func Benchmark404Many(B *testing.B) {
 	router.GET("/user/:id/:mode", func(c *Context) {})
 
 	router.NoRoute(func(c *Context) {})
-	runRequest(B, router, "GET", "/viewfake")
+	runRequest(B, router, http.MethodGet, "/viewfake")
 }
 
 type mockWriter struct {

binding/any.go

@@ -1,10 +0,0 @@
-// Copyright 2022 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.18
-// +build !go1.18
-
-package binding
-
-type any = interface{}

binding/binding.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !nomsgpack
-// +build !nomsgpack
 
 package binding
 
@@ -22,6 +21,7 @@ const (
 	MIMEMSGPACK           = "application/x-msgpack"
 	MIMEMSGPACK2          = "application/msgpack"
 	MIMEYAML              = "application/x-yaml"
+	MIMEYAML2             = "application/yaml"
 	MIMETOML              = "application/toml"
 )
 
@@ -73,18 +73,19 @@ var Validator StructValidator = &defaultValidator{}
 // These implement the Binding interface and can be used to bind the data
 // present in the request to struct instances.
 var (
-	JSON          = jsonBinding{}
-	XML           = xmlBinding{}
-	Form          = formBinding{}
-	Query         = queryBinding{}
-	FormPost      = formPostBinding{}
-	FormMultipart = formMultipartBinding{}
-	ProtoBuf      = protobufBinding{}
-	MsgPack       = msgpackBinding{}
-	YAML          = yamlBinding{}
-	Uri           = uriBinding{}
-	Header        = headerBinding{}
-	TOML          = tomlBinding{}
+	JSON          BindingBody = jsonBinding{}
+	XML           BindingBody = xmlBinding{}
+	Form          Binding     = formBinding{}
+	Query         Binding     = queryBinding{}
+	FormPost      Binding     = formPostBinding{}
+	FormMultipart Binding     = formMultipartBinding{}
+	ProtoBuf      BindingBody = protobufBinding{}
+	MsgPack       BindingBody = msgpackBinding{}
+	YAML          BindingBody = yamlBinding{}
+	Uri           BindingUri  = uriBinding{}
+	Header        Binding     = headerBinding{}
+	Plain         BindingBody = plainBinding{}
+	TOML          BindingBody = tomlBinding{}
 )
 
 // Default returns the appropriate Binding instance based on the HTTP method
@@ -103,7 +104,7 @@ func Default(method, contentType string) Binding {
 		return ProtoBuf
 	case MIMEMSGPACK, MIMEMSGPACK2:
 		return MsgPack
-	case MIMEYAML:
+	case MIMEYAML, MIMEYAML2:
 		return YAML
 	case MIMETOML:
 		return TOML

binding/binding_msgpack_test.go

@@ -3,15 +3,16 @@
 // license that can be found in the LICENSE file.
 
 //go:build !nomsgpack
-// +build !nomsgpack
 
 package binding
 
 import (
 	"bytes"
+	"net/http"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/ugorji/go/codec"
 )
 
@@ -25,7 +26,7 @@ func TestBindingMsgPack(t *testing.T) {
 	buf := bytes.NewBuffer([]byte{})
 	assert.NotNil(t, buf)
 	err := codec.NewEncoder(buf, h).Encode(test)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	data := buf.Bytes()
 
@@ -39,20 +40,20 @@ func testMsgPackBodyBinding(t *testing.T, b Binding, name, path, badPath, body,
 	assert.Equal(t, name, b.Name())
 
 	obj := FooStruct{}
-	req := requestWithBody("POST", path, body)
+	req := requestWithBody(http.MethodPost, path, body)
 	req.Header.Add("Content-Type", MIMEMSGPACK)
 	err := b.Bind(req, &obj)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, "bar", obj.Foo)
 
 	obj = FooStruct{}
-	req = requestWithBody("POST", badPath, badBody)
+	req = requestWithBody(http.MethodPost, badPath, badBody)
 	req.Header.Add("Content-Type", MIMEMSGPACK)
 	err = MsgPack.Bind(req, &obj)
-	assert.Error(t, err)
+	require.Error(t, err)
 }
 
 func TestBindingDefaultMsgPack(t *testing.T) {
-	assert.Equal(t, MsgPack, Default("POST", MIMEMSGPACK))
-	assert.Equal(t, MsgPack, Default("PUT", MIMEMSGPACK2))
+	assert.Equal(t, MsgPack, Default(http.MethodPost, MIMEMSGPACK))
+	assert.Equal(t, MsgPack, Default(http.MethodPut, MIMEMSGPACK2))
 }

binding/binding_nomsgpack.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build nomsgpack
-// +build nomsgpack
 
 package binding
 
@@ -20,6 +19,7 @@ const (
 	MIMEMultipartPOSTForm = "multipart/form-data"
 	MIMEPROTOBUF          = "application/x-protobuf"
 	MIMEYAML              = "application/x-yaml"
+	MIMEYAML2             = "application/yaml"
 	MIMETOML              = "application/toml"
 )
 
@@ -81,6 +81,7 @@ var (
 	Uri           = uriBinding{}
 	Header        = headerBinding{}
 	TOML          = tomlBinding{}
+	Plain         = plainBinding{}
 )
 
 // Default returns the appropriate Binding instance based on the HTTP method
@@ -97,7 +98,7 @@ func Default(method, contentType string) Binding {
 		return XML
 	case MIMEPROTOBUF:
 		return ProtoBuf
-	case MIMEYAML:
+	case MIMEYAML, MIMEYAML2:
 		return YAML
 	case MIMEMultipartPOSTForm:
 		return FormMultipart

binding/default_validator.go

@@ -5,8 +5,8 @@
 package binding
 
 import (
-	"fmt"
 	"reflect"
+	"strconv"
 	"strings"
 	"sync"
 
@@ -22,25 +22,20 @@ type SliceValidationError []error
 
 // Error concatenates all error elements in SliceValidationError into a single string separated by \n.
 func (err SliceValidationError) Error() string {
-	n := len(err)
-	switch n {
-	case 0:
+	if len(err) == 0 {
 		return ""
-	default:
-		var b strings.Builder
-		if err[0] != nil {
-			fmt.Fprintf(&b, "[%d]: %s", 0, err[0].Error())
-		}
-		if n > 1 {
-			for i := 1; i < n; i++ {
-				if err[i] != nil {
-					b.WriteString("\n")
-					fmt.Fprintf(&b, "[%d]: %s", i, err[i].Error())
-				}
-			}
-		}
-		return b.String()
 	}
+
+	var b strings.Builder
+	for i := 0; i < len(err); i++ {
+		if err[i] != nil {
+			if b.Len() > 0 {
+				b.WriteString("\n")
+			}
+			b.WriteString("[" + strconv.Itoa(i) + "]: " + err[i].Error())
+		}
+	}
+	return b.String()
 }
 
 var _ StructValidator = (*defaultValidator)(nil)
@@ -54,7 +49,10 @@ func (v *defaultValidator) ValidateStruct(obj any) error {
 	value := reflect.ValueOf(obj)
 	switch value.Kind() {
 	case reflect.Ptr:
-		return v.ValidateStruct(value.Elem().Interface())
+		if value.Elem().Kind() != reflect.Struct {
+			return v.ValidateStruct(value.Elem().Interface())
+		}
+		return v.validateStruct(obj)
 	case reflect.Struct:
 		return v.validateStruct(obj)
 	case reflect.Slice, reflect.Array:

binding/default_validator_benchmark_test.go

@@ -12,11 +12,14 @@ import (
 
 func BenchmarkSliceValidationError(b *testing.B) {
 	const size int = 100
-	for i := 0; i < b.N; i++ {
-		e := make(SliceValidationError, size)
-		for j := 0; j < size; j++ {
-			e[j] = errors.New(strconv.Itoa(j))
-		}
+	e := make(SliceValidationError, size)
+	for j := 0; j < size; j++ {
+		e[j] = errors.New(strconv.Itoa(j))
+	}
+
+	b.ReportAllocs()
+
+	for b.Loop() {
 		if len(e.Error()) == 0 {
 			b.Errorf("error")
 		}

binding/default_validator_test.go

@@ -18,14 +18,16 @@ func TestSliceValidationError(t *testing.T) {
 		{"has nil elements", SliceValidationError{errors.New("test error"), nil}, "[0]: test error"},
 		{"has zero elements", SliceValidationError{}, ""},
 		{"has one element", SliceValidationError{errors.New("test one error")}, "[0]: test one error"},
-		{"has two elements",
+		{
+			"has two elements",
 			SliceValidationError{
 				errors.New("first error"),
 				errors.New("second error"),
 			},
 			"[0]: first error\n[1]: second error",
 		},
-		{"has many elements",
+		{
+			"has many elements",
 			SliceValidationError{
 				errors.New("first error"),
 				errors.New("second error"),

binding/form.go

@@ -11,9 +11,11 @@ import (
 
 const defaultMemory = 32 << 20
 
-type formBinding struct{}
-type formPostBinding struct{}
-type formMultipartBinding struct{}
+type (
+	formBinding          struct{}
+	formPostBinding      struct{}
+	formMultipartBinding struct{}
+)
 
 func (formBinding) Name() string {
 	return "form"

binding/form_mapping.go

@@ -7,13 +7,15 @@ package binding
 import (
 	"errors"
 	"fmt"
+	"maps"
+	"mime/multipart"
 	"reflect"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/gin-gonic/gin/codec/json"
 	"github.com/gin-gonic/gin/internal/bytesconv"
-	"github.com/gin-gonic/gin/internal/json"
 )
 
 var (
@@ -158,12 +160,69 @@ func tryToSetValue(value reflect.Value, field reflect.StructField, setter setter
 		if k, v := head(opt, "="); k == "default" {
 			setOpt.isDefaultExists = true
 			setOpt.defaultValue = v
+
+			// convert semicolon-separated default values to csv-separated values for processing in setByForm
+			if field.Type.Kind() == reflect.Slice || field.Type.Kind() == reflect.Array {
+				cfTag := field.Tag.Get("collection_format")
+				if cfTag == "" || cfTag == "multi" || cfTag == "csv" {
+					setOpt.defaultValue = strings.ReplaceAll(v, ";", ",")
+				}
+			}
 		}
 	}
 
 	return setter.TrySet(value, field, tagValue, setOpt)
 }
 
+// BindUnmarshaler is the interface used to wrap the UnmarshalParam method.
+type BindUnmarshaler interface {
+	// UnmarshalParam decodes and assigns a value from a form or query param.
+	UnmarshalParam(param string) error
+}
+
+// trySetCustom tries to set a custom type value
+// If the value implements the BindUnmarshaler interface, it will be used to set the value, we will return `true`
+// to skip the default value setting.
+func trySetCustom(val string, value reflect.Value) (isSet bool, err error) {
+	switch v := value.Addr().Interface().(type) {
+	case BindUnmarshaler:
+		return true, v.UnmarshalParam(val)
+	}
+	return false, nil
+}
+
+func trySplit(vs []string, field reflect.StructField) (newVs []string, err error) {
+	cfTag := field.Tag.Get("collection_format")
+	if cfTag == "" || cfTag == "multi" {
+		return vs, nil
+	}
+
+	var sep string
+	switch cfTag {
+	case "csv":
+		sep = ","
+	case "ssv":
+		sep = " "
+	case "tsv":
+		sep = "\t"
+	case "pipes":
+		sep = "|"
+	default:
+		return vs, fmt.Errorf("%s is not supported in the collection_format. (csv, ssv, pipes)", cfTag)
+	}
+
+	totalLength := 0
+	for _, v := range vs {
+		totalLength += strings.Count(v, sep) + 1
+	}
+	newVs = make([]string, 0, totalLength)
+	for _, v := range vs {
+		newVs = append(newVs, strings.Split(v, sep)...)
+	}
+
+	return newVs, nil
+}
+
 func setByForm(value reflect.Value, field reflect.StructField, form map[string][]string, tagValue string, opt setOptions) (isSet bool, err error) {
 	vs, ok := form[tagValue]
 	if !ok && !opt.isDefaultExists {
@@ -172,17 +231,54 @@ func setByForm(value reflect.Value, field reflect.StructField, form map[string][
 
 	switch value.Kind() {
 	case reflect.Slice:
-		if !ok {
+		if len(vs) == 0 {
+			if !opt.isDefaultExists {
+				return false, nil
+			}
+
 			vs = []string{opt.defaultValue}
+			// pre-process the default value for multi if present
+			cfTag := field.Tag.Get("collection_format")
+			if cfTag == "" || cfTag == "multi" {
+				vs = strings.Split(opt.defaultValue, ",")
+			}
 		}
+
+		if ok, err = trySetCustom(vs[0], value); ok {
+			return ok, err
+		}
+
+		if vs, err = trySplit(vs, field); err != nil {
+			return false, err
+		}
+
 		return true, setSlice(vs, value, field)
 	case reflect.Array:
-		if !ok {
+		if len(vs) == 0 {
+			if !opt.isDefaultExists {
+				return false, nil
+			}
+
 			vs = []string{opt.defaultValue}
+			// pre-process the default value for multi if present
+			cfTag := field.Tag.Get("collection_format")
+			if cfTag == "" || cfTag == "multi" {
+				vs = strings.Split(opt.defaultValue, ",")
+			}
 		}
+
+		if ok, err = trySetCustom(vs[0], value); ok {
+			return ok, err
+		}
+
+		if vs, err = trySplit(vs, field); err != nil {
+			return false, err
+		}
+
 		if len(vs) != value.Len() {
 			return false, fmt.Errorf("%q is not valid value for %s", vs, value.Type().String())
 		}
+
 		return true, setArray(vs, value, field)
 	default:
 		var val string
@@ -192,12 +288,23 @@ func setByForm(value reflect.Value, field reflect.StructField, form map[string][
 
 		if len(vs) > 0 {
 			val = vs[0]
+			if val == "" {
+				val = opt.defaultValue
+			}
+		}
+		if ok, err := trySetCustom(val, value); ok {
+			return ok, err
 		}
 		return true, setWithProperType(val, value, field)
 	}
 }
 
 func setWithProperType(val string, value reflect.Value, field reflect.StructField) error {
+	// If it is a string type, no spaces are removed, and the user data is not modified here
+	if value.Kind() != reflect.String {
+		val = strings.TrimSpace(val)
+	}
+
 	switch value.Kind() {
 	case reflect.Int:
 		return setIntField(val, 0, value)
@@ -235,10 +342,17 @@ func setWithProperType(val string, value reflect.Value, field reflect.StructFiel
 		switch value.Interface().(type) {
 		case time.Time:
 			return setTimeField(val, field, value)
+		case multipart.FileHeader:
+			return nil
 		}
-		return json.Unmarshal(bytesconv.StringToBytes(val), value.Addr().Interface())
+		return json.API.Unmarshal(bytesconv.StringToBytes(val), value.Addr().Interface())
 	case reflect.Map:
-		return json.Unmarshal(bytesconv.StringToBytes(val), value.Addr().Interface())
+		return json.API.Unmarshal(bytesconv.StringToBytes(val), value.Addr().Interface())
+	case reflect.Ptr:
+		if !value.Elem().IsValid() {
+			value.Set(reflect.New(value.Type().Elem()))
+		}
+		return setWithProperType(val, value.Elem(), field)
 	default:
 		return errUnknownType
 	}
@@ -295,28 +409,34 @@ func setTimeField(val string, structField reflect.StructField, value reflect.Val
 		timeFormat = time.RFC3339
 	}
 
+	if val == "" {
+		value.Set(reflect.ValueOf(time.Time{}))
+		return nil
+	}
+
 	switch tf := strings.ToLower(timeFormat); tf {
-	case "unix", "unixnano":
+	case "unix", "unixmilli", "unixmicro", "unixnano":
 		tv, err := strconv.ParseInt(val, 10, 64)
 		if err != nil {
 			return err
 		}
 
-		d := time.Duration(1)
-		if tf == "unixnano" {
-			d = time.Second
+		var t time.Time
+		switch tf {
+		case "unix":
+			t = time.Unix(tv, 0)
+		case "unixmilli":
+			t = time.UnixMilli(tv)
+		case "unixmicro":
+			t = time.UnixMicro(tv)
+		default:
+			t = time.Unix(0, tv)
 		}
 
-		t := time.Unix(tv/int64(d), tv%int64(d))
 		value.Set(reflect.ValueOf(t))
 		return nil
 	}
 
-	if val == "" {
-		value.Set(reflect.ValueOf(time.Time{}))
-		return nil
-	}
-
 	l := time.Local
 	if isUTC, _ := strconv.ParseBool(structField.Tag.Get("time_utc")); isUTC {
 		l = time.UTC
@@ -360,6 +480,10 @@ func setSlice(vals []string, value reflect.Value, field reflect.StructField) err
 }
 
 func setTimeDuration(val string, value reflect.Value) error {
+	if val == "" {
+		val = "0"
+	}
+
 	d, err := time.ParseDuration(val)
 	if err != nil {
 		return err
@@ -369,11 +493,8 @@ func setTimeDuration(val string, value reflect.Value) error {
 }
 
 func head(str, sep string) (head string, tail string) {
-	idx := strings.Index(str, sep)
-	if idx < 0 {
-		return str, ""
-	}
-	return str[:idx], str[idx+len(sep):]
+	head, tail, _ = strings.Cut(str, sep)
+	return head, tail
 }
 
 func setFormMap(ptr any, form map[string][]string) error {
@@ -384,9 +505,7 @@ func setFormMap(ptr any, form map[string][]string) error {
 		if !ok {
 			return ErrConvertMapStringSlice
 		}
-		for k, v := range form {
-			ptrMap[k] = v
-		}
+		maps.Copy(ptrMap, form)
 
 		return nil
 	}

binding/form_mapping_benchmark_test.go

@@ -31,7 +31,7 @@ type structFull struct {
 
 func BenchmarkMapFormFull(b *testing.B) {
 	var s structFull
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		err := mapForm(&s, form)
 		if err != nil {
 			b.Fatalf("Error on a form mapping")
@@ -54,7 +54,7 @@ type structName struct {
 
 func BenchmarkMapFormName(b *testing.B) {
 	var s structName
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		err := mapForm(&s, form)
 		if err != nil {
 			b.Fatalf("Error on a form mapping")

binding/form_mapping_test.go

@@ -5,11 +5,17 @@
 package binding
 
 import (
+	"encoding/hex"
+	"errors"
+	"mime/multipart"
 	"reflect"
+	"strconv"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestMappingBaseTypes(t *testing.T) {
@@ -43,6 +49,7 @@ func TestMappingBaseTypes(t *testing.T) {
 		{"zero value", struct{ F uint }{}, "", uint(0)},
 		{"zero value", struct{ F bool }{}, "", false},
 		{"zero value", struct{ F float32 }{}, "", float32(0)},
+		{"file value", struct{ F *multipart.FileHeader }{}, "", &multipart.FileHeader{}},
 	} {
 		tp := reflect.TypeOf(tt.value)
 		testName := tt.name + ":" + tp.Field(0).Type.String()
@@ -53,7 +60,7 @@ func TestMappingBaseTypes(t *testing.T) {
 		field := val.Elem().Type().Field(0)
 
 		_, err := mapping(val, emptyField, formSource{field.Name: {tt.form}}, "form")
-		assert.NoError(t, err, testName)
+		require.NoError(t, err, testName)
 
 		actual := val.Elem().Field(0).Interface()
 		assert.Equal(t, tt.expect, actual, testName)
@@ -62,13 +69,15 @@ func TestMappingBaseTypes(t *testing.T) {
 
 func TestMappingDefault(t *testing.T) {
 	var s struct {
+		Str   string `form:",default=defaultVal"`
 		Int   int    `form:",default=9"`
 		Slice []int  `form:",default=9"`
 		Array [1]int `form:",default=9"`
 	}
 	err := mappingByPtr(&s, formSource{}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
+	assert.Equal(t, "defaultVal", s.Str)
 	assert.Equal(t, 9, s.Int)
 	assert.Equal(t, []int{9}, s.Slice)
 	assert.Equal(t, [1]int{9}, s.Array)
@@ -79,7 +88,7 @@ func TestMappingSkipField(t *testing.T) {
 		A int
 	}
 	err := mappingByPtr(&s, formSource{}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	assert.Equal(t, 0, s.A)
 }
@@ -90,7 +99,7 @@ func TestMappingIgnoreField(t *testing.T) {
 		B int `form:"-"`
 	}
 	err := mappingByPtr(&s, formSource{"A": {"9"}, "B": {"9"}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	assert.Equal(t, 9, s.A)
 	assert.Equal(t, 0, s.B)
@@ -102,7 +111,7 @@ func TestMappingUnexportedField(t *testing.T) {
 		b int `form:"b"`
 	}
 	err := mappingByPtr(&s, formSource{"a": {"9"}, "b": {"9"}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	assert.Equal(t, 9, s.A)
 	assert.Equal(t, 0, s.b)
@@ -113,7 +122,7 @@ func TestMappingPrivateField(t *testing.T) {
 		f int `form:"field"`
 	}
 	err := mappingByPtr(&s, formSource{"field": {"6"}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, 0, s.f)
 }
 
@@ -123,7 +132,7 @@ func TestMappingUnknownFieldType(t *testing.T) {
 	}
 
 	err := mappingByPtr(&s, formSource{"U": {"unknown"}}, "form")
-	assert.Error(t, err)
+	require.Error(t, err)
 	assert.Equal(t, errUnknownType, err)
 }
 
@@ -132,7 +141,7 @@ func TestMappingURI(t *testing.T) {
 		F int `uri:"field"`
 	}
 	err := mapURI(&s, map[string][]string{"field": {"6"}})
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, 6, s.F)
 }
 
@@ -141,16 +150,34 @@ func TestMappingForm(t *testing.T) {
 		F int `form:"field"`
 	}
 	err := mapForm(&s, map[string][]string{"field": {"6"}})
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, 6, s.F)
 }
 
+func TestMappingFormFieldNotSent(t *testing.T) {
+	var s struct {
+		F string `form:"field,default=defVal"`
+	}
+	err := mapForm(&s, map[string][]string{})
+	require.NoError(t, err)
+	assert.Equal(t, "defVal", s.F)
+}
+
+func TestMappingFormWithEmptyToDefault(t *testing.T) {
+	var s struct {
+		F string `form:"field,default=DefVal"`
+	}
+	err := mapForm(&s, map[string][]string{"field": {""}})
+	require.NoError(t, err)
+	assert.Equal(t, "DefVal", s.F)
+}
+
 func TestMapFormWithTag(t *testing.T) {
 	var s struct {
 		F int `externalTag:"field"`
 	}
 	err := MapFormWithTag(&s, map[string][]string{"field": {"6"}}, "externalTag")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, 6, s.F)
 }
 
@@ -165,7 +192,7 @@ func TestMappingTime(t *testing.T) {
 
 	var err error
 	time.Local, err = time.LoadLocation("Europe/Berlin")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	err = mapForm(&s, map[string][]string{
 		"Time":      {"2019-01-20T16:02:58Z"},
@@ -174,7 +201,7 @@ func TestMappingTime(t *testing.T) {
 		"CSTTime":   {"2019-01-20"},
 		"UTCTime":   {"2019-01-20"},
 	})
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	assert.Equal(t, "2019-01-20 16:02:58 +0000 UTC", s.Time.String())
 	assert.Equal(t, "2019-01-20 00:00:00 +0100 CET", s.LocalTime.String())
@@ -189,29 +216,68 @@ func TestMappingTime(t *testing.T) {
 		Time time.Time `time_location:"wrong"`
 	}
 	err = mapForm(&wrongLoc, map[string][]string{"Time": {"2019-01-20T16:02:58Z"}})
-	assert.Error(t, err)
+	require.Error(t, err)
 
 	// wrong time value
 	var wrongTime struct {
 		Time time.Time
 	}
 	err = mapForm(&wrongTime, map[string][]string{"Time": {"wrong"}})
-	assert.Error(t, err)
+	require.Error(t, err)
+}
+
+type bindTestData struct {
+	need any
+	got  any
+	in   map[string][]string
+}
+
+func TestMappingTimeUnixNano(t *testing.T) {
+	type needFixUnixNanoEmpty struct {
+		CreateTime time.Time `form:"createTime" time_format:"unixNano"`
+	}
+
+	// ok
+	tests := []bindTestData{
+		{need: &needFixUnixNanoEmpty{}, got: &needFixUnixNanoEmpty{}, in: formSource{"createTime": []string{"   "}}},
+		{need: &needFixUnixNanoEmpty{}, got: &needFixUnixNanoEmpty{}, in: formSource{"createTime": []string{}}},
+	}
+
+	for _, v := range tests {
+		err := mapForm(v.got, v.in)
+		require.NoError(t, err)
+		assert.Equal(t, v.need, v.got)
+	}
 }
 
 func TestMappingTimeDuration(t *testing.T) {
+	type needFixDurationEmpty struct {
+		Duration time.Duration `form:"duration"`
+	}
+
 	var s struct {
 		D time.Duration
 	}
 
 	// ok
 	err := mappingByPtr(&s, formSource{"D": {"5s"}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, 5*time.Second, s.D)
 
+	// ok
+	tests := []bindTestData{
+		{need: &needFixDurationEmpty{}, got: &needFixDurationEmpty{}, in: formSource{"duration": []string{"   "}}},
+		{need: &needFixDurationEmpty{}, got: &needFixDurationEmpty{}, in: formSource{"duration": []string{}}},
+	}
+
+	for _, v := range tests {
+		err := mapForm(v.got, v.in)
+		require.NoError(t, err)
+		assert.Equal(t, v.need, v.got)
+	}
 	// error
 	err = mappingByPtr(&s, formSource{"D": {"wrong"}}, "form")
-	assert.Error(t, err)
+	require.Error(t, err)
 }
 
 func TestMappingSlice(t *testing.T) {
@@ -221,17 +287,17 @@ func TestMappingSlice(t *testing.T) {
 
 	// default value
 	err := mappingByPtr(&s, formSource{}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []int{9}, s.Slice)
 
 	// ok
 	err = mappingByPtr(&s, formSource{"slice": {"3", "4"}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []int{3, 4}, s.Slice)
 
 	// error
 	err = mappingByPtr(&s, formSource{"slice": {"wrong"}}, "form")
-	assert.Error(t, err)
+	require.Error(t, err)
 }
 
 func TestMappingArray(t *testing.T) {
@@ -241,20 +307,125 @@ func TestMappingArray(t *testing.T) {
 
 	// wrong default
 	err := mappingByPtr(&s, formSource{}, "form")
-	assert.Error(t, err)
+	require.Error(t, err)
 
 	// ok
 	err = mappingByPtr(&s, formSource{"array": {"3", "4"}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, [2]int{3, 4}, s.Array)
 
 	// error - not enough vals
 	err = mappingByPtr(&s, formSource{"array": {"3"}}, "form")
-	assert.Error(t, err)
+	require.Error(t, err)
 
 	// error - wrong value
 	err = mappingByPtr(&s, formSource{"array": {"wrong"}}, "form")
-	assert.Error(t, err)
+	require.Error(t, err)
+}
+
+func TestMappingCollectionFormat(t *testing.T) {
+	var s struct {
+		SliceMulti []int  `form:"slice_multi" collection_format:"multi"`
+		SliceCsv   []int  `form:"slice_csv" collection_format:"csv"`
+		SliceSsv   []int  `form:"slice_ssv" collection_format:"ssv"`
+		SliceTsv   []int  `form:"slice_tsv" collection_format:"tsv"`
+		SlicePipes []int  `form:"slice_pipes" collection_format:"pipes"`
+		ArrayMulti [2]int `form:"array_multi" collection_format:"multi"`
+		ArrayCsv   [2]int `form:"array_csv" collection_format:"csv"`
+		ArraySsv   [2]int `form:"array_ssv" collection_format:"ssv"`
+		ArrayTsv   [2]int `form:"array_tsv" collection_format:"tsv"`
+		ArrayPipes [2]int `form:"array_pipes" collection_format:"pipes"`
+	}
+	err := mappingByPtr(&s, formSource{
+		"slice_multi": {"1", "2"},
+		"slice_csv":   {"1,2"},
+		"slice_ssv":   {"1 2"},
+		"slice_tsv":   {"1	2"},
+		"slice_pipes": {"1|2"},
+		"array_multi": {"1", "2"},
+		"array_csv":   {"1,2"},
+		"array_ssv":   {"1 2"},
+		"array_tsv":   {"1	2"},
+		"array_pipes": {"1|2"},
+	}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, []int{1, 2}, s.SliceMulti)
+	assert.Equal(t, []int{1, 2}, s.SliceCsv)
+	assert.Equal(t, []int{1, 2}, s.SliceSsv)
+	assert.Equal(t, []int{1, 2}, s.SliceTsv)
+	assert.Equal(t, []int{1, 2}, s.SlicePipes)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayMulti)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayCsv)
+	assert.Equal(t, [2]int{1, 2}, s.ArraySsv)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayTsv)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayPipes)
+}
+
+func TestMappingCollectionFormatInvalid(t *testing.T) {
+	var s struct {
+		SliceCsv []int `form:"slice_csv" collection_format:"xxx"`
+	}
+	err := mappingByPtr(&s, formSource{
+		"slice_csv": {"1,2"},
+	}, "form")
+	require.Error(t, err)
+
+	var s2 struct {
+		ArrayCsv [2]int `form:"array_csv" collection_format:"xxx"`
+	}
+	err = mappingByPtr(&s2, formSource{
+		"array_csv": {"1,2"},
+	}, "form")
+	require.Error(t, err)
+}
+
+func TestMappingMultipleDefaultWithCollectionFormat(t *testing.T) {
+	var s struct {
+		SliceMulti       []int     `form:",default=1;2;3" collection_format:"multi"`
+		SliceCsv         []int     `form:",default=1;2;3" collection_format:"csv"`
+		SliceSsv         []int     `form:",default=1 2 3" collection_format:"ssv"`
+		SliceTsv         []int     `form:",default=1\t2\t3" collection_format:"tsv"`
+		SlicePipes       []int     `form:",default=1|2|3" collection_format:"pipes"`
+		ArrayMulti       [2]int    `form:",default=1;2" collection_format:"multi"`
+		ArrayCsv         [2]int    `form:",default=1;2" collection_format:"csv"`
+		ArraySsv         [2]int    `form:",default=1 2" collection_format:"ssv"`
+		ArrayTsv         [2]int    `form:",default=1\t2" collection_format:"tsv"`
+		ArrayPipes       [2]int    `form:",default=1|2" collection_format:"pipes"`
+		SliceStringMulti []string  `form:",default=1;2;3" collection_format:"multi"`
+		SliceStringCsv   []string  `form:",default=1;2;3" collection_format:"csv"`
+		SliceStringSsv   []string  `form:",default=1 2 3" collection_format:"ssv"`
+		SliceStringTsv   []string  `form:",default=1\t2\t3" collection_format:"tsv"`
+		SliceStringPipes []string  `form:",default=1|2|3" collection_format:"pipes"`
+		ArrayStringMulti [2]string `form:",default=1;2" collection_format:"multi"`
+		ArrayStringCsv   [2]string `form:",default=1;2" collection_format:"csv"`
+		ArrayStringSsv   [2]string `form:",default=1 2" collection_format:"ssv"`
+		ArrayStringTsv   [2]string `form:",default=1\t2" collection_format:"tsv"`
+		ArrayStringPipes [2]string `form:",default=1|2" collection_format:"pipes"`
+	}
+	err := mappingByPtr(&s, formSource{}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, []int{1, 2, 3}, s.SliceMulti)
+	assert.Equal(t, []int{1, 2, 3}, s.SliceCsv)
+	assert.Equal(t, []int{1, 2, 3}, s.SliceSsv)
+	assert.Equal(t, []int{1, 2, 3}, s.SliceTsv)
+	assert.Equal(t, []int{1, 2, 3}, s.SlicePipes)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayMulti)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayCsv)
+	assert.Equal(t, [2]int{1, 2}, s.ArraySsv)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayTsv)
+	assert.Equal(t, [2]int{1, 2}, s.ArrayPipes)
+	assert.Equal(t, []string{"1", "2", "3"}, s.SliceStringMulti)
+	assert.Equal(t, []string{"1", "2", "3"}, s.SliceStringCsv)
+	assert.Equal(t, []string{"1", "2", "3"}, s.SliceStringSsv)
+	assert.Equal(t, []string{"1", "2", "3"}, s.SliceStringTsv)
+	assert.Equal(t, []string{"1", "2", "3"}, s.SliceStringPipes)
+	assert.Equal(t, [2]string{"1", "2"}, s.ArrayStringMulti)
+	assert.Equal(t, [2]string{"1", "2"}, s.ArrayStringCsv)
+	assert.Equal(t, [2]string{"1", "2"}, s.ArrayStringSsv)
+	assert.Equal(t, [2]string{"1", "2"}, s.ArrayStringTsv)
+	assert.Equal(t, [2]string{"1", "2"}, s.ArrayStringPipes)
 }
 
 func TestMappingStructField(t *testing.T) {
@@ -265,17 +436,50 @@ func TestMappingStructField(t *testing.T) {
 	}
 
 	err := mappingByPtr(&s, formSource{"J": {`{"I": 9}`}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, 9, s.J.I)
 }
 
+func TestMappingPtrField(t *testing.T) {
+	type ptrStruct struct {
+		Key int64 `json:"key"`
+	}
+
+	type ptrRequest struct {
+		Items []*ptrStruct `json:"items" form:"items"`
+	}
+
+	var err error
+
+	// With 0 items.
+	var req0 ptrRequest
+	err = mappingByPtr(&req0, formSource{}, "form")
+	require.NoError(t, err)
+	assert.Empty(t, req0.Items)
+
+	// With 1 item.
+	var req1 ptrRequest
+	err = mappingByPtr(&req1, formSource{"items": {`{"key": 1}`}}, "form")
+	require.NoError(t, err)
+	assert.Len(t, req1.Items, 1)
+	assert.EqualValues(t, 1, req1.Items[0].Key)
+
+	// With 2 items.
+	var req2 ptrRequest
+	err = mappingByPtr(&req2, formSource{"items": {`{"key": 1}`, `{"key": 2}`}}, "form")
+	require.NoError(t, err)
+	assert.Len(t, req2.Items, 2)
+	assert.EqualValues(t, 1, req2.Items[0].Key)
+	assert.EqualValues(t, 2, req2.Items[1].Key)
+}
+
 func TestMappingMapField(t *testing.T) {
 	var s struct {
 		M map[string]int
 	}
 
 	err := mappingByPtr(&s, formSource{"M": {`{"one": 1}`}}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, map[string]int{"one": 1}, s.M)
 }
 
@@ -286,5 +490,267 @@ func TestMappingIgnoredCircularRef(t *testing.T) {
 	var s S
 
 	err := mappingByPtr(&s, formSource{}, "form")
-	assert.NoError(t, err)
+	require.NoError(t, err)
+}
+
+type customUnmarshalParamHex int
+
+func (f *customUnmarshalParamHex) UnmarshalParam(param string) error {
+	v, err := strconv.ParseInt(param, 16, 64)
+	if err != nil {
+		return err
+	}
+	*f = customUnmarshalParamHex(v)
+	return nil
+}
+
+func TestMappingCustomUnmarshalParamHexWithFormTag(t *testing.T) {
+	var s struct {
+		Foo customUnmarshalParamHex `form:"foo"`
+	}
+	err := mappingByPtr(&s, formSource{"foo": {`f5`}}, "form")
+	require.NoError(t, err)
+
+	assert.EqualValues(t, 245, s.Foo)
+}
+
+func TestMappingCustomUnmarshalParamHexWithURITag(t *testing.T) {
+	var s struct {
+		Foo customUnmarshalParamHex `uri:"foo"`
+	}
+	err := mappingByPtr(&s, formSource{"foo": {`f5`}}, "uri")
+	require.NoError(t, err)
+
+	assert.EqualValues(t, 245, s.Foo)
+}
+
+type customUnmarshalParamType struct {
+	Protocol string
+	Path     string
+	Name     string
+}
+
+func (f *customUnmarshalParamType) UnmarshalParam(param string) error {
+	parts := strings.Split(param, ":")
+	if len(parts) != 3 {
+		return errors.New("invalid format")
+	}
+	f.Protocol = parts[0]
+	f.Path = parts[1]
+	f.Name = parts[2]
+	return nil
+}
+
+func TestMappingCustomStructTypeWithFormTag(t *testing.T) {
+	var s struct {
+		FileData customUnmarshalParamType `form:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`}}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData.Protocol)
+	assert.Equal(t, "/foo", s.FileData.Path)
+	assert.Equal(t, "happiness", s.FileData.Name)
+}
+
+func TestMappingCustomStructTypeWithURITag(t *testing.T) {
+	var s struct {
+		FileData customUnmarshalParamType `uri:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`}}, "uri")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData.Protocol)
+	assert.Equal(t, "/foo", s.FileData.Path)
+	assert.Equal(t, "happiness", s.FileData.Name)
+}
+
+func TestMappingCustomPointerStructTypeWithFormTag(t *testing.T) {
+	var s struct {
+		FileData *customUnmarshalParamType `form:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`}}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData.Protocol)
+	assert.Equal(t, "/foo", s.FileData.Path)
+	assert.Equal(t, "happiness", s.FileData.Name)
+}
+
+func TestMappingCustomPointerStructTypeWithURITag(t *testing.T) {
+	var s struct {
+		FileData *customUnmarshalParamType `uri:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`}}, "uri")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData.Protocol)
+	assert.Equal(t, "/foo", s.FileData.Path)
+	assert.Equal(t, "happiness", s.FileData.Name)
+}
+
+type customPath []string
+
+func (p *customPath) UnmarshalParam(param string) error {
+	elems := strings.Split(param, "/")
+	n := len(elems)
+	if n < 2 {
+		return errors.New("invalid format")
+	}
+
+	*p = elems
+	return nil
+}
+
+func TestMappingCustomSliceUri(t *testing.T) {
+	var s struct {
+		FileData customPath `uri:"path"`
+	}
+	err := mappingByPtr(&s, formSource{"path": {`bar/foo`}}, "uri")
+	require.NoError(t, err)
+
+	assert.Equal(t, "bar", s.FileData[0])
+	assert.Equal(t, "foo", s.FileData[1])
+}
+
+func TestMappingCustomSliceForm(t *testing.T) {
+	var s struct {
+		FileData customPath `form:"path"`
+	}
+	err := mappingByPtr(&s, formSource{"path": {`bar/foo`}}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, "bar", s.FileData[0])
+	assert.Equal(t, "foo", s.FileData[1])
+}
+
+type objectID [12]byte
+
+func (o *objectID) UnmarshalParam(param string) error {
+	oid, err := convertTo(param)
+	if err != nil {
+		return err
+	}
+
+	*o = oid
+	return nil
+}
+
+func convertTo(s string) (objectID, error) {
+	var nilObjectID objectID
+	if len(s) != 24 {
+		return nilObjectID, errors.New("invalid format")
+	}
+
+	var oid [12]byte
+	_, err := hex.Decode(oid[:], []byte(s))
+	if err != nil {
+		return nilObjectID, err
+	}
+
+	return oid, nil
+}
+
+func TestMappingCustomArrayUri(t *testing.T) {
+	var s struct {
+		FileData objectID `uri:"id"`
+	}
+	val := `664a062ac74a8ad104e0e80f`
+	err := mappingByPtr(&s, formSource{"id": {val}}, "uri")
+	require.NoError(t, err)
+
+	expected, _ := convertTo(val)
+	assert.Equal(t, expected, s.FileData)
+}
+
+func TestMappingCustomArrayForm(t *testing.T) {
+	var s struct {
+		FileData objectID `form:"id"`
+	}
+	val := `664a062ac74a8ad104e0e80f`
+	err := mappingByPtr(&s, formSource{"id": {val}}, "form")
+	require.NoError(t, err)
+
+	expected, _ := convertTo(val)
+	assert.Equal(t, expected, s.FileData)
+}
+
+func TestMappingEmptyValues(t *testing.T) {
+	t.Run("slice with default", func(t *testing.T) {
+		var s struct {
+			Slice []int `form:"slice,default=5"`
+		}
+
+		// field not present
+		err := mappingByPtr(&s, formSource{}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, []int{5}, s.Slice)
+
+		// field present but empty
+		err = mappingByPtr(&s, formSource{"slice": {}}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, []int{5}, s.Slice)
+
+		// field present with values
+		err = mappingByPtr(&s, formSource{"slice": {"1", "2", "3"}}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, []int{1, 2, 3}, s.Slice)
+	})
+
+	t.Run("array with default", func(t *testing.T) {
+		var s struct {
+			Array [1]int `form:"array,default=5"`
+		}
+
+		// field not present
+		err := mappingByPtr(&s, formSource{}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, [1]int{5}, s.Array)
+
+		// field present but empty
+		err = mappingByPtr(&s, formSource{"array": {}}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, [1]int{5}, s.Array)
+	})
+
+	t.Run("slice without default", func(t *testing.T) {
+		var s struct {
+			Slice []int `form:"slice"`
+		}
+
+		// field present but empty
+		err := mappingByPtr(&s, formSource{"slice": {}}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, []int(nil), s.Slice)
+	})
+
+	t.Run("array without default", func(t *testing.T) {
+		var s struct {
+			Array [1]int `form:"array"`
+		}
+
+		// field present but empty
+		err := mappingByPtr(&s, formSource{"array": {}}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, [1]int{0}, s.Array)
+	})
+
+	t.Run("slice with collection format", func(t *testing.T) {
+		var s struct {
+			SliceMulti []int `form:"slice_multi,default=1;2;3" collection_format:"multi"`
+			SliceCsv   []int `form:"slice_csv,default=1;2;3" collection_format:"csv"`
+		}
+
+		// field not present
+		err := mappingByPtr(&s, formSource{}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, []int{1, 2, 3}, s.SliceMulti)
+		assert.Equal(t, []int{1, 2, 3}, s.SliceCsv)
+
+		// field present but empty
+		err = mappingByPtr(&s, formSource{"slice_multi": {}, "slice_csv": {}}, "form")
+		require.NoError(t, err)
+		assert.Equal(t, []int{1, 2, 3}, s.SliceMulti)
+		assert.Equal(t, []int{1, 2, 3}, s.SliceCsv)
+	})
 }

binding/header.go

@@ -17,7 +17,6 @@ func (headerBinding) Name() string {
 }
 
 func (headerBinding) Bind(req *http.Request, obj any) error {
-
 	if err := mapHeader(obj, req.Header); err != nil {
 		return err
 	}

binding/json.go

@@ -10,12 +10,12 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/gin-gonic/gin/internal/json"
+	"github.com/gin-gonic/gin/codec/json"
 )
 
 // EnableDecoderUseNumber is used to call the UseNumber method on the JSON
 // Decoder instance. UseNumber causes the Decoder to unmarshal a number into an
-// interface{} as a Number instead of as a float64.
+// any as a Number instead of as a float64.
 var EnableDecoderUseNumber = false
 
 // EnableDecoderDisallowUnknownFields is used to call the DisallowUnknownFields method
@@ -42,7 +42,7 @@ func (jsonBinding) BindBody(body []byte, obj any) error {
 }
 
 func decodeJSON(r io.Reader, obj any) error {
-	decoder := json.NewDecoder(r)
+	decoder := json.API.NewDecoder(r)
 	if EnableDecoderUseNumber {
 		decoder.UseNumber()
 	}

binding/json_test.go

@@ -5,8 +5,16 @@
 package binding
 
 import (
+	"io"
+	"net/http/httptest"
 	"testing"
+	"time"
+	"unsafe"
 
+	"github.com/gin-gonic/gin/codec/json"
+	"github.com/gin-gonic/gin/render"
+	jsoniter "github.com/json-iterator/go"
+	"github.com/modern-go/reflect2"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -28,3 +36,181 @@ func TestJSONBindingBindBodyMap(t *testing.T) {
 	assert.Equal(t, "FOO", s["foo"])
 	assert.Equal(t, "world", s["hello"])
 }
+
+func TestCustomJsonCodec(t *testing.T) {
+	// Restore json encoding configuration after testing
+	oldMarshal := json.API
+	defer func() {
+		json.API = oldMarshal
+	}()
+	// Custom json api
+	json.API = customJsonApi{}
+
+	// test decode json
+	obj := customReq{}
+	err := jsonBinding{}.BindBody([]byte(`{"time_empty":null,"time_struct": "2001-12-05 10:01:02.345","time_nil":null,"time_pointer":"2002-12-05 10:01:02.345"}`), &obj)
+	require.NoError(t, err)
+	assert.Equal(t, zeroTime, obj.TimeEmpty)
+	assert.Equal(t, time.Date(2001, 12, 5, 10, 1, 2, 345000000, time.Local), obj.TimeStruct)
+	assert.Nil(t, obj.TimeNil)
+	assert.Equal(t, time.Date(2002, 12, 5, 10, 1, 2, 345000000, time.Local), *obj.TimePointer)
+	// test encode json
+	w := httptest.NewRecorder()
+	err2 := (render.PureJSON{Data: obj}).Render(w)
+	require.NoError(t, err2)
+	assert.JSONEq(t, "{\"time_empty\":null,\"time_struct\":\"2001-12-05 10:01:02.345\",\"time_nil\":null,\"time_pointer\":\"2002-12-05 10:01:02.345\"}\n", w.Body.String())
+	assert.Equal(t, "application/json; charset=utf-8", w.Header().Get("Content-Type"))
+}
+
+type customReq struct {
+	TimeEmpty   time.Time  `json:"time_empty"`
+	TimeStruct  time.Time  `json:"time_struct"`
+	TimeNil     *time.Time `json:"time_nil"`
+	TimePointer *time.Time `json:"time_pointer"`
+}
+
+var customConfig = jsoniter.Config{
+	EscapeHTML:             true,
+	SortMapKeys:            true,
+	ValidateJsonRawMessage: true,
+}.Froze()
+
+func init() {
+	customConfig.RegisterExtension(&TimeEx{})
+	customConfig.RegisterExtension(&TimePointerEx{})
+}
+
+type customJsonApi struct{}
+
+func (j customJsonApi) Marshal(v any) ([]byte, error) {
+	return customConfig.Marshal(v)
+}
+
+func (j customJsonApi) Unmarshal(data []byte, v any) error {
+	return customConfig.Unmarshal(data, v)
+}
+
+func (j customJsonApi) MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+	return customConfig.MarshalIndent(v, prefix, indent)
+}
+
+func (j customJsonApi) NewEncoder(writer io.Writer) json.Encoder {
+	return customConfig.NewEncoder(writer)
+}
+
+func (j customJsonApi) NewDecoder(reader io.Reader) json.Decoder {
+	return customConfig.NewDecoder(reader)
+}
+
+// region Time Extension
+
+var (
+	zeroTime         = time.Time{}
+	timeType         = reflect2.TypeOfPtr((*time.Time)(nil)).Elem()
+	defaultTimeCodec = &timeCodec{}
+)
+
+type TimeEx struct {
+	jsoniter.DummyExtension
+}
+
+func (te *TimeEx) CreateDecoder(typ reflect2.Type) jsoniter.ValDecoder {
+	if typ == timeType {
+		return defaultTimeCodec
+	}
+	return nil
+}
+
+func (te *TimeEx) CreateEncoder(typ reflect2.Type) jsoniter.ValEncoder {
+	if typ == timeType {
+		return defaultTimeCodec
+	}
+	return nil
+}
+
+type timeCodec struct{}
+
+func (tc timeCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	t := *((*time.Time)(ptr))
+	return t.Equal(zeroTime)
+}
+
+func (tc timeCodec) Encode(ptr unsafe.Pointer, stream *jsoniter.Stream) {
+	t := *((*time.Time)(ptr))
+	if t.Equal(zeroTime) {
+		stream.WriteNil()
+		return
+	}
+	stream.WriteString(t.In(time.Local).Format("2006-01-02 15:04:05.000"))
+}
+
+func (tc timeCodec) Decode(ptr unsafe.Pointer, iter *jsoniter.Iterator) {
+	ts := iter.ReadString()
+	if len(ts) == 0 {
+		*((*time.Time)(ptr)) = zeroTime
+		return
+	}
+	t, err := time.ParseInLocation("2006-01-02 15:04:05.000", ts, time.Local)
+	if err != nil {
+		panic(err)
+	}
+	*((*time.Time)(ptr)) = t
+}
+
+// endregion
+
+// region *Time Extension
+
+var (
+	timePointerType         = reflect2.TypeOfPtr((**time.Time)(nil)).Elem()
+	defaultTimePointerCodec = &timePointerCodec{}
+)
+
+type TimePointerEx struct {
+	jsoniter.DummyExtension
+}
+
+func (tpe *TimePointerEx) CreateDecoder(typ reflect2.Type) jsoniter.ValDecoder {
+	if typ == timePointerType {
+		return defaultTimePointerCodec
+	}
+	return nil
+}
+
+func (tpe *TimePointerEx) CreateEncoder(typ reflect2.Type) jsoniter.ValEncoder {
+	if typ == timePointerType {
+		return defaultTimePointerCodec
+	}
+	return nil
+}
+
+type timePointerCodec struct{}
+
+func (tpc timePointerCodec) IsEmpty(ptr unsafe.Pointer) bool {
+	t := *((**time.Time)(ptr))
+	return t == nil || (*t).Equal(zeroTime)
+}
+
+func (tpc timePointerCodec) Encode(ptr unsafe.Pointer, stream *jsoniter.Stream) {
+	t := *((**time.Time)(ptr))
+	if t == nil || (*t).Equal(zeroTime) {
+		stream.WriteNil()
+		return
+	}
+	stream.WriteString(t.In(time.Local).Format("2006-01-02 15:04:05.000"))
+}
+
+func (tpc timePointerCodec) Decode(ptr unsafe.Pointer, iter *jsoniter.Iterator) {
+	ts := iter.ReadString()
+	if len(ts) == 0 {
+		*((**time.Time)(ptr)) = nil
+		return
+	}
+	t, err := time.ParseInLocation("2006-01-02 15:04:05.000", ts, time.Local)
+	if err != nil {
+		panic(err)
+	}
+	*((**time.Time)(ptr)) = &t
+}
+
+// endregion

binding/msgpack.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !nomsgpack
-// +build !nomsgpack
 
 package binding
 

binding/msgpack_test.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !nomsgpack
-// +build !nomsgpack
 
 package binding
 

binding/multipart_form_mapping_test.go

@@ -12,6 +12,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestFormMultipartBindingBindOneFile(t *testing.T) {
@@ -27,7 +28,7 @@ func TestFormMultipartBindingBindOneFile(t *testing.T) {
 
 	req := createRequestMultipartFiles(t, file)
 	err := FormMultipart.Bind(req, &s)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	assertMultipartFileHeader(t, &s.FileValue, file)
 	assertMultipartFileHeader(t, s.FilePtr, file)
@@ -53,7 +54,7 @@ func TestFormMultipartBindingBindTwoFiles(t *testing.T) {
 
 	req := createRequestMultipartFiles(t, files...)
 	err := FormMultipart.Bind(req, &s)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	assert.Len(t, s.SliceValues, len(files))
 	assert.Len(t, s.SlicePtrs, len(files))
@@ -90,7 +91,7 @@ func TestFormMultipartBindingBindError(t *testing.T) {
 	} {
 		req := createRequestMultipartFiles(t, files...)
 		err := FormMultipart.Bind(req, tt.s)
-		assert.Error(t, err)
+		require.Error(t, err)
 	}
 }
 
@@ -106,17 +107,17 @@ func createRequestMultipartFiles(t *testing.T, files ...testFile) *http.Request
 	mw := multipart.NewWriter(&body)
 	for _, file := range files {
 		fw, err := mw.CreateFormFile(file.Fieldname, file.Filename)
-		assert.NoError(t, err)
+		require.NoError(t, err)
 
 		n, err := fw.Write(file.Content)
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, len(file.Content), n)
 	}
 	err := mw.Close()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
-	req, err := http.NewRequest("POST", "/", &body)
-	assert.NoError(t, err)
+	req, err := http.NewRequest(http.MethodPost, "/", &body)
+	require.NoError(t, err)
 
 	req.Header.Set("Content-Type", MIMEMultipartPOSTForm+"; boundary="+mw.Boundary())
 	return req
@@ -127,12 +128,12 @@ func assertMultipartFileHeader(t *testing.T, fh *multipart.FileHeader, file test
 	assert.Equal(t, int64(len(file.Content)), fh.Size)
 
 	fl, err := fh.Open()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	body, err := io.ReadAll(fl)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, string(file.Content), string(body))
 
 	err = fl.Close()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 }

binding/plain.go

@@ -0,0 +1,56 @@
+package binding
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"reflect"
+
+	"github.com/gin-gonic/gin/internal/bytesconv"
+)
+
+type plainBinding struct{}
+
+func (plainBinding) Name() string {
+	return "plain"
+}
+
+func (plainBinding) Bind(req *http.Request, obj any) error {
+	all, err := io.ReadAll(req.Body)
+	if err != nil {
+		return err
+	}
+
+	return decodePlain(all, obj)
+}
+
+func (plainBinding) BindBody(body []byte, obj any) error {
+	return decodePlain(body, obj)
+}
+
+func decodePlain(data []byte, obj any) error {
+	if obj == nil {
+		return nil
+	}
+
+	v := reflect.ValueOf(obj)
+
+	for v.Kind() == reflect.Ptr {
+		if v.IsNil() {
+			return nil
+		}
+		v = v.Elem()
+	}
+
+	if v.Kind() == reflect.String {
+		v.SetString(bytesconv.BytesToString(data))
+		return nil
+	}
+
+	if _, ok := v.Interface().([]byte); ok {
+		v.SetBytes(data)
+		return nil
+	}
+
+	return fmt.Errorf("type (%T) unknown type", v)
+}

binding/protobuf.go

@@ -34,7 +34,7 @@ func (protobufBinding) BindBody(body []byte, obj any) error {
 	if err := proto.Unmarshal(body, msg); err != nil {
 		return err
 	}
-	// Here it's same to return validate(obj), but util now we can't add
+	// Here it's same to return validate(obj), but until now we can't add
 	// `binding:""` to the struct which automatically generate by gen-proto
 	return nil
 	// return validate(obj)

binding/toml.go

@@ -31,5 +31,5 @@ func decodeToml(r io.Reader, obj any) error {
 	if err := decoder.Decode(obj); err != nil {
 		return err
 	}
-	return decoder.Decode(obj)
+	return validate(obj)
 }

binding/validate_test.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/go-playground/validator/v10"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 type testInterface interface {
@@ -113,10 +114,10 @@ func TestValidateNoValidationValues(t *testing.T) {
 	test := createNoValidationValues()
 	empty := structNoValidationValues{}
 
-	assert.Nil(t, validate(test))
-	assert.Nil(t, validate(&test))
-	assert.Nil(t, validate(empty))
-	assert.Nil(t, validate(&empty))
+	require.NoError(t, validate(test))
+	require.NoError(t, validate(&test))
+	require.NoError(t, validate(empty))
+	require.NoError(t, validate(&empty))
 
 	assert.Equal(t, origin, test)
 }
@@ -157,41 +158,65 @@ type structNoValidationPointer struct {
 }
 
 func TestValidateNoValidationPointers(t *testing.T) {
-	//origin := createNoValidation_values()
-	//test := createNoValidation_values()
+	// origin := createNoValidation_values()
+	// test := createNoValidation_values()
 	empty := structNoValidationPointer{}
 
-	//assert.Nil(t, validate(test))
-	//assert.Nil(t, validate(&test))
-	assert.Nil(t, validate(empty))
-	assert.Nil(t, validate(&empty))
+	// assert.Nil(t, validate(test))
+	// assert.Nil(t, validate(&test))
+	require.NoError(t, validate(empty))
+	require.NoError(t, validate(&empty))
 
-	//assert.Equal(t, origin, test)
+	// assert.Equal(t, origin, test)
 }
 
 type Object map[string]any
 
 func TestValidatePrimitives(t *testing.T) {
 	obj := Object{"foo": "bar", "bar": 1}
-	assert.NoError(t, validate(obj))
-	assert.NoError(t, validate(&obj))
+	require.NoError(t, validate(obj))
+	require.NoError(t, validate(&obj))
 	assert.Equal(t, Object{"foo": "bar", "bar": 1}, obj)
 
 	obj2 := []Object{{"foo": "bar", "bar": 1}, {"foo": "bar", "bar": 1}}
-	assert.NoError(t, validate(obj2))
-	assert.NoError(t, validate(&obj2))
+	require.NoError(t, validate(obj2))
+	require.NoError(t, validate(&obj2))
 
 	nu := 10
-	assert.NoError(t, validate(nu))
-	assert.NoError(t, validate(&nu))
+	require.NoError(t, validate(nu))
+	require.NoError(t, validate(&nu))
 	assert.Equal(t, 10, nu)
 
 	str := "value"
-	assert.NoError(t, validate(str))
-	assert.NoError(t, validate(&str))
+	require.NoError(t, validate(str))
+	require.NoError(t, validate(&str))
 	assert.Equal(t, "value", str)
 }
 
+type structModifyValidation struct {
+	Integer int
+}
+
+func toZero(sl validator.StructLevel) {
+	s := sl.Top().Interface().(*structModifyValidation)
+	s.Integer = 0
+}
+
+func TestValidateAndModifyStruct(t *testing.T) {
+	// This validates that pointers to structs are passed to the validator
+	// giving us the ability to modify the struct being validated.
+	engine, ok := Validator.Engine().(*validator.Validate)
+	assert.True(t, ok)
+
+	engine.RegisterStructValidation(toZero, structModifyValidation{})
+
+	s := structModifyValidation{Integer: 1}
+	errs := validate(&s)
+
+	require.NoError(t, errs)
+	assert.Equal(t, structModifyValidation{Integer: 0}, s)
+}
+
 // structCustomValidation is a helper struct we use to check that
 // custom validation can be registered on it.
 // The `notone` binding directive is for custom validation and registered later.
@@ -215,14 +240,14 @@ func TestValidatorEngine(t *testing.T) {
 
 	err := engine.RegisterValidation("notone", notOne)
 	// Check that we can register custom validation without error
-	assert.Nil(t, err)
+	require.NoError(t, err)
 
 	// Create an instance which will fail validation
 	withOne := structCustomValidation{Integer: 1}
 	errs := validate(withOne)
 
 	// Check that we got back non-nil errs
-	assert.NotNil(t, errs)
+	require.Error(t, errs)
 	// Check that the error matches expectation
-	assert.Error(t, errs, "", "", "notone")
+	require.Error(t, errs, "notone")
 }

binding/xml.go

@@ -24,6 +24,7 @@ func (xmlBinding) Bind(req *http.Request, obj any) error {
 func (xmlBinding) BindBody(body []byte, obj any) error {
 	return decodeXML(bytes.NewReader(body), obj)
 }
+
 func decodeXML(r io.Reader, obj any) error {
 	decoder := xml.NewDecoder(r)
 	if err := decoder.Decode(obj); err != nil {

binding/yaml.go

@@ -9,7 +9,7 @@ import (
 	"io"
 	"net/http"
 
-	"gopkg.in/yaml.v3"
+	"github.com/goccy/go-yaml"
 )
 
 type yamlBinding struct{}

codec/json/api.go

@@ -0,0 +1,57 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package json
+
+import "io"
+
+// API the json codec in use.
+var API Core
+
+// Core the api for json codec.
+type Core interface {
+	Marshal(v any) ([]byte, error)
+	Unmarshal(data []byte, v any) error
+	MarshalIndent(v any, prefix, indent string) ([]byte, error)
+	NewEncoder(writer io.Writer) Encoder
+	NewDecoder(reader io.Reader) Decoder
+}
+
+// Encoder an interface writes JSON values to an output stream.
+type Encoder interface {
+	// SetEscapeHTML specifies whether problematic HTML characters
+	// should be escaped inside JSON quoted strings.
+	// The default behavior is to escape &, <, and > to \u0026, \u003c, and \u003e
+	// to avoid certain safety problems that can arise when embedding JSON in HTML.
+	//
+	// In non-HTML settings where the escaping interferes with the readability
+	// of the output, SetEscapeHTML(false) disables this behavior.
+	SetEscapeHTML(on bool)
+
+	// Encode writes the JSON encoding of v to the stream,
+	// followed by a newline character.
+	//
+	// See the documentation for Marshal for details about the
+	// conversion of Go values to JSON.
+	Encode(v any) error
+}
+
+// Decoder an interface reads and decodes JSON values from an input stream.
+type Decoder interface {
+	// UseNumber causes the Decoder to unmarshal a number into an any as a
+	// Number instead of as a float64.
+	UseNumber()
+
+	// DisallowUnknownFields causes the Decoder to return an error when the destination
+	// is a struct and the input contains object keys which do not match any
+	// non-ignored, exported fields in the destination.
+	DisallowUnknownFields()
+
+	// Decode reads the next JSON-encoded value from its
+	// input and stores it in the value pointed to by v.
+	//
+	// See the documentation for Unmarshal for details about
+	// the conversion of JSON into a Go value.
+	Decode(v any) error
+}

codec/json/go_json.go

@@ -0,0 +1,42 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+//go:build go_json
+
+package json
+
+import (
+	"io"
+
+	"github.com/goccy/go-json"
+)
+
+// Package indicates what library is being used for JSON encoding.
+const Package = "github.com/goccy/go-json"
+
+func init() {
+	API = gojsonApi{}
+}
+
+type gojsonApi struct{}
+
+func (j gojsonApi) Marshal(v any) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+func (j gojsonApi) Unmarshal(data []byte, v any) error {
+	return json.Unmarshal(data, v)
+}
+
+func (j gojsonApi) MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
+
+func (j gojsonApi) NewEncoder(writer io.Writer) Encoder {
+	return json.NewEncoder(writer)
+}
+
+func (j gojsonApi) NewDecoder(reader io.Reader) Decoder {
+	return json.NewDecoder(reader)
+}

codec/json/json.go

@@ -0,0 +1,41 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+//go:build !jsoniter && !go_json && !(sonic && (linux || windows || darwin))
+
+package json
+
+import (
+	"encoding/json"
+	"io"
+)
+
+// Package indicates what library is being used for JSON encoding.
+const Package = "encoding/json"
+
+func init() {
+	API = jsonApi{}
+}
+
+type jsonApi struct{}
+
+func (j jsonApi) Marshal(v any) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+func (j jsonApi) Unmarshal(data []byte, v any) error {
+	return json.Unmarshal(data, v)
+}
+
+func (j jsonApi) MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
+
+func (j jsonApi) NewEncoder(writer io.Writer) Encoder {
+	return json.NewEncoder(writer)
+}
+
+func (j jsonApi) NewDecoder(reader io.Reader) Decoder {
+	return json.NewDecoder(reader)
+}

codec/json/jsoniter.go

@@ -0,0 +1,44 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+//go:build jsoniter
+
+package json
+
+import (
+	"io"
+
+	jsoniter "github.com/json-iterator/go"
+)
+
+// Package indicates what library is being used for JSON encoding.
+const Package = "github.com/json-iterator/go"
+
+func init() {
+	API = jsoniterApi{}
+}
+
+var json = jsoniter.ConfigCompatibleWithStandardLibrary
+
+type jsoniterApi struct{}
+
+func (j jsoniterApi) Marshal(v any) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+func (j jsoniterApi) Unmarshal(data []byte, v any) error {
+	return json.Unmarshal(data, v)
+}
+
+func (j jsoniterApi) MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
+
+func (j jsoniterApi) NewEncoder(writer io.Writer) Encoder {
+	return json.NewEncoder(writer)
+}
+
+func (j jsoniterApi) NewDecoder(reader io.Reader) Decoder {
+	return json.NewDecoder(reader)
+}

codec/json/sonic.go

@@ -0,0 +1,44 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+//go:build sonic && (linux || windows || darwin)
+
+package json
+
+import (
+	"io"
+
+	"github.com/bytedance/sonic"
+)
+
+// Package indicates what library is being used for JSON encoding.
+const Package = "github.com/bytedance/sonic"
+
+func init() {
+	API = sonicApi{}
+}
+
+var json = sonic.ConfigStd
+
+type sonicApi struct{}
+
+func (j sonicApi) Marshal(v any) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+func (j sonicApi) Unmarshal(data []byte, v any) error {
+	return json.Unmarshal(data, v)
+}
+
+func (j sonicApi) MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
+
+func (j sonicApi) NewEncoder(writer io.Writer) Encoder {
+	return json.NewEncoder(writer)
+}
+
+func (j sonicApi) NewDecoder(reader io.Reader) Decoder {
+	return json.NewDecoder(reader)
+}

codecov.yml

@@ -1,5 +1,13 @@
 coverage:
-  notify:
-    gitter:
+  require_ci_to_pass: true
+
+  status:
+    project:
       default:
-        url: https://webhooks.gitter.im/e/d90dcdeeab2f1e357165
+        target: 99%
+        threshold: 99%
+
+    patch:
+      default:
+        target: 99%
+        threshold: 95%

context.go

@@ -6,8 +6,11 @@ package gin
 
 import (
 	"errors"
+	"fmt"
 	"io"
+	"io/fs"
 	"log"
+	"maps"
 	"math"
 	"mime/multipart"
 	"net"
@@ -34,7 +37,9 @@ const (
 	MIMEPOSTForm          = binding.MIMEPOSTForm
 	MIMEMultipartPOSTForm = binding.MIMEMultipartPOSTForm
 	MIMEYAML              = binding.MIMEYAML
+	MIMEYAML2             = binding.MIMEYAML2
 	MIMETOML              = binding.MIMETOML
+	MIMEPROTOBUF          = binding.MIMEPROTOBUF
 )
 
 // BodyBytesKey indicates a default body bytes key.
@@ -43,6 +48,10 @@ const BodyBytesKey = "_gin-gonic/gin/bodybyteskey"
 // ContextKey is the key that a Context returns itself for.
 const ContextKey = "_gin-gonic/gin/contextkey"
 
+type ContextKeyType int
+
+const ContextRequestKey ContextKeyType = 0
+
 // abortIndex represents a typical value used in abort functions.
 const abortIndex int8 = math.MaxInt8 >> 1
 
@@ -66,7 +75,7 @@ type Context struct {
 	mu sync.RWMutex
 
 	// Keys is a key/value pair exclusively for the context of each request.
-	Keys map[string]any
+	Keys map[any]any
 
 	// Errors is a list of errors attached to all the handlers/middlewares who used this context.
 	Errors errorMsgs
@@ -113,20 +122,24 @@ func (c *Context) Copy() *Context {
 	cp := Context{
 		writermem: c.writermem,
 		Request:   c.Request,
-		Params:    c.Params,
 		engine:    c.engine,
 	}
+
 	cp.writermem.ResponseWriter = nil
 	cp.Writer = &cp.writermem
 	cp.index = abortIndex
 	cp.handlers = nil
-	cp.Keys = map[string]any{}
-	for k, v := range c.Keys {
-		cp.Keys[k] = v
-	}
-	paramCopy := make([]Param, len(cp.Params))
-	copy(paramCopy, cp.Params)
-	cp.Params = paramCopy
+	cp.fullPath = c.fullPath
+
+	cKeys := c.Keys
+	c.mu.RLock()
+	cp.Keys = maps.Clone(cKeys)
+	c.mu.RUnlock()
+
+	cParams := c.Params
+	cp.Params = make([]Param, len(cParams))
+	copy(cp.Params, cParams)
+
 	return &cp
 }
 
@@ -141,6 +154,9 @@ func (c *Context) HandlerName() string {
 func (c *Context) HandlerNames() []string {
 	hn := make([]string, 0, len(c.handlers))
 	for _, val := range c.handlers {
+		if val == nil {
+			continue
+		}
 		hn = append(hn, nameOfFunction(val))
 	}
 	return hn
@@ -170,8 +186,10 @@ func (c *Context) FullPath() string {
 // See example in GitHub.
 func (c *Context) Next() {
 	c.index++
-	for c.index < int8(len(c.handlers)) {
-		c.handlers[c.index](c)
+	for c.index < safeInt8(len(c.handlers)) {
+		if c.handlers[c.index] != nil {
+			c.handlers[c.index](c)
+		}
 		c.index++
 	}
 }
@@ -197,6 +215,14 @@ func (c *Context) AbortWithStatus(code int) {
 	c.Abort()
 }
 
+// AbortWithStatusPureJSON calls `Abort()` and then `PureJSON` internally.
+// This method stops the chain, writes the status code and return a JSON body without escaping.
+// It also sets the Content-Type as "application/json".
+func (c *Context) AbortWithStatusPureJSON(code int, jsonObj any) {
+	c.Abort()
+	c.PureJSON(code, jsonObj)
+}
+
 // AbortWithStatusJSON calls `Abort()` and then `JSON` internally.
 // This method stops the chain, writes the status code and return a JSON body.
 // It also sets the Content-Type as "application/json".
@@ -245,12 +271,12 @@ func (c *Context) Error(err error) *Error {
 /************************************/
 
 // Set is used to store a new key/value pair exclusively for this context.
-// It also lazy initializes  c.Keys if it was not used previously.
-func (c *Context) Set(key string, value any) {
+// It also lazy initializes c.Keys if it was not used previously.
+func (c *Context) Set(key any, value any) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	if c.Keys == nil {
-		c.Keys = make(map[string]any)
+		c.Keys = make(map[any]any)
 	}
 
 	c.Keys[key] = value
@@ -258,7 +284,7 @@ func (c *Context) Set(key string, value any) {
 
 // Get returns the value for the given key, ie: (value, true).
 // If the value does not exist it returns (nil, false)
-func (c *Context) Get(key string) (value any, exists bool) {
+func (c *Context) Get(key any) (value any, exists bool) {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 	value, exists = c.Keys[key]
@@ -266,115 +292,188 @@ func (c *Context) Get(key string) (value any, exists bool) {
 }
 
 // MustGet returns the value for the given key if it exists, otherwise it panics.
-func (c *Context) MustGet(key string) any {
+func (c *Context) MustGet(key any) any {
 	if value, exists := c.Get(key); exists {
 		return value
 	}
-	panic("Key \"" + key + "\" does not exist")
+	panic(fmt.Sprintf("key %v does not exist", key))
+}
+
+func getTyped[T any](c *Context, key any) (res T) {
+	if val, ok := c.Get(key); ok && val != nil {
+		res, _ = val.(T)
+	}
+	return
 }
 
 // GetString returns the value associated with the key as a string.
-func (c *Context) GetString(key string) (s string) {
-	if val, ok := c.Get(key); ok && val != nil {
-		s, _ = val.(string)
-	}
-	return
+func (c *Context) GetString(key any) string {
+	return getTyped[string](c, key)
 }
 
 // GetBool returns the value associated with the key as a boolean.
-func (c *Context) GetBool(key string) (b bool) {
-	if val, ok := c.Get(key); ok && val != nil {
-		b, _ = val.(bool)
-	}
-	return
+func (c *Context) GetBool(key any) bool {
+	return getTyped[bool](c, key)
 }
 
 // GetInt returns the value associated with the key as an integer.
-func (c *Context) GetInt(key string) (i int) {
-	if val, ok := c.Get(key); ok && val != nil {
-		i, _ = val.(int)
-	}
-	return
+func (c *Context) GetInt(key any) int {
+	return getTyped[int](c, key)
 }
 
-// GetInt64 returns the value associated with the key as an integer.
-func (c *Context) GetInt64(key string) (i64 int64) {
-	if val, ok := c.Get(key); ok && val != nil {
-		i64, _ = val.(int64)
-	}
-	return
+// GetInt8 returns the value associated with the key as an integer 8.
+func (c *Context) GetInt8(key any) int8 {
+	return getTyped[int8](c, key)
+}
+
+// GetInt16 returns the value associated with the key as an integer 16.
+func (c *Context) GetInt16(key any) int16 {
+	return getTyped[int16](c, key)
+}
+
+// GetInt32 returns the value associated with the key as an integer 32.
+func (c *Context) GetInt32(key any) int32 {
+	return getTyped[int32](c, key)
+}
+
+// GetInt64 returns the value associated with the key as an integer 64.
+func (c *Context) GetInt64(key any) int64 {
+	return getTyped[int64](c, key)
 }
 
 // GetUint returns the value associated with the key as an unsigned integer.
-func (c *Context) GetUint(key string) (ui uint) {
-	if val, ok := c.Get(key); ok && val != nil {
-		ui, _ = val.(uint)
-	}
-	return
+func (c *Context) GetUint(key any) uint {
+	return getTyped[uint](c, key)
 }
 
-// GetUint64 returns the value associated with the key as an unsigned integer.
-func (c *Context) GetUint64(key string) (ui64 uint64) {
-	if val, ok := c.Get(key); ok && val != nil {
-		ui64, _ = val.(uint64)
-	}
-	return
+// GetUint8 returns the value associated with the key as an unsigned integer 8.
+func (c *Context) GetUint8(key any) uint8 {
+	return getTyped[uint8](c, key)
+}
+
+// GetUint16 returns the value associated with the key as an unsigned integer 16.
+func (c *Context) GetUint16(key any) uint16 {
+	return getTyped[uint16](c, key)
+}
+
+// GetUint32 returns the value associated with the key as an unsigned integer 32.
+func (c *Context) GetUint32(key any) uint32 {
+	return getTyped[uint32](c, key)
+}
+
+// GetUint64 returns the value associated with the key as an unsigned integer 64.
+func (c *Context) GetUint64(key any) uint64 {
+	return getTyped[uint64](c, key)
+}
+
+// GetFloat32 returns the value associated with the key as a float32.
+func (c *Context) GetFloat32(key any) float32 {
+	return getTyped[float32](c, key)
 }
 
 // GetFloat64 returns the value associated with the key as a float64.
-func (c *Context) GetFloat64(key string) (f64 float64) {
-	if val, ok := c.Get(key); ok && val != nil {
-		f64, _ = val.(float64)
-	}
-	return
+func (c *Context) GetFloat64(key any) float64 {
+	return getTyped[float64](c, key)
 }
 
 // GetTime returns the value associated with the key as time.
-func (c *Context) GetTime(key string) (t time.Time) {
-	if val, ok := c.Get(key); ok && val != nil {
-		t, _ = val.(time.Time)
-	}
-	return
+func (c *Context) GetTime(key any) time.Time {
+	return getTyped[time.Time](c, key)
 }
 
 // GetDuration returns the value associated with the key as a duration.
-func (c *Context) GetDuration(key string) (d time.Duration) {
-	if val, ok := c.Get(key); ok && val != nil {
-		d, _ = val.(time.Duration)
-	}
-	return
+func (c *Context) GetDuration(key any) time.Duration {
+	return getTyped[time.Duration](c, key)
+}
+
+// GetIntSlice returns the value associated with the key as a slice of integers.
+func (c *Context) GetIntSlice(key any) []int {
+	return getTyped[[]int](c, key)
+}
+
+// GetInt8Slice returns the value associated with the key as a slice of int8 integers.
+func (c *Context) GetInt8Slice(key any) []int8 {
+	return getTyped[[]int8](c, key)
+}
+
+// GetInt16Slice returns the value associated with the key as a slice of int16 integers.
+func (c *Context) GetInt16Slice(key any) []int16 {
+	return getTyped[[]int16](c, key)
+}
+
+// GetInt32Slice returns the value associated with the key as a slice of int32 integers.
+func (c *Context) GetInt32Slice(key any) []int32 {
+	return getTyped[[]int32](c, key)
+}
+
+// GetInt64Slice returns the value associated with the key as a slice of int64 integers.
+func (c *Context) GetInt64Slice(key any) []int64 {
+	return getTyped[[]int64](c, key)
+}
+
+// GetUintSlice returns the value associated with the key as a slice of unsigned integers.
+func (c *Context) GetUintSlice(key any) []uint {
+	return getTyped[[]uint](c, key)
+}
+
+// GetUint8Slice returns the value associated with the key as a slice of uint8 integers.
+func (c *Context) GetUint8Slice(key any) []uint8 {
+	return getTyped[[]uint8](c, key)
+}
+
+// GetUint16Slice returns the value associated with the key as a slice of uint16 integers.
+func (c *Context) GetUint16Slice(key any) []uint16 {
+	return getTyped[[]uint16](c, key)
+}
+
+// GetUint32Slice returns the value associated with the key as a slice of uint32 integers.
+func (c *Context) GetUint32Slice(key any) []uint32 {
+	return getTyped[[]uint32](c, key)
+}
+
+// GetUint64Slice returns the value associated with the key as a slice of uint64 integers.
+func (c *Context) GetUint64Slice(key any) []uint64 {
+	return getTyped[[]uint64](c, key)
+}
+
+// GetFloat32Slice returns the value associated with the key as a slice of float32 numbers.
+func (c *Context) GetFloat32Slice(key any) []float32 {
+	return getTyped[[]float32](c, key)
+}
+
+// GetFloat64Slice returns the value associated with the key as a slice of float64 numbers.
+func (c *Context) GetFloat64Slice(key any) []float64 {
+	return getTyped[[]float64](c, key)
 }
 
 // GetStringSlice returns the value associated with the key as a slice of strings.
-func (c *Context) GetStringSlice(key string) (ss []string) {
-	if val, ok := c.Get(key); ok && val != nil {
-		ss, _ = val.([]string)
-	}
-	return
+func (c *Context) GetStringSlice(key any) []string {
+	return getTyped[[]string](c, key)
 }
 
 // GetStringMap returns the value associated with the key as a map of interfaces.
-func (c *Context) GetStringMap(key string) (sm map[string]any) {
-	if val, ok := c.Get(key); ok && val != nil {
-		sm, _ = val.(map[string]any)
-	}
-	return
+func (c *Context) GetStringMap(key any) map[string]any {
+	return getTyped[map[string]any](c, key)
 }
 
 // GetStringMapString returns the value associated with the key as a map of strings.
-func (c *Context) GetStringMapString(key string) (sms map[string]string) {
-	if val, ok := c.Get(key); ok && val != nil {
-		sms, _ = val.(map[string]string)
-	}
-	return
+func (c *Context) GetStringMapString(key any) map[string]string {
+	return getTyped[map[string]string](c, key)
 }
 
 // GetStringMapStringSlice returns the value associated with the key as a map to a slice of strings.
-func (c *Context) GetStringMapStringSlice(key string) (smss map[string][]string) {
-	if val, ok := c.Get(key); ok && val != nil {
-		smss, _ = val.(map[string][]string)
+func (c *Context) GetStringMapStringSlice(key any) map[string][]string {
+	return getTyped[map[string][]string](c, key)
+}
+
+// Delete deletes the key from the Context's Key map, if it exists.
+// This operation is safe to be used by concurrent go-routines
+func (c *Context) Delete(key any) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.Keys != nil {
+		delete(c.Keys, key)
 	}
-	return
 }
 
 /************************************/
@@ -386,7 +485,7 @@ func (c *Context) GetStringMapStringSlice(key string) (smss map[string][]string)
 //
 //	router.GET("/user/:id", func(c *gin.Context) {
 //	    // a GET request to /user/john
-//	    id := c.Param("id") // id == "/john"
+//	    id := c.Param("id") // id == "john"
 //	    // a GET request to /user/john/
 //	    id := c.Param("id") // id == "/john/"
 //	})
@@ -457,7 +556,7 @@ func (c *Context) QueryArray(key string) (values []string) {
 
 func (c *Context) initQueryCache() {
 	if c.queryCache == nil {
-		if c.Request != nil {
+		if c.Request != nil && c.Request.URL != nil {
 			c.queryCache = c.Request.URL.Query()
 		} else {
 			c.queryCache = url.Values{}
@@ -483,7 +582,7 @@ func (c *Context) QueryMap(key string) (dicts map[string]string) {
 // whether at least one value exists for the given key.
 func (c *Context) GetQueryMap(key string) (map[string]string, bool) {
 	c.initQueryCache()
-	return c.get(c.queryCache, key)
+	return getMapFromFormData(c.queryCache, key)
 }
 
 // PostForm returns the specified key from a POST urlencoded form or multipart form
@@ -556,22 +655,32 @@ func (c *Context) PostFormMap(key string) (dicts map[string]string) {
 // whether at least one value exists for the given key.
 func (c *Context) GetPostFormMap(key string) (map[string]string, bool) {
 	c.initFormCache()
-	return c.get(c.formCache, key)
+	return getMapFromFormData(c.formCache, key)
 }
 
-// get is an internal method and returns a map which satisfies conditions.
-func (c *Context) get(m map[string][]string, key string) (map[string]string, bool) {
-	dicts := make(map[string]string)
-	exist := false
+// getMapFromFormData return a map which satisfies conditions.
+// It parses from data with bracket notation like "key[subkey]=value" into a map.
+func getMapFromFormData(m map[string][]string, key string) (map[string]string, bool) {
+	d := make(map[string]string)
+	found := false
+	keyLen := len(key)
+
 	for k, v := range m {
-		if i := strings.IndexByte(k, '['); i >= 1 && k[0:i] == key {
-			if j := strings.IndexByte(k[i+1:], ']'); j >= 1 {
-				exist = true
-				dicts[k[i+1:][:j]] = v[0]
-			}
+		if len(k) < keyLen+3 { // key + "[" + at least one char + "]"
+			continue
+		}
+
+		if k[:keyLen] != key || k[keyLen] != '[' {
+			continue
+		}
+
+		if j := strings.IndexByte(k[keyLen+1:], ']'); j > 0 {
+			found = true
+			d[k[keyLen+1:keyLen+1+j]] = v[0]
 		}
 	}
-	return dicts, exist
+
+	return d, found
 }
 
 // FormFile returns the first file for the provided form key.
@@ -596,14 +705,22 @@ func (c *Context) MultipartForm() (*multipart.Form, error) {
 }
 
 // SaveUploadedFile uploads the form file to specific dst.
-func (c *Context) SaveUploadedFile(file *multipart.FileHeader, dst string) error {
+func (c *Context) SaveUploadedFile(file *multipart.FileHeader, dst string, perm ...fs.FileMode) error {
 	src, err := file.Open()
 	if err != nil {
 		return err
 	}
 	defer src.Close()
 
-	if err = os.MkdirAll(filepath.Dir(dst), 0750); err != nil {
+	var mode os.FileMode = 0o750
+	if len(perm) > 0 {
+		mode = perm[0]
+	}
+	dir := filepath.Dir(dst)
+	if err = os.MkdirAll(dir, mode); err != nil {
+		return err
+	}
+	if err = os.Chmod(dir, mode); err != nil {
 		return err
 	}
 
@@ -652,10 +769,15 @@ func (c *Context) BindYAML(obj any) error {
 }
 
 // BindTOML is a shortcut for c.MustBindWith(obj, binding.TOML).
-func (c *Context) BindTOML(obj interface{}) error {
+func (c *Context) BindTOML(obj any) error {
 	return c.MustBindWith(obj, binding.TOML)
 }
 
+// BindPlain is a shortcut for c.MustBindWith(obj, binding.Plain).
+func (c *Context) BindPlain(obj any) error {
+	return c.MustBindWith(obj, binding.Plain)
+}
+
 // BindHeader is a shortcut for c.MustBindWith(obj, binding.Header).
 func (c *Context) BindHeader(obj any) error {
 	return c.MustBindWith(obj, binding.Header)
@@ -675,8 +797,19 @@ func (c *Context) BindUri(obj any) error {
 // It will abort the request with HTTP 400 if any error occurs.
 // See the binding package.
 func (c *Context) MustBindWith(obj any, b binding.Binding) error {
-	if err := c.ShouldBindWith(obj, b); err != nil {
-		c.AbortWithError(http.StatusBadRequest, err).SetType(ErrorTypeBind) //nolint: errcheck
+	err := c.ShouldBindWith(obj, b)
+	if err != nil {
+		var maxBytesErr *http.MaxBytesError
+
+		// Note: When using sonic or go-json as JSON encoder, they do not propagate the http.MaxBytesError error
+		// https://github.com/goccy/go-json/issues/485
+		// https://github.com/bytedance/sonic/issues/800
+		switch {
+		case errors.As(err, &maxBytesErr):
+			c.AbortWithError(http.StatusRequestEntityTooLarge, err).SetType(ErrorTypeBind) //nolint: errcheck
+		default:
+			c.AbortWithError(http.StatusBadRequest, err).SetType(ErrorTypeBind) //nolint: errcheck
+		}
 		return err
 	}
 	return nil
@@ -697,38 +830,73 @@ func (c *Context) ShouldBind(obj any) error {
 }
 
 // ShouldBindJSON is a shortcut for c.ShouldBindWith(obj, binding.JSON).
+//
+// Example:
+//
+//	POST /user
+//	Content-Type: application/json
+//
+//	Request Body:
+//	{
+//		"name": "Manu",
+//		"age": 20
+//	}
+//
+//	type User struct {
+//		Name string `json:"name"`
+//		Age  int    `json:"age"`
+//	}
+//
+//	var user User
+//	if err := c.ShouldBindJSON(&user); err != nil {
+//		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+//		return
+//	}
+//	c.JSON(http.StatusOK, user)
 func (c *Context) ShouldBindJSON(obj any) error {
 	return c.ShouldBindWith(obj, binding.JSON)
 }
 
 // ShouldBindXML is a shortcut for c.ShouldBindWith(obj, binding.XML).
+// It works like ShouldBindJSON but binds the request body as XML data.
 func (c *Context) ShouldBindXML(obj any) error {
 	return c.ShouldBindWith(obj, binding.XML)
 }
 
 // ShouldBindQuery is a shortcut for c.ShouldBindWith(obj, binding.Query).
+// It works like ShouldBindJSON but binds query parameters from the URL.
 func (c *Context) ShouldBindQuery(obj any) error {
 	return c.ShouldBindWith(obj, binding.Query)
 }
 
 // ShouldBindYAML is a shortcut for c.ShouldBindWith(obj, binding.YAML).
+// It works like ShouldBindJSON but binds the request body as YAML data.
 func (c *Context) ShouldBindYAML(obj any) error {
 	return c.ShouldBindWith(obj, binding.YAML)
 }
 
 // ShouldBindTOML is a shortcut for c.ShouldBindWith(obj, binding.TOML).
-func (c *Context) ShouldBindTOML(obj interface{}) error {
+// It works like ShouldBindJSON but binds the request body as TOML data.
+func (c *Context) ShouldBindTOML(obj any) error {
 	return c.ShouldBindWith(obj, binding.TOML)
 }
 
+// ShouldBindPlain is a shortcut for c.ShouldBindWith(obj, binding.Plain).
+// It works like ShouldBindJSON but binds plain text data from the request body.
+func (c *Context) ShouldBindPlain(obj any) error {
+	return c.ShouldBindWith(obj, binding.Plain)
+}
+
 // ShouldBindHeader is a shortcut for c.ShouldBindWith(obj, binding.Header).
+// It works like ShouldBindJSON but binds values from HTTP headers.
 func (c *Context) ShouldBindHeader(obj any) error {
 	return c.ShouldBindWith(obj, binding.Header)
 }
 
 // ShouldBindUri binds the passed struct pointer using the specified binding engine.
+// It works like ShouldBindJSON but binds parameters from the URI.
 func (c *Context) ShouldBindUri(obj any) error {
-	m := make(map[string][]string)
+	m := make(map[string][]string, len(c.Params))
 	for _, v := range c.Params {
 		m[v.Key] = []string{v.Value}
 	}
@@ -763,9 +931,34 @@ func (c *Context) ShouldBindBodyWith(obj any, bb binding.BindingBody) (err error
 	return bb.BindBody(body, obj)
 }
 
+// ShouldBindBodyWithJSON is a shortcut for c.ShouldBindBodyWith(obj, binding.JSON).
+func (c *Context) ShouldBindBodyWithJSON(obj any) error {
+	return c.ShouldBindBodyWith(obj, binding.JSON)
+}
+
+// ShouldBindBodyWithXML is a shortcut for c.ShouldBindBodyWith(obj, binding.XML).
+func (c *Context) ShouldBindBodyWithXML(obj any) error {
+	return c.ShouldBindBodyWith(obj, binding.XML)
+}
+
+// ShouldBindBodyWithYAML is a shortcut for c.ShouldBindBodyWith(obj, binding.YAML).
+func (c *Context) ShouldBindBodyWithYAML(obj any) error {
+	return c.ShouldBindBodyWith(obj, binding.YAML)
+}
+
+// ShouldBindBodyWithTOML is a shortcut for c.ShouldBindBodyWith(obj, binding.TOML).
+func (c *Context) ShouldBindBodyWithTOML(obj any) error {
+	return c.ShouldBindBodyWith(obj, binding.TOML)
+}
+
+// ShouldBindBodyWithPlain is a shortcut for c.ShouldBindBodyWith(obj, binding.Plain).
+func (c *Context) ShouldBindBodyWithPlain(obj any) error {
+	return c.ShouldBindBodyWith(obj, binding.Plain)
+}
+
 // ClientIP implements one best effort algorithm to return the real client IP.
 // It calls c.RemoteIP() under the hood, to check if the remote IP is a trusted proxy or not.
-// If it is it will then try to parse the headers defined in Engine.RemoteIPHeaders (defaulting to [X-Forwarded-For, X-Real-Ip]).
+// If it is it will then try to parse the headers defined in Engine.RemoteIPHeaders (defaulting to [X-Forwarded-For, X-Real-IP]).
 // If the headers are not syntactically valid OR the remote IP does not correspond to a trusted proxy,
 // the remote IP (coming from Request.RemoteAddr) is returned.
 func (c *Context) ClientIP() string {
@@ -873,6 +1066,9 @@ func (c *Context) GetHeader(key string) string {
 
 // GetRawData returns stream data.
 func (c *Context) GetRawData() ([]byte, error) {
+	if c.Request.Body == nil {
+		return nil, errors.New("cannot read nil body")
+	}
 	return io.ReadAll(c.Request.Body)
 }
 
@@ -900,6 +1096,19 @@ func (c *Context) SetCookie(name, value string, maxAge int, path, domain string,
 	})
 }
 
+// SetCookieData adds a Set-Cookie header to the ResponseWriter's headers.
+// It accepts a pointer to http.Cookie structure for more flexibility in setting cookie attributes.
+// The provided cookie must have a valid Name. Invalid cookies may be silently dropped.
+func (c *Context) SetCookieData(cookie *http.Cookie) {
+	if cookie.Path == "" {
+		cookie.Path = "/"
+	}
+	if cookie.SameSite == http.SameSiteDefaultMode {
+		cookie.SameSite = c.sameSite
+	}
+	http.SetCookie(c.Writer, cookie)
+}
+
 // Cookie returns the named cookie provided in the request or
 // ErrNoCookie if not found. And return the named cookie is unescaped.
 // If multiple cookies match the given name, only one cookie will
@@ -995,7 +1204,7 @@ func (c *Context) YAML(code int, obj any) {
 }
 
 // TOML serializes the given struct as TOML into the response body.
-func (c *Context) TOML(code int, obj interface{}) {
+func (c *Context) TOML(code int, obj any) {
 	c.Render(code, render.TOML{Data: obj})
 }
 
@@ -1052,11 +1261,17 @@ func (c *Context) FileFromFS(filepath string, fs http.FileSystem) {
 	http.FileServer(fs).ServeHTTP(c.Writer, c.Request)
 }
 
+var quoteEscaper = strings.NewReplacer("\\", "\\\\", `"`, "\\\"")
+
+func escapeQuotes(s string) string {
+	return quoteEscaper.Replace(s)
+}
+
 // FileAttachment writes the specified file into the body stream in an efficient way
 // On the client side, the file will typically be downloaded with the given filename
 func (c *Context) FileAttachment(filepath, filename string) {
 	if isASCII(filename) {
-		c.Writer.Header().Set("Content-Disposition", `attachment; filename="`+filename+`"`)
+		c.Writer.Header().Set("Content-Disposition", `attachment; filename="`+escapeQuotes(filename)+`"`)
 	} else {
 		c.Writer.Header().Set("Content-Disposition", `attachment; filename*=UTF-8''`+url.QueryEscape(filename))
 	}
@@ -1096,14 +1311,15 @@ func (c *Context) Stream(step func(w io.Writer) bool) bool {
 
 // Negotiate contains all negotiations data.
 type Negotiate struct {
-	Offered  []string
-	HTMLName string
-	HTMLData any
-	JSONData any
-	XMLData  any
-	YAMLData any
-	Data     any
-	TOMLData any
+	Offered      []string
+	HTMLName     string
+	HTMLData     any
+	JSONData     any
+	XMLData      any
+	YAMLData     any
+	Data         any
+	TOMLData     any
+	PROTOBUFData any
 }
 
 // Negotiate calls different Render according to acceptable Accept format.
@@ -1121,7 +1337,7 @@ func (c *Context) Negotiate(code int, config Negotiate) {
 		data := chooseData(config.XMLData, config.Data)
 		c.XML(code, data)
 
-	case binding.MIMEYAML:
+	case binding.MIMEYAML, binding.MIMEYAML2:
 		data := chooseData(config.YAMLData, config.Data)
 		c.YAML(code, data)
 
@@ -1129,6 +1345,10 @@ func (c *Context) Negotiate(code int, config Negotiate) {
 		data := chooseData(config.TOMLData, config.Data)
 		c.TOML(code, data)
 
+	case binding.MIMEPROTOBUF:
+		data := chooseData(config.PROTOBUFData, config.Data)
+		c.ProtoBuf(code, data)
+
 	default:
 		c.AbortWithError(http.StatusNotAcceptable, errors.New("the accepted formats are not offered by the server")) //nolint: errcheck
 	}
@@ -1174,9 +1394,16 @@ func (c *Context) SetAccepted(formats ...string) {
 /***** GOLANG.ORG/X/NET/CONTEXT *****/
 /************************************/
 
+// hasRequestContext returns whether c.Request has Context and fallback.
+func (c *Context) hasRequestContext() bool {
+	hasFallback := c.engine != nil && c.engine.ContextWithFallback
+	hasRequestContext := c.Request != nil && c.Request.Context() != nil
+	return hasFallback && hasRequestContext
+}
+
 // Deadline returns that there is no deadline (ok==false) when c.Request has no Context.
 func (c *Context) Deadline() (deadline time.Time, ok bool) {
-	if !c.engine.ContextWithFallback || c.Request == nil || c.Request.Context() == nil {
+	if !c.hasRequestContext() {
 		return
 	}
 	return c.Request.Context().Deadline()
@@ -1184,7 +1411,7 @@ func (c *Context) Deadline() (deadline time.Time, ok bool) {
 
 // Done returns nil (chan which will wait forever) when c.Request has no Context.
 func (c *Context) Done() <-chan struct{} {
-	if !c.engine.ContextWithFallback || c.Request == nil || c.Request.Context() == nil {
+	if !c.hasRequestContext() {
 		return nil
 	}
 	return c.Request.Context().Done()
@@ -1192,7 +1419,7 @@ func (c *Context) Done() <-chan struct{} {
 
 // Err returns nil when c.Request has no Context.
 func (c *Context) Err() error {
-	if !c.engine.ContextWithFallback || c.Request == nil || c.Request.Context() == nil {
+	if !c.hasRequestContext() {
 		return nil
 	}
 	return c.Request.Context().Err()
@@ -1202,7 +1429,7 @@ func (c *Context) Err() error {
 // if no value is associated with key. Successive calls to Value with
 // the same key returns the same result.
 func (c *Context) Value(key any) any {
-	if key == 0 {
+	if key == ContextRequestKey {
 		return c.Request
 	}
 	if key == ContextKey {
@@ -1213,7 +1440,7 @@ func (c *Context) Value(key any) any {
 			return val
 		}
 	}
-	if !c.engine.ContextWithFallback || c.Request == nil || c.Request.Context() == nil {
+	if !c.hasRequestContext() {
 		return nil
 	}
 	return c.Request.Context().Value(key)

context_1.16_test.go

@@ -1,31 +0,0 @@
-// Copyright 2021 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.17
-// +build !go1.17
-
-package gin
-
-import (
-	"bytes"
-	"mime/multipart"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestContextFormFileFailed16(t *testing.T) {
-	buf := new(bytes.Buffer)
-	mw := multipart.NewWriter(buf)
-	mw.Close()
-	c, _ := CreateTestContext(httptest.NewRecorder())
-	c.Request, _ = http.NewRequest("POST", "/", nil)
-	c.Request.Header.Set("Content-Type", mw.FormDataContentType())
-	c.engine.MaxMultipartMemory = 8 << 20
-	f, err := c.FormFile("file")
-	assert.Error(t, err)
-	assert.Nil(t, f)
-}

context_1.17_test.go

@@ -1,94 +0,0 @@
-// Copyright 2021 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package gin
-
-import (
-	"bytes"
-	"mime/multipart"
-	"net/http"
-	"net/http/httptest"
-	"runtime"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-type interceptedWriter struct {
-	ResponseWriter
-	b *bytes.Buffer
-}
-
-func (i interceptedWriter) WriteHeader(code int) {
-	i.Header().Del("X-Test")
-	i.ResponseWriter.WriteHeader(code)
-}
-
-func TestContextFormFileFailed17(t *testing.T) {
-	if !isGo117OrGo118() {
-		return
-	}
-	buf := new(bytes.Buffer)
-	mw := multipart.NewWriter(buf)
-	defer func(mw *multipart.Writer) {
-		err := mw.Close()
-		if err != nil {
-			assert.Error(t, err)
-		}
-	}(mw)
-	c, _ := CreateTestContext(httptest.NewRecorder())
-	c.Request, _ = http.NewRequest("POST", "/", nil)
-	c.Request.Header.Set("Content-Type", mw.FormDataContentType())
-	c.engine.MaxMultipartMemory = 8 << 20
-	assert.Panics(t, func() {
-		f, err := c.FormFile("file")
-		assert.Error(t, err)
-		assert.Nil(t, f)
-	})
-}
-
-func TestInterceptedHeader(t *testing.T) {
-	w := httptest.NewRecorder()
-	c, r := CreateTestContext(w)
-
-	r.Use(func(c *Context) {
-		i := interceptedWriter{
-			ResponseWriter: c.Writer,
-			b:              bytes.NewBuffer(nil),
-		}
-		c.Writer = i
-		c.Next()
-		c.Header("X-Test", "overridden")
-		c.Writer = i.ResponseWriter
-	})
-	r.GET("/", func(c *Context) {
-		c.Header("X-Test", "original")
-		c.Header("X-Test-2", "present")
-		c.String(http.StatusOK, "hello world")
-	})
-	c.Request = httptest.NewRequest("GET", "/", nil)
-	r.HandleContext(c)
-	// Result() has headers frozen when WriteHeaderNow() has been called
-	// Compared to this time, this is when the response headers will be flushed
-	// As response is flushed on c.String, the Header cannot be set by the first
-	// middleware. Assert this
-	assert.Equal(t, "", w.Result().Header.Get("X-Test"))
-	assert.Equal(t, "present", w.Result().Header.Get("X-Test-2"))
-}
-
-func isGo117OrGo118() bool {
-	version := strings.Split(runtime.Version()[2:], ".")
-	if len(version) >= 2 {
-		x := version[0]
-		y := version[1]
-		if x == "1" && (y == "17" || y == "18") {
-			return true
-		}
-	}
-	return false
-}

context_1.19_test.go

@@ -1,31 +0,0 @@
-// Copyright 2022 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build go1.19
-// +build go1.19
-
-package gin
-
-import (
-	"bytes"
-	"mime/multipart"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestContextFormFileFailed19(t *testing.T) {
-	buf := new(bytes.Buffer)
-	mw := multipart.NewWriter(buf)
-	mw.Close()
-	c, _ := CreateTestContext(httptest.NewRecorder())
-	c.Request, _ = http.NewRequest("POST", "/", nil)
-	c.Request.Header.Set("Content-Type", mw.FormDataContentType())
-	c.engine.MaxMultipartMemory = 8 << 20
-	f, err := c.FormFile("file")
-	assert.Error(t, err)
-	assert.Nil(t, f)
-}

context_appengine.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build appengine
-// +build appengine
 
 package gin
 

context_file_test.go

@@ -0,0 +1,35 @@
+package gin
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestContextFileSimple tests the Context.File() method with a simple case
+func TestContextFileSimple(t *testing.T) {
+	// Test serving an existing file
+	testFile := "testdata/test_file.txt"
+	w := httptest.NewRecorder()
+	c, _ := CreateTestContext(w)
+	c.Request = httptest.NewRequest(http.MethodGet, "/test", nil)
+
+	c.File(testFile)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Contains(t, w.Body.String(), "This is a test file")
+	assert.Equal(t, "text/plain; charset=utf-8", w.Header().Get("Content-Type"))
+}
+
+// TestContextFileNotFound tests serving a non-existent file
+func TestContextFileNotFound(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, _ := CreateTestContext(w)
+	c.Request = httptest.NewRequest(http.MethodGet, "/test", nil)
+
+	c.File("non_existent_file.txt")
+
+	assert.Equal(t, http.StatusNotFound, w.Code)
+}

debug.go

@@ -10,19 +10,25 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
+	"sync/atomic"
 )
 
-const ginSupportMinGoVer = 16
+const ginSupportMinGoVer = 24
+
+var runtimeVersion = runtime.Version()
 
 // IsDebugging returns true if the framework is running in debug mode.
 // Use SetMode(gin.ReleaseMode) to disable debug mode.
 func IsDebugging() bool {
-	return ginMode == debugCode
+	return atomic.LoadInt32(&ginMode) == debugCode
 }
 
 // DebugPrintRouteFunc indicates debug log output format.
 var DebugPrintRouteFunc func(httpMethod, absolutePath, handlerName string, nuHandlers int)
 
+// DebugPrintFunc indicates debug log output format.
+var DebugPrintFunc func(format string, values ...any)
+
 func debugPrintRoute(httpMethod, absolutePath string, handlers HandlersChain) {
 	if IsDebugging() {
 		nuHandlers := len(handlers)
@@ -48,12 +54,19 @@ func debugPrintLoadTemplate(tmpl *template.Template) {
 }
 
 func debugPrint(format string, values ...any) {
-	if IsDebugging() {
-		if !strings.HasSuffix(format, "\n") {
-			format += "\n"
-		}
-		fmt.Fprintf(DefaultWriter, "[GIN-debug] "+format, values...)
+	if !IsDebugging() {
+		return
 	}
+
+	if DebugPrintFunc != nil {
+		DebugPrintFunc(format, values...)
+		return
+	}
+
+	if !strings.HasSuffix(format, "\n") {
+		format += "\n"
+	}
+	fmt.Fprintf(DefaultWriter, "[GIN-debug] "+format, values...)
 }
 
 func getMinVer(v string) (uint64, error) {
@@ -66,8 +79,8 @@ func getMinVer(v string) (uint64, error) {
 }
 
 func debugPrintWARNINGDefault() {
-	if v, e := getMinVer(runtime.Version()); e == nil && v < ginSupportMinGoVer {
-		debugPrint(`[WARNING] Now Gin requires Go 1.16+.
+	if v, e := getMinVer(runtimeVersion); e == nil && v < ginSupportMinGoVer {
+		debugPrint(`[WARNING] Now Gin requires Go 1.24+.
 
 `)
 	}

debug_test.go

@@ -10,19 +10,16 @@ import (
 	"html/template"
 	"io"
 	"log"
+	"net/http"
 	"os"
-	"runtime"
 	"strings"
 	"sync"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
-// TODO
-// func debugRoute(httpMethod, absolutePath string, handlers HandlersChain) {
-// func debugPrint(format string, values ...interface{}) {
-
 func TestIsDebugging(t *testing.T) {
 	SetMode(DebugMode)
 	assert.True(t, IsDebugging())
@@ -46,6 +43,18 @@ func TestDebugPrint(t *testing.T) {
 	assert.Equal(t, "[GIN-debug] these are 2 error messages\n", re)
 }
 
+func TestDebugPrintFunc(t *testing.T) {
+	DebugPrintFunc = func(format string, values ...any) {
+		fmt.Fprintf(DefaultWriter, "[GIN-debug] "+format, values...)
+	}
+	re := captureOutput(t, func() {
+		SetMode(DebugMode)
+		debugPrint("debug print func test: %d", 123)
+		SetMode(TestMode)
+	})
+	assert.Regexp(t, `^\[GIN-debug\] debug print func test: 123`, re)
+}
+
 func TestDebugPrintError(t *testing.T) {
 	re := captureOutput(t, func() {
 		SetMode(DebugMode)
@@ -59,7 +68,7 @@ func TestDebugPrintError(t *testing.T) {
 func TestDebugPrintRoutes(t *testing.T) {
 	re := captureOutput(t, func() {
 		SetMode(DebugMode)
-		debugPrintRoute("GET", "/path/to/route/:param", HandlersChain{func(c *Context) {}, handlerNameTest})
+		debugPrintRoute(http.MethodGet, "/path/to/route/:param", HandlersChain{func(c *Context) {}, handlerNameTest})
 		SetMode(TestMode)
 	})
 	assert.Regexp(t, `^\[GIN-debug\] GET    /path/to/route/:param     --> (.*/vendor/)?github.com/gin-gonic/gin.handlerNameTest \(2 handlers\)\n$`, re)
@@ -71,7 +80,7 @@ func TestDebugPrintRouteFunc(t *testing.T) {
 	}
 	re := captureOutput(t, func() {
 		SetMode(DebugMode)
-		debugPrintRoute("GET", "/path/to/route/:param1/:param2", HandlersChain{func(c *Context) {}, handlerNameTest})
+		debugPrintRoute(http.MethodGet, "/path/to/route/:param1/:param2", HandlersChain{func(c *Context) {}, handlerNameTest})
 		SetMode(TestMode)
 	})
 	assert.Regexp(t, `^\[GIN-debug\] GET    /path/to/route/:param1/:param2           --> (.*/vendor/)?github.com/gin-gonic/gin.handlerNameTest \(2 handlers\)\n$`, re)
@@ -102,12 +111,17 @@ func TestDebugPrintWARNINGDefault(t *testing.T) {
 		debugPrintWARNINGDefault()
 		SetMode(TestMode)
 	})
-	m, e := getMinVer(runtime.Version())
-	if e == nil && m < ginSupportMinGoVer {
-		assert.Equal(t, "[GIN-debug] [WARNING] Now Gin requires Go 1.16+.\n\n[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
-	} else {
-		assert.Equal(t, "[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
-	}
+	assert.Equal(t, "[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
+}
+
+func TestDebugPrintWARNINGDefaultWithUnsupportedVersion(t *testing.T) {
+	runtimeVersion = "go1.23.12"
+	re := captureOutput(t, func() {
+		SetMode(DebugMode)
+		debugPrintWARNINGDefault()
+		SetMode(TestMode)
+	})
+	assert.Equal(t, "[GIN-debug] [WARNING] Now Gin requires Go 1.24+.\n\n[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
 }
 
 func TestDebugPrintWARNINGNew(t *testing.T) {
@@ -154,13 +168,13 @@ func TestGetMinVer(t *testing.T) {
 	var m uint64
 	var e error
 	_, e = getMinVer("go1")
-	assert.NotNil(t, e)
+	require.Error(t, e)
 	m, e = getMinVer("go1.1")
 	assert.Equal(t, uint64(1), m)
-	assert.Nil(t, e)
+	require.NoError(t, e)
 	m, e = getMinVer("go1.1.1")
-	assert.Nil(t, e)
+	require.NoError(t, e)
 	assert.Equal(t, uint64(1), m)
 	_, e = getMinVer("go1.1.1.1")
-	assert.NotNil(t, e)
+	require.Error(t, e)
 }

deprecated.go

@@ -12,8 +12,10 @@ import (
 
 // BindWith binds the passed struct pointer using the specified binding engine.
 // See the binding package.
+//
+// Deprecated: Use MustBindWith or ShouldBindWith.
 func (c *Context) BindWith(obj any, b binding.Binding) error {
-	log.Println(`BindWith(\"interface{}, binding.Binding\") error is going to
+	log.Println(`BindWith(\"any, binding.Binding\") error is going to
 	be deprecated, please check issue #662 and either use MustBindWith() if you
 	want HTTP 400 to be automatically returned if any error occur, or use
 	ShouldBindWith() if you need to manage the error.`)

deprecated_test.go

@@ -18,7 +18,7 @@ func TestBindWith(t *testing.T) {
 	w := httptest.NewRecorder()
 	c, _ := CreateTestContext(w)
 
-	c.Request, _ = http.NewRequest("POST", "/?foo=bar&bar=foo", bytes.NewBufferString("foo=unused"))
+	c.Request, _ = http.NewRequest(http.MethodPost, "/?foo=bar&bar=foo", bytes.NewBufferString("foo=unused"))
 
 	var obj struct {
 		Foo string `form:"foo"`

doc.go

@@ -2,5 +2,21 @@
 Package gin implements a HTTP web framework called gin.
 
 See https://gin-gonic.com/ for more information about gin.
+
+Example:
+
+	package main
+
+	import "github.com/gin-gonic/gin"
+
+	func main() {
+		r := gin.Default()
+		r.GET("/ping", func(c *gin.Context) {
+			c.JSON(200, gin.H{
+				"message": "pong",
+			})
+		})
+		r.Run() // listen and serve on 0.0.0.0:8080
+	}
 */
 package gin // import "github.com/gin-gonic/gin"

docs/doc.md

@@ -26,7 +26,10 @@
   - [Custom Validators](#custom-validators)
   - [Only Bind Query String](#only-bind-query-string)
   - [Bind Query String or Post Data](#bind-query-string-or-post-data)
+  - [Bind default value if none provided](#bind-default-value-if-none-provided)
+  - [Collection format for arrays](#collection-format-for-arrays)
   - [Bind Uri](#bind-uri)
+  - [Bind custom unmarshaler](#bind-custom-unmarshaler)
   - [Bind Header](#bind-header)
   - [Bind HTML checkboxes](#bind-html-checkboxes)
   - [Multipart/Urlencoded binding](#multiparturlencoded-binding)
@@ -60,6 +63,7 @@
   - [http2 server push](#http2-server-push)
   - [Define format for the log of routes](#define-format-for-the-log-of-routes)
   - [Set and get a cookie](#set-and-get-a-cookie)
+  - [Custom json codec at runtime](#custom-json-codec-at-runtime)
 - [Don't trust all proxies](#dont-trust-all-proxies)
 - [Testing](#testing)
 
@@ -67,7 +71,7 @@
 
 ### Build with json replacement
 
-Gin uses `encoding/json` as default json package but you can change it by build from other tags.
+Gin uses `encoding/json` as the default JSON package but you can change it by building from other tags.
 
 [jsoniter](https://github.com/json-iterator/go)
 
@@ -81,10 +85,10 @@ go build -tags=jsoniter .
 go build -tags=go_json .
 ```
 
-[sonic](https://github.com/bytedance/sonic) (you have to ensure that your cpu support avx instruction.)
+[sonic](https://github.com/bytedance/sonic)
 
 ```sh
-$ go build -tags="sonic avx" .
+$ go build -tags=sonic .
 ```
 
 ### Build without `MsgPack` rendering feature
@@ -117,7 +121,7 @@ func main() {
   router.HEAD("/someHead", head)
   router.OPTIONS("/someOptions", options)
 
-  // By default it serves on :8080 unless a
+  // By default, it serves on :8080 unless a
   // PORT environment variable was defined.
   router.Run()
   // router.Run(":3000") for a hard coded port
@@ -169,7 +173,7 @@ func main() {
   router := gin.Default()
 
   // Query string parameters are parsed using the existing underlying request object.
-  // The request responds to an url matching:  /welcome?firstname=Jane&lastname=Doe
+  // The request responds to a URL matching: /welcome?firstname=Jane&lastname=Doe
   router.GET("/welcome", func(c *gin.Context) {
     firstname := c.DefaultQuery("firstname", "Guest")
     lastname := c.Query("lastname") // shortcut for c.Request.URL.Query().Get("lastname")
@@ -297,7 +301,7 @@ curl -X POST http://localhost:8080/upload \
 
 #### Multiple files
 
-See the detail [example code](https://github.com/gin-gonic/examples/tree/master/upload-file/multiple).
+See the detailed [example code](https://github.com/gin-gonic/examples/tree/master/upload-file/multiple).
 
 ```go
 func main() {
@@ -337,16 +341,16 @@ func main() {
   router := gin.Default()
 
   // Simple group: v1
-  v1 := router.Group("/v1")
   {
+    v1 := router.Group("/v1")
     v1.POST("/login", loginEndpoint)
     v1.POST("/submit", submitEndpoint)
     v1.POST("/read", readEndpoint)
   }
 
   // Simple group: v2
-  v2 := router.Group("/v2")
   {
+    v2 := router.Group("/v2")
     v2.POST("/login", loginEndpoint)
     v2.POST("/submit", submitEndpoint)
     v2.POST("/read", readEndpoint)
@@ -425,7 +429,7 @@ func main() {
   r.Use(gin.Logger())
 
   // Recovery middleware recovers from any panics and writes a 500 if there was one.
-  r.Use(gin.CustomRecovery(func(c *gin.Context, recovered interface{}) {
+  r.Use(gin.CustomRecovery(func(c *gin.Context, recovered any) {
     if err, ok := recovered.(string); ok {
       c.String(http.StatusInternalServerError, fmt.Sprintf("error: %s", err))
     }
@@ -508,6 +512,44 @@ Sample Output
 ::1 - [Fri, 07 Dec 2018 17:04:38 JST] "GET /ping HTTP/1.1 200 122.767µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36" "
 ```
 
+### Skip logging
+
+```go
+func main() {
+  router := gin.New()
+
+  // skip logging for desired paths by setting SkipPaths in LoggerConfig
+  loggerConfig := gin.LoggerConfig{SkipPaths: []string{"/metrics"}}
+
+  // skip logging based on your logic by setting Skip func in LoggerConfig
+  loggerConfig.Skip = func(c *gin.Context) bool {
+      // as an example skip non server side errors
+      return c.Writer.Status() < http.StatusInternalServerError
+  }
+
+  router.Use(gin.LoggerWithConfig(loggerConfig))
+  router.Use(gin.Recovery())
+
+  // skipped
+  router.GET("/metrics", func(c *gin.Context) {
+      c.Status(http.StatusNotImplemented)
+  })
+
+  // skipped
+  router.GET("/ping", func(c *gin.Context) {
+      c.String(http.StatusOK, "pong")
+  })
+
+  // not skipped
+  router.GET("/data", func(c *gin.Context) {
+    c.Status(http.StatusNotImplemented)
+  })
+
+  router.Run(":8080")
+}
+
+```
+
 ### Controlling Log output coloring
 
 By default, logs output on console should be colorized depending on the detected TTY.
@@ -574,7 +616,7 @@ You can also specify that specific fields are required. If a field is decorated
 ```go
 // Binding from JSON
 type Login struct {
-  User     string `form:"user" json:"user" xml:"user"  binding:"required"`
+  User     string `form:"user" json:"user" xml:"user" binding:"required"`
   Password string `form:"password" json:"password" xml:"password" binding:"required"`
 }
 
@@ -663,7 +705,7 @@ $ curl -v -X POST \
 {"error":"Key: 'Login.Password' Error:Field validation for 'Password' failed on the 'required' tag"}
 ```
 
-Skip validate: when running the above example using the above the `curl` command, it returns error. Because the example use `binding:"required"` for `Password`. If use `binding:"-"` for `Password`, then it will not return error when running the above example again.
+Skip-validation: Running the example above using the `curl` command returns an error. This is because the example uses `binding:"required"` for `Password`. If instead, you use `binding:"-"` for `Password`, then it will not return an error when you run the example again.
 
 ### Custom Validators
 
@@ -791,6 +833,8 @@ type Person struct {
   Birthday   time.Time `form:"birthday" time_format:"2006-01-02" time_utc:"1"`
   CreateTime time.Time `form:"createTime" time_format:"unixNano"`
   UnixTime   time.Time `form:"unixTime" time_format:"unix"`
+  UnixMilliTime   time.Time `form:"unixMilliTime" time_format:"unixmilli"`
+  UnixMicroTime   time.Time `form:"unixMicroTime" time_format:"uNiXmIcRo"` // case does not matter for "unix*" time formats
 }
 
 func main() {
@@ -810,6 +854,8 @@ func startPage(c *gin.Context) {
     log.Println(person.Birthday)
     log.Println(person.CreateTime)
     log.Println(person.UnixTime)
+    log.Println(person.UnixMilliTime)
+    log.Println(person.UnixMicroTime)
   }
 
   c.String(http.StatusOK, "Success")
@@ -819,7 +865,107 @@ func startPage(c *gin.Context) {
 Test it with:
 
 ```sh
-curl -X GET "localhost:8085/testing?name=appleboy&address=xyz&birthday=1992-03-15&createTime=1562400033000000123&unixTime=1562400033"
+curl -X GET "localhost:8085/testing?name=appleboy&address=xyz&birthday=1992-03-15&createTime=1562400033000000123&unixTime=1562400033&unixMilliTime=1562400033001&unixMicroTime=1562400033000012"
+```
+
+
+### Bind default value if none provided
+
+If the server should bind a default value to a field when the client does not provide one, specify the default value using the `default` key within the `form` tag:
+
+```go
+package main
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+type Person struct {
+	Name      string    `form:"name,default=William"`
+	Age       int       `form:"age,default=10"`
+	Friends   []string  `form:"friends,default=Will;Bill"`
+	Addresses [2]string `form:"addresses,default=foo bar" collection_format:"ssv"`
+	LapTimes  []int     `form:"lap_times,default=1;2;3" collection_format:"csv"`
+}
+
+func main() {
+	g := gin.Default()
+	g.POST("/person", func(c *gin.Context) {
+		var req Person
+		if err := c.ShouldBindQuery(&req); err != nil {
+			c.JSON(http.StatusBadRequest, err)
+			return
+		}
+		c.JSON(http.StatusOK, req)
+	})
+	_ = g.Run("localhost:8080")
+}
+```
+
+```
+curl -X POST http://localhost:8080/person
+{"Name":"William","Age":10,"Friends":["Will","Bill"],"Colors":["red","blue"],"LapTimes":[1,2,3]}
+```
+
+NOTE: For default [collection values](#collection-format-for-arrays), the following rules apply:
+- Since commas are used to delimit tag options, they are not supported within a default value and will result in undefined behavior
+- For the collection formats "multi" and "csv", a semicolon should be used in place of a comma to delimited default values
+- Since semicolons are used to delimit default values for "multi" and "csv", they are not supported within a default value for "multi" and "csv"
+
+
+#### Collection format for arrays
+
+| Format          | Description                                               | Example                 |
+| --------------- | --------------------------------------------------------- | ----------------------- |
+| multi (default) | Multiple parameter instances rather than multiple values. | key=foo&key=bar&key=baz |
+| csv             | Comma-separated values.                                   | foo,bar,baz             |
+| ssv             | Space-separated values.                                   | foo bar baz             |
+| tsv             | Tab-separated values.                                     | "foo\tbar\tbaz"         |
+| pipes           | Pipe-separated values.                                    | foo\|bar\|baz           |
+
+```go
+package main
+
+import (
+	"log"
+	"time"
+	"github.com/gin-gonic/gin"
+)
+
+type Person struct {
+	Name       string    `form:"name"`
+	Addresses  []string  `form:"addresses" collection_format:"csv"`
+	Birthday   time.Time `form:"birthday" time_format:"2006-01-02" time_utc:"1"`
+	CreateTime time.Time `form:"createTime" time_format:"unixNano"`
+	UnixTime   time.Time `form:"unixTime" time_format:"unix"`
+}
+
+func main() {
+	route := gin.Default()
+	route.GET("/testing", startPage)
+	route.Run(":8085")
+}
+func startPage(c *gin.Context) {
+	var person Person
+	// If `GET`, only `Form` binding engine (`query`) used.
+	// If `POST`, first checks the `content-type` for `JSON` or `XML`, then uses `Form` (`form-data`).
+	// See more at https://github.com/gin-gonic/gin/blob/master/binding/binding.go#L48
+        if c.ShouldBind(&person) == nil {
+                log.Println(person.Name)
+                log.Println(person.Addresses)
+                log.Println(person.Birthday)
+                log.Println(person.CreateTime)
+                log.Println(person.UnixTime)
+        }
+	c.String(200, "Success")
+}
+```
+
+Test it with:
+```sh
+$ curl -X GET "localhost:8085/testing?name=appleboy&addresses=foo,bar&birthday=1992-03-15&createTime=1562400033000000123&unixTime=1562400033"
 ```
 
 ### Bind Uri
@@ -861,6 +1007,46 @@ curl -v localhost:8088/thinkerou/987fbc97-4bed-5078-9f07-9141ba07c9f3
 curl -v localhost:8088/thinkerou/not-uuid
 ```
 
+### Bind custom unmarshaler
+
+```go
+package main
+
+import (
+  "github.com/gin-gonic/gin"
+  "strings"
+)
+
+type Birthday string
+
+func (b *Birthday) UnmarshalParam(param string) error {
+  *b = Birthday(strings.Replace(param, "-", "/", -1))
+  return nil
+}
+
+func main() {
+  route := gin.Default()
+  var request struct {
+    Birthday Birthday `form:"birthday"`
+  }
+  route.GET("/test", func(ctx *gin.Context) {
+    _ = ctx.BindQuery(&request)
+    ctx.JSON(200, request.Birthday)
+  })
+  route.Run(":8088")
+}
+```
+
+Test it with:
+
+```sh
+curl 'localhost:8088/test?birthday=2000-01-01'
+```
+Result
+```sh
+"2000/01/01"
+```
+
 ### Bind Header
 
 ```go
@@ -996,13 +1182,13 @@ curl -X POST -v --form name=user --form "avatar=@./avatar.png" http://localhost:
 func main() {
   r := gin.Default()
 
-  // gin.H is a shortcut for map[string]interface{}
+  // gin.H is a shortcut for map[string]any
   r.GET("/someJSON", func(c *gin.Context) {
     c.JSON(http.StatusOK, gin.H{"message": "hey", "status": http.StatusOK})
   })
 
   r.GET("/moreJSON", func(c *gin.Context) {
-    // You also can use a struct
+    // You can also use a struct
     var msg struct {
       Name    string `json:"user"`
       Message string
@@ -1071,7 +1257,7 @@ func main() {
 
 #### JSONP
 
-Using JSONP to request data from a server  in a different domain. Add callback to response body if the query parameter callback exists.
+Using JSONP to request data from a server in a different domain. Add callback to response body if the query parameter callback exists.
 
 ```go
 func main() {
@@ -1120,7 +1306,7 @@ func main() {
 
 #### PureJSON
 
-Normally, JSON replaces special HTML characters with their unicode entities, e.g. `<` becomes  `\u003c`. If you want to encode such characters literally, you can use PureJSON instead.
+Normally, JSON replaces special HTML characters with their unicode entities, e.g. `<` becomes `\u003c`. If you want to encode such characters literally, you can use PureJSON instead.
 This feature is unavailable in Go 1.6 and lower.
 
 ```go
@@ -1155,7 +1341,7 @@ func main() {
   router.StaticFS("/more_static", http.Dir("my_file_system"))
   router.StaticFile("/favicon.ico", "./resources/favicon.ico")
   router.StaticFileFS("/more_favicon.ico", "more_favicon.ico", http.Dir("my_file_system"))
-  
+
   // Listen and serve on 0.0.0.0:8080
   router.Run(":8080")
 }
@@ -1208,13 +1394,19 @@ func main() {
 
 ### HTML rendering
 
-Using LoadHTMLGlob() or LoadHTMLFiles()
+Using LoadHTMLGlob() or LoadHTMLFiles() or LoadHTMLFS()
 
 ```go
+//go:embed templates/*
+var templates embed.FS
+
 func main() {
   router := gin.Default()
   router.LoadHTMLGlob("templates/*")
   //router.LoadHTMLFiles("templates/template1.html", "templates/template2.html")
+  //router.LoadHTMLFS(http.Dir("templates"), "template1.html", "template2.html")
+  //or
+  //router.LoadHTMLFS(http.FS(templates), "templates/template1.html", "templates/template2.html")
   router.GET("/index", func(c *gin.Context) {
     c.HTML(http.StatusOK, "index.tmpl", gin.H{
       "title": "Main website",
@@ -1305,7 +1497,7 @@ You may use custom delims
 
 #### Custom Template Funcs
 
-See the detail [example code](https://github.com/gin-gonic/examples/tree/master/template).
+See the detailed [example code](https://github.com/gin-gonic/examples/tree/master/template).
 
 main.go
 
@@ -1357,7 +1549,7 @@ Date: 2017/07/01
 
 ### Multitemplate
 
-Gin allow by default use only one html.Template. Check [a multitemplate render](https://github.com/gin-contrib/multitemplate) for using features like go 1.6 `block template`.
+Gin allows only one html.Template by default. Check [a multitemplate render](https://github.com/gin-contrib/multitemplate) for using features like go 1.6 `block template`.
 
 ### Redirects
 
@@ -1906,7 +2098,7 @@ type formB struct {
 func SomeHandler(c *gin.Context) {
   objA := formA{}
   objB := formB{}
-  // This c.ShouldBind consumes c.Request.Body and it cannot be reused.
+  // Calling c.ShouldBind consumes c.Request.Body and it cannot be reused.
   if errA := c.ShouldBind(&objA); errA == nil {
     c.String(http.StatusOK, `the body should be formA`)
   // Always an error is occurred by this because c.Request.Body is EOF now.
@@ -1918,7 +2110,12 @@ func SomeHandler(c *gin.Context) {
 }
 ```
 
-For this, you can use `c.ShouldBindBodyWith`.
+For this, you can use `c.ShouldBindBodyWith` or shortcuts.
+
+- `c.ShouldBindBodyWithJSON` is a shortcut for c.ShouldBindBodyWith(obj, binding.JSON).
+- `c.ShouldBindBodyWithXML` is a shortcut for c.ShouldBindBodyWith(obj, binding.XML).
+- `c.ShouldBindBodyWithYAML` is a shortcut for c.ShouldBindBodyWith(obj, binding.YAML).
+- `c.ShouldBindBodyWithTOML` is a shortcut for c.ShouldBindBodyWith(obj, binding.TOML).
 
 ```go
 func SomeHandler(c *gin.Context) {
@@ -1931,7 +2128,7 @@ func SomeHandler(c *gin.Context) {
   } else if errB := c.ShouldBindBodyWith(&objB, binding.JSON); errB == nil {
     c.String(http.StatusOK, `the body should be formB JSON`)
   // And it can accepts other formats
-  } else if errB2 := c.ShouldBindBodyWith(&objB, binding.XML); errB2 == nil {
+  } else if errB2 := c.ShouldBindBodyWithXML(&objB); errB2 == nil {
     c.String(http.StatusOK, `the body should be formB XML`)
   } else {
     ...
@@ -1961,7 +2158,7 @@ func (customerBinding) Name() string {
   return "form"
 }
 
-func (customerBinding) Bind(req *http.Request, obj interface{}) error {
+func (customerBinding) Bind(req *http.Request, obj any) error {
   if err := req.ParseForm(); err != nil {
     return err
   }
@@ -1976,7 +2173,7 @@ func (customerBinding) Bind(req *http.Request, obj interface{}) error {
   return validate(obj)
 }
 
-func validate(obj interface{}) error {
+func validate(obj any) error {
   if binding.Validator == nil {
     return nil
   }
@@ -2108,12 +2305,64 @@ func main() {
   router := gin.Default()
 
   router.GET("/cookie", func(c *gin.Context) {
+    cookie, err := c.Cookie("gin_cookie")
 
+    if err != nil {
+      cookie = "NotSet"
+      // Using http.Cookie struct for more control
+      c.SetCookieData(&http.Cookie{
+        Name:       "gin_cookie",
+        Value:      "test",
+        Path:       "/",
+        Domain:     "localhost",
+        MaxAge:     3600,
+        Secure:     false,
+        HttpOnly:   true,
+        // Additional fields available in http.Cookie
+        Expires:    time.Now().Add(24 * time.Hour),
+        // Partitioned: true, // Available in newer Go versions
+      })
+    }
+
+    fmt.Printf("Cookie value: %s \n", cookie)
+  })
+
+  router.Run()
+}
+```
+
+You can also use the `SetCookieData` method, which accepts a `*http.Cookie` directly for more flexibility:
+
+```go
+import (
+  "fmt"
+  "net/http"
+  "time"
+
+  "github.com/gin-gonic/gin"
+)
+
+func main() {
+  router := gin.Default()
+
+  router.GET("/cookie", func(c *gin.Context) {
       cookie, err := c.Cookie("gin_cookie")
 
       if err != nil {
           cookie = "NotSet"
-          c.SetCookie("gin_cookie", "test", 3600, "/", "localhost", false, true)
+          // Using http.Cookie struct for more control
+          c.SetCookieData(&http.Cookie{
+              Name:       "gin_cookie",
+              Value:      "test",
+              Path:       "/",
+              Domain:     "localhost",
+              MaxAge:     3600,
+              Secure:     false,
+              HttpOnly:   true,
+              // Additional fields available in http.Cookie
+              Expires:    time.Now().Add(24 * time.Hour),
+              // Partitioned: true, // Available in newer Go versions
+          })
       }
 
       fmt.Printf("Cookie value: %s \n", cookie)
@@ -2123,6 +2372,65 @@ func main() {
 }
 ```
 
+### Custom json codec at runtime
+
+Gin support custom json serialization and deserialization logic without using compile tags.
+
+1. Define a custom struct implements the `json.Core` interface.
+
+2. Before your engine starts, assign values to `json.API` using the custom struct.
+
+```go
+package main
+
+import (
+  "io"
+
+  "github.com/gin-gonic/gin"
+  "github.com/gin-gonic/gin/codec/json"
+  jsoniter "github.com/json-iterator/go"
+)
+
+var customConfig = jsoniter.Config{
+  EscapeHTML:             true,
+  SortMapKeys:            true,
+  ValidateJsonRawMessage: true,
+}.Froze()
+
+// implement api.JsonApi
+type customJsonApi struct {
+}
+
+func (j customJsonApi) Marshal(v any) ([]byte, error) {
+  return customConfig.Marshal(v)
+}
+
+func (j customJsonApi) Unmarshal(data []byte, v any) error {
+  return customConfig.Unmarshal(data, v)
+}
+
+func (j customJsonApi) MarshalIndent(v any, prefix, indent string) ([]byte, error) {
+  return customConfig.MarshalIndent(v, prefix, indent)
+}
+
+func (j customJsonApi) NewEncoder(writer io.Writer) json.Encoder {
+  return customConfig.NewEncoder(writer)
+}
+
+func (j customJsonApi) NewDecoder(reader io.Reader) json.Decoder {
+  return customConfig.NewDecoder(reader)
+}
+
+func main() {
+  //Replace the default json api
+  json.API = customJsonApi{}
+
+  //Start your gin engine
+  router := gin.Default()
+  router.Run(":8080")
+}
+```
+
 ## Don't trust all proxies
 
 Gin lets you specify which headers to hold the real client IP (if any),
@@ -2134,7 +2442,7 @@ or network CIDRs from where clients which their request headers related to clien
 IP can be trusted. They can be IPv4 addresses, IPv4 CIDRs, IPv6 addresses or
 IPv6 CIDRs.
 
-**Attention:** Gin trust all proxies by default if you don't specify a trusted 
+**Attention:** Gin trusts all proxies by default if you don't specify a trusted
 proxy using the function above, **this is NOT safe**. At the same time, if you don't
 use any proxy, you can disable this feature by using `Engine.SetTrustedProxies(nil)`,
 then `Context.ClientIP()` will return the remote address directly to avoid some
@@ -2163,7 +2471,7 @@ func main() {
 ```
 
 **Notice:** If you are using a CDN service, you can set the `Engine.TrustedPlatform`
-to skip TrustedProxies check, it has a higher priority than TrustedProxies. 
+to skip TrustedProxies check, it has a higher priority than TrustedProxies.
 Look at the example below:
 
 ```go
@@ -2176,10 +2484,16 @@ import (
 func main() {
   router := gin.Default()
   // Use predefined header gin.PlatformXXX
+  // Google App Engine
   router.TrustedPlatform = gin.PlatformGoogleAppEngine
-  // Or set your own trusted request header for another trusted proxy service
-  // Don't set it to any suspect request header, it's unsafe
-  router.TrustedPlatform = "X-CDN-IP"
+  // Cloudflare
+  router.TrustedPlatform = gin.PlatformCloudflare
+  // Fly.io
+  router.TrustedPlatform = gin.PlatformFlyIO
+  // Or, you can set your own trusted request header. But be sure your CDN
+  // prevents users from passing this header! For example, if your CDN puts
+  // the client IP in X-CDN-Client-IP:
+  router.TrustedPlatform = "X-CDN-Client-IP"
 
   router.GET("/", func(c *gin.Context) {
     // If you set TrustedPlatform, ClientIP() will resolve the

errors.go

@@ -9,7 +9,7 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/gin-gonic/gin/internal/json"
+	"github.com/gin-gonic/gin/codec/json"
 )
 
 // ErrorType is an unsigned 64-bit error code as defined in the gin spec.
@@ -77,7 +77,7 @@ func (msg *Error) JSON() any {
 
 // MarshalJSON implements the json.Marshaller interface.
 func (msg *Error) MarshalJSON() ([]byte, error) {
-	return json.Marshal(msg.JSON())
+	return json.API.Marshal(msg.JSON())
 }
 
 // Error implements the error interface.
@@ -91,7 +91,7 @@ func (msg *Error) IsType(flags ErrorType) bool {
 }
 
 // Unwrap returns the wrapped error, to allow interoperability with errors.Is(), errors.As() and errors.Unwrap()
-func (msg *Error) Unwrap() error {
+func (msg Error) Unwrap() error {
 	return msg.Err
 }
 
@@ -157,7 +157,7 @@ func (a errorMsgs) JSON() any {
 
 // MarshalJSON implements the json.Marshaller interface.
 func (a errorMsgs) MarshalJSON() ([]byte, error) {
-	return json.Marshal(a.JSON())
+	return json.API.Marshal(a.JSON())
 }
 
 func (a errorMsgs) String() string {

errors_test.go

@@ -9,8 +9,9 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/gin-gonic/gin/internal/json"
+	"github.com/gin-gonic/gin/codec/json"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestError(t *testing.T) {
@@ -32,8 +33,8 @@ func TestError(t *testing.T) {
 		"meta":  "some data",
 	}, err.JSON())
 
-	jsonBytes, _ := json.Marshal(err)
-	assert.Equal(t, "{\"error\":\"test error\",\"meta\":\"some data\"}", string(jsonBytes))
+	jsonBytes, _ := json.API.Marshal(err)
+	assert.JSONEq(t, "{\"error\":\"test error\",\"meta\":\"some data\"}", string(jsonBytes))
 
 	err.SetMeta(H{ //nolint: errcheck
 		"status": "200",
@@ -91,14 +92,14 @@ Error #03: third
 		H{"error": "second", "meta": "some data"},
 		H{"error": "third", "status": "400"},
 	}, errs.JSON())
-	jsonBytes, _ := json.Marshal(errs)
-	assert.Equal(t, "[{\"error\":\"first\"},{\"error\":\"second\",\"meta\":\"some data\"},{\"error\":\"third\",\"status\":\"400\"}]", string(jsonBytes))
+	jsonBytes, _ := json.API.Marshal(errs)
+	assert.JSONEq(t, "[{\"error\":\"first\"},{\"error\":\"second\",\"meta\":\"some data\"},{\"error\":\"third\",\"status\":\"400\"}]", string(jsonBytes))
 	errs = errorMsgs{
 		{Err: errors.New("first"), Type: ErrorTypePrivate},
 	}
 	assert.Equal(t, H{"error": "first"}, errs.JSON())
-	jsonBytes, _ = json.Marshal(errs)
-	assert.Equal(t, "{\"error\":\"first\"}", string(jsonBytes))
+	jsonBytes, _ = json.API.Marshal(errs)
+	assert.JSONEq(t, "{\"error\":\"first\"}", string(jsonBytes))
 
 	errs = errorMsgs{}
 	assert.Nil(t, errs.Last())
@@ -122,7 +123,18 @@ func TestErrorUnwrap(t *testing.T) {
 	})
 
 	// check that 'errors.Is()' and 'errors.As()' behave as expected :
-	assert.True(t, errors.Is(err, innerErr))
+	require.ErrorIs(t, err, innerErr)
 	var testErr TestErr
-	assert.True(t, errors.As(err, &testErr))
+	require.ErrorAs(t, err, &testErr)
+
+	// Test non-pointer usage of gin.Error
+	errNonPointer := Error{
+		Err:  innerErr,
+		Type: ErrorTypeAny,
+	}
+	wrappedErr := fmt.Errorf("wrapped: %w", errNonPointer)
+	// Check that 'errors.Is()' and 'errors.As()' behave as expected for non-pointer usage
+	require.ErrorIs(t, wrappedErr, innerErr)
+	var testErrNonPointer TestErr
+	require.ErrorAs(t, wrappedErr, &testErrNonPointer)
 }

fs.go

@@ -9,37 +9,42 @@ import (
 	"os"
 )
 
-type onlyFilesFS struct {
-	fs http.FileSystem
+// OnlyFilesFS implements an http.FileSystem without `Readdir` functionality.
+type OnlyFilesFS struct {
+	FileSystem http.FileSystem
 }
 
-type neuteredReaddirFile struct {
-	http.File
-}
-
-// Dir returns a http.FileSystem that can be used by http.FileServer(). It is used internally
-// in router.Static().
-// if listDirectory == true, then it works the same as http.Dir() otherwise it returns
-// a filesystem that prevents http.FileServer() to list the directory files.
-func Dir(root string, listDirectory bool) http.FileSystem {
-	fs := http.Dir(root)
-	if listDirectory {
-		return fs
-	}
-	return &onlyFilesFS{fs}
-}
-
-// Open conforms to http.Filesystem.
-func (fs onlyFilesFS) Open(name string) (http.File, error) {
-	f, err := fs.fs.Open(name)
+// Open passes `Open` to the upstream implementation without `Readdir` functionality.
+func (o OnlyFilesFS) Open(name string) (http.File, error) {
+	f, err := o.FileSystem.Open(name)
 	if err != nil {
 		return nil, err
 	}
-	return neuteredReaddirFile{f}, nil
+
+	return neutralizedReaddirFile{f}, nil
 }
 
-// Readdir overrides the http.File default implementation.
-func (f neuteredReaddirFile) Readdir(count int) ([]os.FileInfo, error) {
+// neutralizedReaddirFile wraps http.File with a specific implementation of `Readdir`.
+type neutralizedReaddirFile struct {
+	http.File
+}
+
+// Readdir overrides the http.File default implementation and always returns nil.
+func (n neutralizedReaddirFile) Readdir(_ int) ([]os.FileInfo, error) {
 	// this disables directory listing
 	return nil, nil
 }
+
+// Dir returns an http.FileSystem that can be used by http.FileServer().
+// It is used internally in router.Static().
+// if listDirectory == true, then it works the same as http.Dir(),
+// otherwise it returns a filesystem that prevents http.FileServer() to list the directory files.
+func Dir(root string, listDirectory bool) http.FileSystem {
+	fs := http.Dir(root)
+
+	if listDirectory {
+		return fs
+	}
+
+	return &OnlyFilesFS{FileSystem: fs}
+}

fs_test.go

@@ -0,0 +1,72 @@
+package gin
+
+import (
+	"errors"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type mockFileSystem struct {
+	open func(name string) (http.File, error)
+}
+
+func (m *mockFileSystem) Open(name string) (http.File, error) {
+	return m.open(name)
+}
+
+func TestOnlyFilesFS_Open(t *testing.T) {
+	var testFile *os.File
+	mockFS := &mockFileSystem{
+		open: func(name string) (http.File, error) {
+			return testFile, nil
+		},
+	}
+	fs := &OnlyFilesFS{FileSystem: mockFS}
+
+	file, err := fs.Open("foo")
+
+	require.NoError(t, err)
+	assert.Equal(t, testFile, file.(neutralizedReaddirFile).File)
+}
+
+func TestOnlyFilesFS_Open_err(t *testing.T) {
+	testError := errors.New("mock")
+	mockFS := &mockFileSystem{
+		open: func(_ string) (http.File, error) {
+			return nil, testError
+		},
+	}
+	fs := &OnlyFilesFS{FileSystem: mockFS}
+
+	file, err := fs.Open("foo")
+
+	require.ErrorIs(t, err, testError)
+	assert.Nil(t, file)
+}
+
+func Test_neuteredReaddirFile_Readdir(t *testing.T) {
+	n := neutralizedReaddirFile{}
+
+	res, err := n.Readdir(0)
+
+	require.NoError(t, err)
+	assert.Nil(t, res)
+}
+
+func TestDir_listDirectory(t *testing.T) {
+	testRoot := "foo"
+	fs := Dir(testRoot, true)
+
+	assert.Equal(t, http.Dir(testRoot), fs)
+}
+
+func TestDir(t *testing.T) {
+	testRoot := "foo"
+	fs := Dir(testRoot, false)
+
+	assert.Equal(t, &OnlyFilesFS{FileSystem: http.Dir(testRoot)}, fs)
+}

gin.go

@@ -11,17 +11,23 @@ import (
 	"net/http"
 	"os"
 	"path"
-	"regexp"
 	"strings"
 	"sync"
 
 	"github.com/gin-gonic/gin/internal/bytesconv"
+	filesystem "github.com/gin-gonic/gin/internal/fs"
 	"github.com/gin-gonic/gin/render"
+	"github.com/quic-go/quic-go/http3"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"
 )
 
-const defaultMultipartMemory = 32 << 20 // 32 MB
+const (
+	defaultMultipartMemory = 32 << 20 // 32 MB
+	escapedColon           = "\\:"
+	colon                  = ":"
+	backslash              = "\\"
+)
 
 var (
 	default404Body = []byte("404 page not found")
@@ -41,12 +47,12 @@ var defaultTrustedCIDRs = []*net.IPNet{
 	},
 }
 
-var regSafePrefix = regexp.MustCompile("[^a-zA-Z0-9/-]+")
-var regRemoveRepeatedChar = regexp.MustCompile("/{2,}")
-
 // HandlerFunc defines the handler used by gin middleware as return value.
 type HandlerFunc func(*Context)
 
+// OptionFunc defines the function to change the default configuration
+type OptionFunc func(*Engine)
+
 // HandlersChain defines a HandlerFunc slice.
 type HandlersChain []HandlerFunc
 
@@ -77,6 +83,8 @@ const (
 	// PlatformCloudflare when using Cloudflare's CDN. Trust CF-Connecting-IP for determining
 	// the client's IP
 	PlatformCloudflare = "CF-Connecting-IP"
+	// PlatformFlyIO when running on Fly.io. Trust Fly-Client-IP for determining the client's IP
+	PlatformFlyIO = "Fly-Client-IP"
 )
 
 // Engine is the framework's instance, it contains the muxer, middleware and configuration settings.
@@ -84,6 +92,10 @@ const (
 type Engine struct {
 	RouterGroup
 
+	// routeTreesUpdated ensures that the initialization or update of the route trees
+	// (used for routing HTTP requests) happens only once, even if called multiple times concurrently.
+	routeTreesUpdated sync.Once
+
 	// RedirectTrailingSlash enables automatic redirection if the current route can't be matched but a
 	// handler for the path with (without) the trailing slash exists.
 	// For example if /foo/ is requested but a route only exists for /foo, the
@@ -123,10 +135,16 @@ type Engine struct {
 	AppEngine bool
 
 	// UseRawPath if enabled, the url.RawPath will be used to find parameters.
+	// The RawPath is only a hint, EscapedPath() should be use instead. (https://pkg.go.dev/net/url@master#URL)
+	// Only use RawPath if you know what you are doing.
 	UseRawPath bool
 
+	// UseEscapedPath if enable, the url.EscapedPath() will be used to find parameters
+	// It overrides UseRawPath
+	UseEscapedPath bool
+
 	// UnescapePathValues if true, the path value will be unescaped.
-	// If UseRawPath is false (by default), the UnescapePathValues effectively is true,
+	// If UseRawPath and UseEscapedPath are false (by default), the UnescapePathValues effectively is true,
 	// as url.Path gonna be used, which is already unescaped.
 	UnescapePathValues bool
 
@@ -179,8 +197,9 @@ var _ IRouter = (*Engine)(nil)
 // - HandleMethodNotAllowed: false
 // - ForwardedByClientIP:    true
 // - UseRawPath:             false
+// - UseEscapedPath: 		 false
 // - UnescapePathValues:     true
-func New() *Engine {
+func New(opts ...OptionFunc) *Engine {
 	debugPrintWARNINGNew()
 	engine := &Engine{
 		RouterGroup: RouterGroup{
@@ -196,6 +215,7 @@ func New() *Engine {
 		RemoteIPHeaders:        []string{"X-Forwarded-For", "X-Real-IP"},
 		TrustedPlatform:        defaultPlatform,
 		UseRawPath:             false,
+		UseEscapedPath:         false,
 		RemoveExtraSlash:       false,
 		UnescapePathValues:     true,
 		MaxMultipartMemory:     defaultMultipartMemory,
@@ -205,19 +225,19 @@ func New() *Engine {
 		trustedProxies:         []string{"0.0.0.0/0", "::/0"},
 		trustedCIDRs:           defaultTrustedCIDRs,
 	}
-	engine.RouterGroup.engine = engine
+	engine.engine = engine
 	engine.pool.New = func() any {
 		return engine.allocateContext(engine.maxParams)
 	}
-	return engine
+	return engine.With(opts...)
 }
 
 // Default returns an Engine instance with the Logger and Recovery middleware already attached.
-func Default() *Engine {
+func Default(opts ...OptionFunc) *Engine {
 	debugPrintWARNINGDefault()
 	engine := New()
 	engine.Use(Logger(), Recovery())
-	return engine
+	return engine.With(opts...)
 }
 
 func (engine *Engine) Handler() http.Handler {
@@ -275,6 +295,19 @@ func (engine *Engine) LoadHTMLFiles(files ...string) {
 	engine.SetHTMLTemplate(templ)
 }
 
+// LoadHTMLFS loads an http.FileSystem and a slice of patterns
+// and associates the result with HTML renderer.
+func (engine *Engine) LoadHTMLFS(fs http.FileSystem, patterns ...string) {
+	if IsDebugging() {
+		engine.HTMLRender = render.HTMLDebug{FileSystem: fs, Patterns: patterns, FuncMap: engine.FuncMap, Delims: engine.delims}
+		return
+	}
+
+	templ := template.Must(template.New("").Delims(engine.delims.Left, engine.delims.Right).Funcs(engine.FuncMap).ParseFS(
+		filesystem.FileSystem{FileSystem: fs}, patterns...))
+	engine.SetHTMLTemplate(templ)
+}
+
 // SetHTMLTemplate associate a template with HTML renderer.
 func (engine *Engine) SetHTMLTemplate(templ *template.Template) {
 	if len(engine.trees) > 0 {
@@ -311,6 +344,15 @@ func (engine *Engine) Use(middleware ...HandlerFunc) IRoutes {
 	return engine
 }
 
+// With returns an Engine with the configuration set in the OptionFunc.
+func (engine *Engine) With(opts ...OptionFunc) *Engine {
+	for _, opt := range opts {
+		opt(engine)
+	}
+
+	return engine
+}
+
 func (engine *Engine) rebuild404Handlers() {
 	engine.allNoRoute = engine.combineHandlers(engine.noRoute)
 }
@@ -334,7 +376,6 @@ func (engine *Engine) addRoute(method, path string, handlers HandlersChain) {
 	}
 	root.addRoute(path, handlers)
 
-	// Update maxParams
 	if paramsCount := countParams(path); paramsCount > engine.maxParams {
 		engine.maxParams = paramsCount
 	}
@@ -345,7 +386,7 @@ func (engine *Engine) addRoute(method, path string, handlers HandlersChain) {
 }
 
 // Routes returns a slice of registered routes, including some useful information, such as:
-// the http method, path and the handler name.
+// the http method, path, and the handler name.
 func (engine *Engine) Routes() (routes RoutesInfo) {
 	for _, tree := range engine.trees {
 		routes = iterate("", tree.method, routes, tree.root)
@@ -370,23 +411,6 @@ func iterate(path, method string, routes RoutesInfo, root *node) RoutesInfo {
 	return routes
 }
 
-// Run attaches the router to a http.Server and starts listening and serving HTTP requests.
-// It is a shortcut for http.ListenAndServe(addr, router)
-// Note: this method will block the calling goroutine indefinitely unless an error happens.
-func (engine *Engine) Run(addr ...string) (err error) {
-	defer func() { debugPrintError(err) }()
-
-	if engine.isUnsafeTrustedProxies() {
-		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
-			"Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.")
-	}
-
-	address := resolveAddress(addr)
-	debugPrint("Listening and serving HTTP on %s\n", address)
-	err = http.ListenAndServe(address, engine.Handler())
-	return
-}
-
 func (engine *Engine) prepareTrustedCIDRs() ([]*net.IPNet, error) {
 	if engine.trustedProxies == nil {
 		return nil, nil
@@ -476,6 +500,26 @@ func (engine *Engine) validateHeader(header string) (clientIP string, valid bool
 	return "", false
 }
 
+// updateRouteTree do update to the route tree recursively
+func updateRouteTree(n *node) {
+	n.path = strings.ReplaceAll(n.path, escapedColon, colon)
+	n.fullPath = strings.ReplaceAll(n.fullPath, escapedColon, colon)
+	n.indices = strings.ReplaceAll(n.indices, backslash, colon)
+	if n.children == nil {
+		return
+	}
+	for _, child := range n.children {
+		updateRouteTree(child)
+	}
+}
+
+// updateRouteTrees do update to the route trees
+func (engine *Engine) updateRouteTrees() {
+	for _, tree := range engine.trees {
+		updateRouteTree(tree.root)
+	}
+}
+
 // parseIP parse a string representation of an IP and returns a net.IP with the
 // minimum byte representation or nil if input is invalid.
 func parseIP(ip string) net.IP {
@@ -490,6 +534,27 @@ func parseIP(ip string) net.IP {
 	return parsedIP
 }
 
+// Run attaches the router to a http.Server and starts listening and serving HTTP requests.
+// It is a shortcut for http.ListenAndServe(addr, router)
+// Note: this method will block the calling goroutine indefinitely unless an error happens.
+func (engine *Engine) Run(addr ...string) (err error) {
+	defer func() { debugPrintError(err) }()
+
+	if engine.isUnsafeTrustedProxies() {
+		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
+			"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
+	}
+	engine.updateRouteTrees()
+	address := resolveAddress(addr)
+	debugPrint("Listening and serving HTTP on %s\n", address)
+	server := &http.Server{ // #nosec G112
+		Addr:    address,
+		Handler: engine.Handler(),
+	}
+	err = server.ListenAndServe()
+	return
+}
+
 // RunTLS attaches the router to a http.Server and starts listening and serving HTTPS (secure) requests.
 // It is a shortcut for http.ListenAndServeTLS(addr, certFile, keyFile, router)
 // Note: this method will block the calling goroutine indefinitely unless an error happens.
@@ -499,10 +564,14 @@ func (engine *Engine) RunTLS(addr, certFile, keyFile string) (err error) {
 
 	if engine.isUnsafeTrustedProxies() {
 		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
-			"Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.")
+			"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
 	}
 
-	err = http.ListenAndServeTLS(addr, certFile, keyFile, engine.Handler())
+	server := &http.Server{ // #nosec G112
+		Addr:    addr,
+		Handler: engine.Handler(),
+	}
+	err = server.ListenAndServeTLS(certFile, keyFile)
 	return
 }
 
@@ -515,7 +584,7 @@ func (engine *Engine) RunUnix(file string) (err error) {
 
 	if engine.isUnsafeTrustedProxies() {
 		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
-			"Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.")
+			"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
 	}
 
 	listener, err := net.Listen("unix", file)
@@ -525,7 +594,10 @@ func (engine *Engine) RunUnix(file string) (err error) {
 	defer listener.Close()
 	defer os.Remove(file)
 
-	err = http.Serve(listener, engine.Handler())
+	server := &http.Server{ // #nosec G112
+		Handler: engine.Handler(),
+	}
+	err = server.Serve(listener)
 	return
 }
 
@@ -538,10 +610,11 @@ func (engine *Engine) RunFd(fd int) (err error) {
 
 	if engine.isUnsafeTrustedProxies() {
 		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
-			"Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.")
+			"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
 	}
 
 	f := os.NewFile(uintptr(fd), fmt.Sprintf("fd@%d", fd))
+	defer f.Close()
 	listener, err := net.FileListener(f)
 	if err != nil {
 		return
@@ -551,6 +624,22 @@ func (engine *Engine) RunFd(fd int) (err error) {
 	return
 }
 
+// RunQUIC attaches the router to a http.Server and starts listening and serving QUIC requests.
+// It is a shortcut for http3.ListenAndServeQUIC(addr, certFile, keyFile, router)
+// Note: this method will block the calling goroutine indefinitely unless an error happens.
+func (engine *Engine) RunQUIC(addr, certFile, keyFile string) (err error) {
+	debugPrint("Listening and serving QUIC on %s\n", addr)
+	defer func() { debugPrintError(err) }()
+
+	if engine.isUnsafeTrustedProxies() {
+		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
+			"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
+	}
+
+	err = http3.ListenAndServeQUIC(addr, certFile, keyFile, engine.Handler())
+	return
+}
+
 // RunListener attaches the router to a http.Server and starts listening and serving HTTP requests
 // through the specified net.Listener
 func (engine *Engine) RunListener(listener net.Listener) (err error) {
@@ -559,15 +648,22 @@ func (engine *Engine) RunListener(listener net.Listener) (err error) {
 
 	if engine.isUnsafeTrustedProxies() {
 		debugPrint("[WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.\n" +
-			"Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.")
+			"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
 	}
 
-	err = http.Serve(listener, engine.Handler())
+	server := &http.Server{ // #nosec G112
+		Handler: engine.Handler(),
+	}
+	err = server.Serve(listener)
 	return
 }
 
 // ServeHTTP conforms to the http.Handler interface.
 func (engine *Engine) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	engine.routeTreesUpdated.Do(func() {
+		engine.updateRouteTrees()
+	})
+
 	c := engine.pool.Get().(*Context)
 	c.writermem.reset(w)
 	c.Request = req
@@ -583,17 +679,23 @@ func (engine *Engine) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 // Disclaimer: You can loop yourself to deal with this, use wisely.
 func (engine *Engine) HandleContext(c *Context) {
 	oldIndexValue := c.index
+	oldHandlers := c.handlers
 	c.reset()
 	engine.handleHTTPRequest(c)
 
 	c.index = oldIndexValue
+	c.handlers = oldHandlers
 }
 
 func (engine *Engine) handleHTTPRequest(c *Context) {
 	httpMethod := c.Request.Method
 	rPath := c.Request.URL.Path
 	unescape := false
-	if engine.UseRawPath && len(c.Request.URL.RawPath) > 0 {
+
+	if engine.UseEscapedPath {
+		rPath = c.Request.URL.EscapedPath()
+		unescape = engine.UnescapePathValues
+	} else if engine.UseRawPath && len(c.Request.URL.RawPath) > 0 {
 		rPath = c.Request.URL.RawPath
 		unescape = engine.UnescapePathValues
 	}
@@ -633,18 +735,26 @@ func (engine *Engine) handleHTTPRequest(c *Context) {
 		break
 	}
 
-	if engine.HandleMethodNotAllowed {
+	if engine.HandleMethodNotAllowed && len(t) > 0 {
+		// According to RFC 7231 section 6.5.5, MUST generate an Allow header field in response
+		// containing a list of the target resource's currently supported methods.
+		allowed := make([]string, 0, len(t)-1)
 		for _, tree := range engine.trees {
 			if tree.method == httpMethod {
 				continue
 			}
 			if value := tree.root.getValue(rPath, nil, c.skippedNodes, unescape); value.handlers != nil {
-				c.handlers = engine.allNoMethod
-				serveError(c, http.StatusMethodNotAllowed, default405Body)
-				return
+				allowed = append(allowed, tree.method)
 			}
 		}
+		if len(allowed) > 0 {
+			c.handlers = engine.allNoMethod
+			c.writermem.Header().Set("Allow", strings.Join(allowed, ", "))
+			serveError(c, http.StatusMethodNotAllowed, default405Body)
+			return
+		}
 	}
+
 	c.handlers = engine.allNoRoute
 	serveError(c, http.StatusNotFound, default404Body)
 }
@@ -672,8 +782,8 @@ func redirectTrailingSlash(c *Context) {
 	req := c.Request
 	p := req.URL.Path
 	if prefix := path.Clean(c.Request.Header.Get("X-Forwarded-Prefix")); prefix != "." {
-		prefix = regSafePrefix.ReplaceAllString(prefix, "")
-		prefix = regRemoveRepeatedChar.ReplaceAllString(prefix, "/")
+		prefix = sanitizePathChars(prefix)
+		prefix = removeRepeatedChar(prefix, '/')
 
 		p = prefix + "/" + req.URL.Path
 	}
@@ -684,6 +794,17 @@ func redirectTrailingSlash(c *Context) {
 	redirectRequest(c)
 }
 
+// sanitizePathChars removes unsafe characters from path strings,
+// keeping only ASCII letters, ASCII numbers, forward slashes, and hyphens.
+func sanitizePathChars(s string) string {
+	return strings.Map(func(r rune) rune {
+		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '/' || r == '-' {
+			return r
+		}
+		return -1
+	}, s)
+}
+
 func redirectFixedPath(c *Context, root *node, trailingSlash bool) bool {
 	req := c.Request
 	rPath := req.URL.Path

ginS/gins.go

@@ -12,15 +12,9 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-var once sync.Once
-var internalEngine *gin.Engine
-
-func engine() *gin.Engine {
-	once.Do(func() {
-		internalEngine = gin.Default()
-	})
-	return internalEngine
-}
+var engine = sync.OnceValue(func() *gin.Engine {
+	return gin.Default()
+})
 
 // LoadHTMLGlob is a wrapper for Engine.LoadHTMLGlob.
 func LoadHTMLGlob(pattern string) {
@@ -32,6 +26,11 @@ func LoadHTMLFiles(files ...string) {
 	engine().LoadHTMLFiles(files...)
 }
 
+// LoadHTMLFS is a wrapper for Engine.LoadHTMLFS.
+func LoadHTMLFS(fs http.FileSystem, patterns ...string) {
+	engine().LoadHTMLFS(fs, patterns...)
+}
+
 // SetHTMLTemplate is a wrapper for Engine.SetHTMLTemplate.
 func SetHTMLTemplate(templ *template.Template) {
 	engine().SetHTMLTemplate(templ)
@@ -154,7 +153,7 @@ func RunUnix(file string) (err error) {
 
 // RunFd attaches the router to a http.Server and starts listening and serving HTTP requests
 // through the specified file descriptor.
-// Note: the method will block the calling goroutine indefinitely unless on error happens.
+// Note: the method will block the calling goroutine indefinitely unless an error happens.
 func RunFd(fd int) (err error) {
 	return engine().RunFd(fd)
 }

ginS/gins_test.go

@@ -0,0 +1,246 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package ginS
+
+import (
+	"html/template"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+)
+
+func init() {
+	gin.SetMode(gin.TestMode)
+}
+
+func TestGET(t *testing.T) {
+	GET("/test", func(c *gin.Context) {
+		c.String(http.StatusOK, "test")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/test", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "test", w.Body.String())
+}
+
+func TestPOST(t *testing.T) {
+	POST("/post", func(c *gin.Context) {
+		c.String(http.StatusCreated, "created")
+	})
+
+	req := httptest.NewRequest(http.MethodPost, "/post", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusCreated, w.Code)
+	assert.Equal(t, "created", w.Body.String())
+}
+
+func TestPUT(t *testing.T) {
+	PUT("/put", func(c *gin.Context) {
+		c.String(http.StatusOK, "updated")
+	})
+
+	req := httptest.NewRequest(http.MethodPut, "/put", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "updated", w.Body.String())
+}
+
+func TestDELETE(t *testing.T) {
+	DELETE("/delete", func(c *gin.Context) {
+		c.String(http.StatusOK, "deleted")
+	})
+
+	req := httptest.NewRequest(http.MethodDelete, "/delete", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "deleted", w.Body.String())
+}
+
+func TestPATCH(t *testing.T) {
+	PATCH("/patch", func(c *gin.Context) {
+		c.String(http.StatusOK, "patched")
+	})
+
+	req := httptest.NewRequest(http.MethodPatch, "/patch", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "patched", w.Body.String())
+}
+
+func TestOPTIONS(t *testing.T) {
+	OPTIONS("/options", func(c *gin.Context) {
+		c.String(http.StatusOK, "options")
+	})
+
+	req := httptest.NewRequest(http.MethodOptions, "/options", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "options", w.Body.String())
+}
+
+func TestHEAD(t *testing.T) {
+	HEAD("/head", func(c *gin.Context) {
+		c.String(http.StatusOK, "head")
+	})
+
+	req := httptest.NewRequest(http.MethodHead, "/head", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestAny(t *testing.T) {
+	Any("/any", func(c *gin.Context) {
+		c.String(http.StatusOK, "any")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/any", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "any", w.Body.String())
+}
+
+func TestHandle(t *testing.T) {
+	Handle(http.MethodGet, "/handle", func(c *gin.Context) {
+		c.String(http.StatusOK, "handle")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/handle", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "handle", w.Body.String())
+}
+
+func TestGroup(t *testing.T) {
+	group := Group("/group")
+	group.GET("/test", func(c *gin.Context) {
+		c.String(http.StatusOK, "group test")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/group/test", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "group test", w.Body.String())
+}
+
+func TestUse(t *testing.T) {
+	var middlewareExecuted bool
+	Use(func(c *gin.Context) {
+		middlewareExecuted = true
+		c.Next()
+	})
+
+	GET("/middleware-test", func(c *gin.Context) {
+		c.String(http.StatusOK, "ok")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/middleware-test", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.True(t, middlewareExecuted)
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestNoRoute(t *testing.T) {
+	NoRoute(func(c *gin.Context) {
+		c.String(http.StatusNotFound, "custom 404")
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/nonexistent", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusNotFound, w.Code)
+	assert.Equal(t, "custom 404", w.Body.String())
+}
+
+func TestNoMethod(t *testing.T) {
+	NoMethod(func(c *gin.Context) {
+		c.String(http.StatusMethodNotAllowed, "method not allowed")
+	})
+
+	// This just verifies that NoMethod is callable
+	// Testing the actual behavior would require a separate engine instance
+	assert.NotNil(t, engine())
+}
+
+func TestRoutes(t *testing.T) {
+	GET("/routes-test", func(c *gin.Context) {})
+
+	routes := Routes()
+	assert.NotEmpty(t, routes)
+
+	found := false
+	for _, route := range routes {
+		if route.Path == "/routes-test" && route.Method == http.MethodGet {
+			found = true
+			break
+		}
+	}
+	assert.True(t, found)
+}
+
+func TestSetHTMLTemplate(t *testing.T) {
+	tmpl := template.Must(template.New("test").Parse("Hello {{.}}"))
+	SetHTMLTemplate(tmpl)
+
+	// Verify engine has template set
+	assert.NotNil(t, engine())
+}
+
+func TestStaticFile(t *testing.T) {
+	StaticFile("/static-file", "../testdata/test_file.txt")
+
+	req := httptest.NewRequest(http.MethodGet, "/static-file", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestStatic(t *testing.T) {
+	Static("/static-dir", "../testdata")
+
+	req := httptest.NewRequest(http.MethodGet, "/static-dir/test_file.txt", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
+func TestStaticFS(t *testing.T) {
+	fs := http.Dir("../testdata")
+	StaticFS("/static-fs", fs)
+
+	req := httptest.NewRequest(http.MethodGet, "/static-fs/test_file.txt", nil)
+	w := httptest.NewRecorder()
+	engine().ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}

gin_integration_test.go

@@ -16,18 +16,19 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"strings"
 	"sync"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 // params[0]=url example:http://127.0.0.1:8080/index (cannot be empty)
 // params[1]=response status (custom compare status) default:"200 OK"
 // params[2]=response body (custom compare content)  default:"it worked"
 func testRequest(t *testing.T, params ...string) {
-
 	if len(params) == 0 {
 		t.Fatal("url cannot be empty")
 	}
@@ -40,18 +41,18 @@ func testRequest(t *testing.T, params ...string) {
 	client := &http.Client{Transport: tr}
 
 	resp, err := client.Get(params[0])
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	defer resp.Body.Close()
 
 	body, ioerr := io.ReadAll(resp.Body)
-	assert.NoError(t, ioerr)
+	require.NoError(t, ioerr)
 
-	var responseStatus = "200 OK"
+	responseStatus := "200 OK"
 	if len(params) > 1 && params[1] != "" {
 		responseStatus = params[1]
 	}
 
-	var responseBody = "it worked"
+	responseBody := "it worked"
 	if len(params) > 2 && params[2] != "" {
 		responseBody = params[2]
 	}
@@ -69,17 +70,18 @@ func TestRunEmpty(t *testing.T) {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.Run())
 	}()
-	// have to wait for the goroutine to start and run the server
-	// otherwise the main thread will complete
-	time.Sleep(5 * time.Millisecond)
 
-	assert.Error(t, router.Run(":8080"))
+	// Wait for server to be ready with exponential backoff
+	err := waitForServerReady("http://localhost:8080/example", 10)
+	require.NoError(t, err, "server should start successfully")
+
+	require.Error(t, router.Run(":8080"))
 	testRequest(t, "http://localhost:8080/example")
 }
 
 func TestBadTrustedCIDRs(t *testing.T) {
 	router := New()
-	assert.Error(t, router.SetTrustedProxies([]string{"hello/world"}))
+	require.Error(t, router.SetTrustedProxies([]string{"hello/world"}))
 }
 
 /* legacy tests
@@ -87,7 +89,7 @@ func TestBadTrustedCIDRsForRun(t *testing.T) {
 	os.Setenv("PORT", "")
 	router := New()
 	router.TrustedProxies = []string{"hello/world"}
-	assert.Error(t, router.Run(":8080"))
+	require.Error(t, router.Run(":8080"))
 }
 
 func TestBadTrustedCIDRsForRunUnix(t *testing.T) {
@@ -100,7 +102,7 @@ func TestBadTrustedCIDRsForRunUnix(t *testing.T) {
 
 	go func() {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
-		assert.Error(t, router.RunUnix(unixTestSocket))
+		require.Error(t, router.RunUnix(unixTestSocket))
 	}()
 	// have to wait for the goroutine to start and run the server
 	// otherwise the main thread will complete
@@ -112,15 +114,15 @@ func TestBadTrustedCIDRsForRunFd(t *testing.T) {
 	router.TrustedProxies = []string{"hello/world"}
 
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	listener, err := net.ListenTCP("tcp", addr)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	socketFile, err := listener.File()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	go func() {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
-		assert.Error(t, router.RunFd(int(socketFile.Fd())))
+		require.Error(t, router.RunFd(int(socketFile.Fd())))
 	}()
 	// have to wait for the goroutine to start and run the server
 	// otherwise the main thread will complete
@@ -132,12 +134,12 @@ func TestBadTrustedCIDRsForRunListener(t *testing.T) {
 	router.TrustedProxies = []string{"hello/world"}
 
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	listener, err := net.ListenTCP("tcp", addr)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	go func() {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
-		assert.Error(t, router.RunListener(listener))
+		require.Error(t, router.RunListener(listener))
 	}()
 	// have to wait for the goroutine to start and run the server
 	// otherwise the main thread will complete
@@ -148,7 +150,7 @@ func TestBadTrustedCIDRsForRunTLS(t *testing.T) {
 	os.Setenv("PORT", "")
 	router := New()
 	router.TrustedProxies = []string{"hello/world"}
-	assert.Error(t, router.RunTLS(":8080", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
+	require.Error(t, router.RunTLS(":8080", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
 }
 */
 
@@ -164,12 +166,12 @@ func TestRunTLS(t *testing.T) {
 	// otherwise the main thread will complete
 	time.Sleep(5 * time.Millisecond)
 
-	assert.Error(t, router.RunTLS(":8443", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
+	require.Error(t, router.RunTLS(":8443", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
 	testRequest(t, "https://localhost:8443/example")
 }
 
 func TestPusher(t *testing.T) {
-	var html = template.Must(template.New("https").Parse(`
+	html := template.Must(template.New("https").Parse(`
 <html>
 <head>
   <title>Https Test</title>
@@ -201,7 +203,7 @@ func TestPusher(t *testing.T) {
 	// otherwise the main thread will complete
 	time.Sleep(5 * time.Millisecond)
 
-	assert.Error(t, router.RunTLS(":8449", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
+	require.Error(t, router.RunTLS(":8449", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
 	testRequest(t, "https://localhost:8449/pusher")
 }
 
@@ -212,18 +214,19 @@ func TestRunEmptyWithEnv(t *testing.T) {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.Run())
 	}()
-	// have to wait for the goroutine to start and run the server
-	// otherwise the main thread will complete
-	time.Sleep(5 * time.Millisecond)
 
-	assert.Error(t, router.Run(":3123"))
+	// Wait for server to be ready with exponential backoff
+	err := waitForServerReady("http://localhost:3123/example", 10)
+	require.NoError(t, err, "server should start successfully")
+
+	require.Error(t, router.Run(":3123"))
 	testRequest(t, "http://localhost:3123/example")
 }
 
 func TestRunTooMuchParams(t *testing.T) {
 	router := New()
 	assert.Panics(t, func() {
-		assert.NoError(t, router.Run("2", "2"))
+		require.NoError(t, router.Run("2", "2"))
 	})
 }
 
@@ -233,11 +236,12 @@ func TestRunWithPort(t *testing.T) {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.Run(":5150"))
 	}()
-	// have to wait for the goroutine to start and run the server
-	// otherwise the main thread will complete
-	time.Sleep(5 * time.Millisecond)
 
-	assert.Error(t, router.Run(":5150"))
+	// Wait for server to be ready with exponential backoff
+	err := waitForServerReady("http://localhost:5150/example", 10)
+	require.NoError(t, err, "server should start successfully")
+
+	require.Error(t, router.Run(":5150"))
 	testRequest(t, "http://localhost:5150/example")
 }
 
@@ -257,36 +261,53 @@ func TestUnixSocket(t *testing.T) {
 	time.Sleep(5 * time.Millisecond)
 
 	c, err := net.Dial("unix", unixTestSocket)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	fmt.Fprint(c, "GET /example HTTP/1.0\r\n\r\n")
 	scanner := bufio.NewScanner(c)
-	var response string
+	var responseBuilder strings.Builder
 	for scanner.Scan() {
-		response += scanner.Text()
+		responseBuilder.WriteString(scanner.Text())
 	}
+	response := responseBuilder.String()
 	assert.Contains(t, response, "HTTP/1.0 200", "should get a 200")
 	assert.Contains(t, response, "it worked", "resp body should match")
 }
 
 func TestBadUnixSocket(t *testing.T) {
 	router := New()
-	assert.Error(t, router.RunUnix("#/tmp/unix_unit_test"))
+	require.Error(t, router.RunUnix("#/tmp/unix_unit_test"))
+}
+
+func TestRunQUIC(t *testing.T) {
+	router := New()
+	go func() {
+		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
+
+		assert.NoError(t, router.RunQUIC(":8443", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
+	}()
+
+	// have to wait for the goroutine to start and run the server
+	// otherwise the main thread will complete
+	time.Sleep(5 * time.Millisecond)
+
+	require.Error(t, router.RunQUIC(":8443", "./testdata/certificate/cert.pem", "./testdata/certificate/key.pem"))
+	testRequest(t, "https://localhost:8443/example")
 }
 
 func TestFileDescriptor(t *testing.T) {
 	router := New()
 
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	listener, err := net.ListenTCP("tcp", addr)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	socketFile, err := listener.File()
 	if isWindows() {
 		// not supported by windows, it is unimplemented now
-		assert.Error(t, err)
+		require.Error(t, err)
 	} else {
-		assert.NoError(t, err)
+		require.NoError(t, err)
 	}
 
 	if socketFile == nil {
@@ -302,29 +323,30 @@ func TestFileDescriptor(t *testing.T) {
 	time.Sleep(5 * time.Millisecond)
 
 	c, err := net.Dial("tcp", listener.Addr().String())
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	fmt.Fprintf(c, "GET /example HTTP/1.0\r\n\r\n")
 	scanner := bufio.NewScanner(c)
-	var response string
+	var responseBuilder strings.Builder
 	for scanner.Scan() {
-		response += scanner.Text()
+		responseBuilder.WriteString(scanner.Text())
 	}
+	response := responseBuilder.String()
 	assert.Contains(t, response, "HTTP/1.0 200", "should get a 200")
 	assert.Contains(t, response, "it worked", "resp body should match")
 }
 
 func TestBadFileDescriptor(t *testing.T) {
 	router := New()
-	assert.Error(t, router.RunFd(0))
+	require.Error(t, router.RunFd(0))
 }
 
 func TestListener(t *testing.T) {
 	router := New()
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	listener, err := net.ListenTCP("tcp", addr)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	go func() {
 		router.GET("/example", func(c *Context) { c.String(http.StatusOK, "it worked") })
 		assert.NoError(t, router.RunListener(listener))
@@ -334,14 +356,15 @@ func TestListener(t *testing.T) {
 	time.Sleep(5 * time.Millisecond)
 
 	c, err := net.Dial("tcp", listener.Addr().String())
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	fmt.Fprintf(c, "GET /example HTTP/1.0\r\n\r\n")
 	scanner := bufio.NewScanner(c)
-	var response string
+	var responseBuilder strings.Builder
 	for scanner.Scan() {
-		response += scanner.Text()
+		responseBuilder.WriteString(scanner.Text())
 	}
+	response := responseBuilder.String()
 	assert.Contains(t, response, "HTTP/1.0 200", "should get a 200")
 	assert.Contains(t, response, "it worked", "resp body should match")
 }
@@ -349,11 +372,11 @@ func TestListener(t *testing.T) {
 func TestBadListener(t *testing.T) {
 	router := New()
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:10086")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	listener, err := net.ListenTCP("tcp", addr)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	listener.Close()
-	assert.Error(t, router.RunListener(listener))
+	require.Error(t, router.RunListener(listener))
 }
 
 func TestWithHttptestWithAutoSelectedPort(t *testing.T) {
@@ -379,7 +402,14 @@ func TestConcurrentHandleContext(t *testing.T) {
 	wg.Add(iterations)
 	for i := 0; i < iterations; i++ {
 		go func() {
-			testGetRequestHandler(t, router, "/")
+			req, err := http.NewRequest(http.MethodGet, "/", nil)
+			assert.NoError(t, err)
+
+			w := httptest.NewRecorder()
+			router.ServeHTTP(w, req)
+
+			assert.Equal(t, "it worked", w.Body.String(), "resp body should match")
+			assert.Equal(t, 200, w.Code, "should get a 200")
 			wg.Done()
 		}()
 	}
@@ -401,17 +431,6 @@ func TestConcurrentHandleContext(t *testing.T) {
 // 	testRequest(t, "http://localhost:8033/example")
 // }
 
-func testGetRequestHandler(t *testing.T, h http.Handler, url string) {
-	req, err := http.NewRequest(http.MethodGet, url, nil)
-	assert.NoError(t, err)
-
-	w := httptest.NewRecorder()
-	h.ServeHTTP(w, req)
-
-	assert.Equal(t, "it worked", w.Body.String(), "resp body should match")
-	assert.Equal(t, 200, w.Code, "should get a 200")
-}
-
 func TestTreeRunDynamicRouting(t *testing.T) {
 	router := New()
 	router.GET("/aa/*xx", func(c *Context) { c.String(http.StatusOK, "/aa/*xx") })
@@ -561,3 +580,28 @@ func TestTreeRunDynamicRouting(t *testing.T) {
 func isWindows() bool {
 	return runtime.GOOS == "windows"
 }
+
+func TestEscapedColon(t *testing.T) {
+	router := New()
+	f := func(u string) {
+		router.GET(u, func(c *Context) { c.String(http.StatusOK, u) })
+	}
+	f("/r/r\\:r")
+	f("/r/r:r")
+	f("/r/r/:r")
+	f("/r/r/\\:r")
+	f("/r/r/r\\:r")
+	assert.Panics(t, func() {
+		f("\\foo:")
+	})
+
+	router.updateRouteTrees()
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	testRequest(t, ts.URL+"/r/r123", "", "/r/r:r")
+	testRequest(t, ts.URL+"/r/r:r", "", "/r/r\\:r")
+	testRequest(t, ts.URL+"/r/r/r123", "", "/r/r/:r")
+	testRequest(t, ts.URL+"/r/r/:r", "", "/r/r/\\:r")
+	testRequest(t, ts.URL+"/r/r/r:r", "", "/r/r/r\\:r")
+}

gin_test.go

@@ -14,11 +14,13 @@ import (
 	"net/http/httptest"
 	"reflect"
 	"strconv"
+	"strings"
 	"sync/atomic"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"golang.org/x/net/http2"
 )
 
@@ -44,7 +46,7 @@ func setupHTMLFiles(t *testing.T, mode string, tls bool, loadMethod func(*Engine
 		})
 		router.GET("/raw", func(c *Context) {
 			c.HTML(http.StatusOK, "raw.tmpl", map[string]any{
-				"now": time.Date(2017, 07, 01, 0, 0, 0, 0, time.UTC),
+				"now": time.Date(2017, 07, 01, 0, 0, 0, 0, time.UTC), //nolint:gofumpt
 			})
 		})
 	})
@@ -71,7 +73,7 @@ func TestLoadHTMLGlobDebugMode(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := http.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -129,7 +131,7 @@ func TestLoadHTMLGlobTestMode(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := http.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -149,7 +151,7 @@ func TestLoadHTMLGlobReleaseMode(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := http.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -176,7 +178,7 @@ func TestLoadHTMLGlobUsingTLS(t *testing.T) {
 		},
 	}
 	client := &http.Client{Transport: tr}
-	res, err := client.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := client.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -196,7 +198,7 @@ func TestLoadHTMLGlobFromFuncMap(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/raw", ts.URL))
+	res, err := http.Get(ts.URL + "/raw")
 	if err != nil {
 		t.Error(err)
 	}
@@ -227,7 +229,7 @@ func TestLoadHTMLFilesTestMode(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := http.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -247,7 +249,7 @@ func TestLoadHTMLFilesDebugMode(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := http.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -267,7 +269,7 @@ func TestLoadHTMLFilesReleaseMode(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := http.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -294,7 +296,7 @@ func TestLoadHTMLFilesUsingTLS(t *testing.T) {
 		},
 	}
 	client := &http.Client{Transport: tr}
-	res, err := client.Get(fmt.Sprintf("%s/test", ts.URL))
+	res, err := client.Get(ts.URL + "/test")
 	if err != nil {
 		t.Error(err)
 	}
@@ -314,7 +316,116 @@ func TestLoadHTMLFilesFuncMap(t *testing.T) {
 	)
 	defer ts.Close()
 
-	res, err := http.Get(fmt.Sprintf("%s/raw", ts.URL))
+	res, err := http.Get(ts.URL + "/raw")
+	if err != nil {
+		t.Error(err)
+	}
+
+	resp, _ := io.ReadAll(res.Body)
+	assert.Equal(t, "Date: 2017/07/01", string(resp))
+}
+
+var tmplFS = http.Dir("testdata/template")
+
+func TestLoadHTMLFSTestMode(t *testing.T) {
+	ts := setupHTMLFiles(
+		t,
+		TestMode,
+		false,
+		func(router *Engine) {
+			router.LoadHTMLFS(tmplFS, "hello.tmpl", "raw.tmpl")
+		},
+	)
+	defer ts.Close()
+
+	res, err := http.Get(ts.URL + "/test")
+	if err != nil {
+		t.Error(err)
+	}
+
+	resp, _ := io.ReadAll(res.Body)
+	assert.Equal(t, "<h1>Hello world</h1>", string(resp))
+}
+
+func TestLoadHTMLFSDebugMode(t *testing.T) {
+	ts := setupHTMLFiles(
+		t,
+		DebugMode,
+		false,
+		func(router *Engine) {
+			router.LoadHTMLFS(tmplFS, "hello.tmpl", "raw.tmpl")
+		},
+	)
+	defer ts.Close()
+
+	res, err := http.Get(ts.URL + "/test")
+	if err != nil {
+		t.Error(err)
+	}
+
+	resp, _ := io.ReadAll(res.Body)
+	assert.Equal(t, "<h1>Hello world</h1>", string(resp))
+}
+
+func TestLoadHTMLFSReleaseMode(t *testing.T) {
+	ts := setupHTMLFiles(
+		t,
+		ReleaseMode,
+		false,
+		func(router *Engine) {
+			router.LoadHTMLFS(tmplFS, "hello.tmpl", "raw.tmpl")
+		},
+	)
+	defer ts.Close()
+
+	res, err := http.Get(ts.URL + "/test")
+	if err != nil {
+		t.Error(err)
+	}
+
+	resp, _ := io.ReadAll(res.Body)
+	assert.Equal(t, "<h1>Hello world</h1>", string(resp))
+}
+
+func TestLoadHTMLFSUsingTLS(t *testing.T) {
+	ts := setupHTMLFiles(
+		t,
+		TestMode,
+		true,
+		func(router *Engine) {
+			router.LoadHTMLFS(tmplFS, "hello.tmpl", "raw.tmpl")
+		},
+	)
+	defer ts.Close()
+
+	// Use InsecureSkipVerify for avoiding `x509: certificate signed by unknown authority` error
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	}
+	client := &http.Client{Transport: tr}
+	res, err := client.Get(ts.URL + "/test")
+	if err != nil {
+		t.Error(err)
+	}
+
+	resp, _ := io.ReadAll(res.Body)
+	assert.Equal(t, "<h1>Hello world</h1>", string(resp))
+}
+
+func TestLoadHTMLFSFuncMap(t *testing.T) {
+	ts := setupHTMLFiles(
+		t,
+		TestMode,
+		false,
+		func(router *Engine) {
+			router.LoadHTMLFS(tmplFS, "hello.tmpl", "raw.tmpl")
+		},
+	)
+	defer ts.Close()
+
+	res, err := http.Get(ts.URL + "/raw")
 	if err != nil {
 		t.Error(err)
 	}
@@ -325,31 +436,31 @@ func TestLoadHTMLFilesFuncMap(t *testing.T) {
 
 func TestAddRoute(t *testing.T) {
 	router := New()
-	router.addRoute("GET", "/", HandlersChain{func(_ *Context) {}})
+	router.addRoute(http.MethodGet, "/", HandlersChain{func(_ *Context) {}})
 
 	assert.Len(t, router.trees, 1)
-	assert.NotNil(t, router.trees.get("GET"))
-	assert.Nil(t, router.trees.get("POST"))
+	assert.NotNil(t, router.trees.get(http.MethodGet))
+	assert.Nil(t, router.trees.get(http.MethodPost))
 
-	router.addRoute("POST", "/", HandlersChain{func(_ *Context) {}})
+	router.addRoute(http.MethodPost, "/", HandlersChain{func(_ *Context) {}})
 
 	assert.Len(t, router.trees, 2)
-	assert.NotNil(t, router.trees.get("GET"))
-	assert.NotNil(t, router.trees.get("POST"))
+	assert.NotNil(t, router.trees.get(http.MethodGet))
+	assert.NotNil(t, router.trees.get(http.MethodPost))
 
-	router.addRoute("POST", "/post", HandlersChain{func(_ *Context) {}})
+	router.addRoute(http.MethodPost, "/post", HandlersChain{func(_ *Context) {}})
 	assert.Len(t, router.trees, 2)
 }
 
 func TestAddRouteFails(t *testing.T) {
 	router := New()
 	assert.Panics(t, func() { router.addRoute("", "/", HandlersChain{func(_ *Context) {}}) })
-	assert.Panics(t, func() { router.addRoute("GET", "a", HandlersChain{func(_ *Context) {}}) })
-	assert.Panics(t, func() { router.addRoute("GET", "/", HandlersChain{}) })
+	assert.Panics(t, func() { router.addRoute(http.MethodGet, "a", HandlersChain{func(_ *Context) {}}) })
+	assert.Panics(t, func() { router.addRoute(http.MethodGet, "/", HandlersChain{}) })
 
-	router.addRoute("POST", "/post", HandlersChain{func(_ *Context) {}})
+	router.addRoute(http.MethodPost, "/post", HandlersChain{func(_ *Context) {}})
 	assert.Panics(t, func() {
-		router.addRoute("POST", "/post", HandlersChain{func(_ *Context) {}})
+		router.addRoute(http.MethodPost, "/post", HandlersChain{func(_ *Context) {}})
 	})
 }
 
@@ -434,6 +545,29 @@ func TestNoMethodWithoutGlobalHandlers(t *testing.T) {
 }
 
 func TestRebuild404Handlers(t *testing.T) {
+	var middleware0 HandlerFunc = func(c *Context) {}
+	var middleware1 HandlerFunc = func(c *Context) {}
+
+	router := New()
+
+	// Initially, allNoRoute should be nil
+	assert.Nil(t, router.allNoRoute)
+
+	// Set NoRoute handlers
+	router.NoRoute(middleware0)
+	assert.Len(t, router.allNoRoute, 1)
+	assert.Len(t, router.noRoute, 1)
+	compareFunc(t, router.allNoRoute[0], middleware0)
+
+	// Add Use middleware should trigger rebuild404Handlers
+	router.Use(middleware1)
+	assert.Len(t, router.allNoRoute, 2)
+	assert.Len(t, router.Handlers, 1)
+	assert.Len(t, router.noRoute, 1)
+
+	// Global middleware should come first
+	compareFunc(t, router.allNoRoute[0], middleware1)
+	compareFunc(t, router.allNoRoute[1], middleware0)
 }
 
 func TestNoMethodWithGlobalHandlers(t *testing.T) {
@@ -491,27 +625,27 @@ func TestListOfRoutes(t *testing.T) {
 
 	assert.Len(t, list, 7)
 	assertRoutePresent(t, list, RouteInfo{
-		Method:  "GET",
+		Method:  http.MethodGet,
 		Path:    "/favicon.ico",
 		Handler: "^(.*/vendor/)?github.com/gin-gonic/gin.handlerTest1$",
 	})
 	assertRoutePresent(t, list, RouteInfo{
-		Method:  "GET",
+		Method:  http.MethodGet,
 		Path:    "/",
 		Handler: "^(.*/vendor/)?github.com/gin-gonic/gin.handlerTest1$",
 	})
 	assertRoutePresent(t, list, RouteInfo{
-		Method:  "GET",
+		Method:  http.MethodGet,
 		Path:    "/users/",
 		Handler: "^(.*/vendor/)?github.com/gin-gonic/gin.handlerTest2$",
 	})
 	assertRoutePresent(t, list, RouteInfo{
-		Method:  "GET",
+		Method:  http.MethodGet,
 		Path:    "/users/:id",
 		Handler: "^(.*/vendor/)?github.com/gin-gonic/gin.handlerTest1$",
 	})
 	assertRoutePresent(t, list, RouteInfo{
-		Method:  "POST",
+		Method:  http.MethodPost,
 		Path:    "/users/:id",
 		Handler: "^(.*/vendor/)?github.com/gin-gonic/gin.handlerTest2$",
 	})
@@ -529,7 +663,7 @@ func TestEngineHandleContext(t *testing.T) {
 	}
 
 	assert.NotPanics(t, func() {
-		w := PerformRequest(r, "GET", "/")
+		w := PerformRequest(r, http.MethodGet, "/")
 		assert.Equal(t, 301, w.Code)
 	})
 }
@@ -546,10 +680,10 @@ func TestEngineHandleContextManyReEntries(t *testing.T) {
 	r.GET("/:count", func(c *Context) {
 		countStr := c.Param("count")
 		count, err := strconv.Atoi(countStr)
-		assert.NoError(t, err)
+		require.NoError(t, err)
 
 		n, err := c.Writer.Write([]byte("."))
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, 1, n)
 
 		switch {
@@ -562,7 +696,7 @@ func TestEngineHandleContextManyReEntries(t *testing.T) {
 	})
 
 	assert.NotPanics(t, func() {
-		w := PerformRequest(r, "GET", "/"+strconv.Itoa(expectValue-1)) // include 0 value
+		w := PerformRequest(r, http.MethodGet, "/"+strconv.Itoa(expectValue-1)) // include 0 value
 		assert.Equal(t, 200, w.Code)
 		assert.Equal(t, expectValue, w.Body.Len())
 	})
@@ -571,6 +705,93 @@ func TestEngineHandleContextManyReEntries(t *testing.T) {
 	assert.Equal(t, int64(expectValue), middlewareCounter)
 }
 
+func TestEngineHandleContextPreventsMiddlewareReEntry(t *testing.T) {
+	// given
+	var handlerCounterV1, handlerCounterV2, middlewareCounterV1 int64
+
+	r := New()
+	v1 := r.Group("/v1")
+	{
+		v1.Use(func(c *Context) {
+			atomic.AddInt64(&middlewareCounterV1, 1)
+		})
+		v1.GET("/test", func(c *Context) {
+			atomic.AddInt64(&handlerCounterV1, 1)
+			c.Status(http.StatusOK)
+		})
+	}
+
+	v2 := r.Group("/v2")
+	{
+		v2.GET("/test", func(c *Context) {
+			c.Request.URL.Path = "/v1/test"
+			r.HandleContext(c)
+		}, func(c *Context) {
+			atomic.AddInt64(&handlerCounterV2, 1)
+		})
+	}
+
+	// when
+	responseV1 := PerformRequest(r, "GET", "/v1/test")
+	responseV2 := PerformRequest(r, "GET", "/v2/test")
+
+	// then
+	assert.Equal(t, 200, responseV1.Code)
+	assert.Equal(t, 200, responseV2.Code)
+	assert.Equal(t, int64(2), handlerCounterV1)
+	assert.Equal(t, int64(2), middlewareCounterV1)
+	assert.Equal(t, int64(1), handlerCounterV2)
+}
+
+func TestEngineHandleContextUseEscapedPathPercentEncoded(t *testing.T) {
+	r := New()
+	r.UseEscapedPath = true
+	r.UnescapePathValues = false
+
+	r.GET("/v1/:path", func(c *Context) {
+		// Path is Escaped, the %25 is not interpreted as %
+		assert.Equal(t, "foo%252Fbar", c.Param("path"))
+		c.Status(http.StatusOK)
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/v1/foo%252Fbar", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+}
+
+func TestEngineHandleContextUseRawPathPercentEncoded(t *testing.T) {
+	r := New()
+	r.UseRawPath = true
+	r.UnescapePathValues = false
+
+	r.GET("/v1/:path", func(c *Context) {
+		// Path is used, the %25 is interpreted as %
+		assert.Equal(t, "foo%2Fbar", c.Param("path"))
+		c.Status(http.StatusOK)
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/v1/foo%252Fbar", nil)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+}
+
+func TestEngineHandleContextUseEscapedPathOverride(t *testing.T) {
+	r := New()
+	r.UseEscapedPath = true
+	r.UseRawPath = true
+	r.UnescapePathValues = false
+
+	r.GET("/v1/:path", func(c *Context) {
+		assert.Equal(t, "foo%25bar", c.Param("path"))
+		c.Status(http.StatusOK)
+	})
+
+	assert.NotPanics(t, func() {
+		w := PerformRequest(r, http.MethodGet, "/v1/foo%25bar")
+		assert.Equal(t, 200, w.Code)
+	})
+}
+
 func TestPrepareTrustedCIRDsWith(t *testing.T) {
 	r := New()
 
@@ -579,7 +800,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 		expectedTrustedCIDRs := []*net.IPNet{parseCIDR("0.0.0.0/0")}
 		err := r.SetTrustedProxies([]string{"0.0.0.0/0"})
 
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, expectedTrustedCIDRs, r.trustedCIDRs)
 	}
 
@@ -587,7 +808,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 	{
 		err := r.SetTrustedProxies([]string{"192.168.1.33/33"})
 
-		assert.Error(t, err)
+		require.Error(t, err)
 	}
 
 	// valid ipv4 address
@@ -596,7 +817,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 
 		err := r.SetTrustedProxies([]string{"192.168.1.33"})
 
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, expectedTrustedCIDRs, r.trustedCIDRs)
 	}
 
@@ -604,7 +825,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 	{
 		err := r.SetTrustedProxies([]string{"192.168.1.256"})
 
-		assert.Error(t, err)
+		require.Error(t, err)
 	}
 
 	// valid ipv6 address
@@ -612,7 +833,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 		expectedTrustedCIDRs := []*net.IPNet{parseCIDR("2002:0000:0000:1234:abcd:ffff:c0a8:0101/128")}
 		err := r.SetTrustedProxies([]string{"2002:0000:0000:1234:abcd:ffff:c0a8:0101"})
 
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, expectedTrustedCIDRs, r.trustedCIDRs)
 	}
 
@@ -620,7 +841,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 	{
 		err := r.SetTrustedProxies([]string{"gggg:0000:0000:1234:abcd:ffff:c0a8:0101"})
 
-		assert.Error(t, err)
+		require.Error(t, err)
 	}
 
 	// valid ipv6 cidr
@@ -628,7 +849,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 		expectedTrustedCIDRs := []*net.IPNet{parseCIDR("::/0")}
 		err := r.SetTrustedProxies([]string{"::/0"})
 
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, expectedTrustedCIDRs, r.trustedCIDRs)
 	}
 
@@ -636,7 +857,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 	{
 		err := r.SetTrustedProxies([]string{"gggg:0000:0000:1234:abcd:ffff:c0a8:0101/129"})
 
-		assert.Error(t, err)
+		require.Error(t, err)
 	}
 
 	// valid combination
@@ -652,7 +873,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 			"172.16.0.1",
 		})
 
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, expectedTrustedCIDRs, r.trustedCIDRs)
 	}
 
@@ -664,7 +885,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 			"172.16.0.256",
 		})
 
-		assert.Error(t, err)
+		require.Error(t, err)
 	}
 
 	// nil value
@@ -672,7 +893,7 @@ func TestPrepareTrustedCIRDsWith(t *testing.T) {
 		err := r.SetTrustedProxies(nil)
 
 		assert.Nil(t, r.trustedCIDRs)
-		assert.Nil(t, err)
+		require.NoError(t, err)
 	}
 }
 
@@ -696,3 +917,170 @@ func assertRoutePresent(t *testing.T, gotRoutes RoutesInfo, wantRoute RouteInfo)
 
 func handlerTest1(c *Context) {}
 func handlerTest2(c *Context) {}
+
+func TestNewOptionFunc(t *testing.T) {
+	fc := func(e *Engine) {
+		e.GET("/test1", handlerTest1)
+		e.GET("/test2", handlerTest2)
+
+		e.Use(func(c *Context) {
+			c.Next()
+		})
+	}
+
+	r := New(fc)
+
+	routes := r.Routes()
+	assertRoutePresent(t, routes, RouteInfo{Path: "/test1", Method: http.MethodGet, Handler: "github.com/gin-gonic/gin.handlerTest1"})
+	assertRoutePresent(t, routes, RouteInfo{Path: "/test2", Method: http.MethodGet, Handler: "github.com/gin-gonic/gin.handlerTest2"})
+}
+
+func TestWithOptionFunc(t *testing.T) {
+	r := New()
+
+	r.With(func(e *Engine) {
+		e.GET("/test1", handlerTest1)
+		e.GET("/test2", handlerTest2)
+
+		e.Use(func(c *Context) {
+			c.Next()
+		})
+	})
+
+	routes := r.Routes()
+	assertRoutePresent(t, routes, RouteInfo{Path: "/test1", Method: http.MethodGet, Handler: "github.com/gin-gonic/gin.handlerTest1"})
+	assertRoutePresent(t, routes, RouteInfo{Path: "/test2", Method: http.MethodGet, Handler: "github.com/gin-gonic/gin.handlerTest2"})
+}
+
+type Birthday string
+
+func (b *Birthday) UnmarshalParam(param string) error {
+	*b = Birthday(strings.ReplaceAll(param, "-", "/"))
+	return nil
+}
+
+func TestCustomUnmarshalStruct(t *testing.T) {
+	route := Default()
+	var request struct {
+		Birthday Birthday `form:"birthday"`
+	}
+	route.GET("/test", func(ctx *Context) {
+		_ = ctx.BindQuery(&request)
+		ctx.JSON(200, request.Birthday)
+	})
+	req := httptest.NewRequest(http.MethodGet, "/test?birthday=2000-01-01", nil)
+	w := httptest.NewRecorder()
+	route.ServeHTTP(w, req)
+	assert.Equal(t, 200, w.Code)
+	assert.Equal(t, `"2000/01/01"`, w.Body.String())
+}
+
+// Test the fix for https://github.com/gin-gonic/gin/issues/4002
+func TestMethodNotAllowedNoRoute(t *testing.T) {
+	g := New()
+	g.HandleMethodNotAllowed = true
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	resp := httptest.NewRecorder()
+	assert.NotPanics(t, func() { g.ServeHTTP(resp, req) })
+	assert.Equal(t, http.StatusNotFound, resp.Code)
+}
+
+// Test the fix for https://github.com/gin-gonic/gin/pull/4415
+func TestLiteralColonWithRun(t *testing.T) {
+	SetMode(TestMode)
+	router := New()
+
+	router.GET(`/test\:action`, func(c *Context) {
+		c.JSON(http.StatusOK, H{"path": "literal_colon"})
+	})
+
+	router.updateRouteTrees()
+
+	w := httptest.NewRecorder()
+
+	req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Contains(t, w.Body.String(), "literal_colon")
+}
+
+func TestLiteralColonWithDirectServeHTTP(t *testing.T) {
+	SetMode(TestMode)
+	router := New()
+
+	router.GET(`/test\:action`, func(c *Context) {
+		c.JSON(http.StatusOK, H{"path": "literal_colon"})
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Contains(t, w.Body.String(), "literal_colon")
+}
+
+func TestLiteralColonWithHandler(t *testing.T) {
+	SetMode(TestMode)
+	router := New()
+
+	router.GET(`/test\:action`, func(c *Context) {
+		c.JSON(http.StatusOK, H{"path": "literal_colon"})
+	})
+
+	handler := router.Handler()
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
+	handler.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Contains(t, w.Body.String(), "literal_colon")
+}
+
+func TestLiteralColonWithHTTPServer(t *testing.T) {
+	SetMode(TestMode)
+	router := New()
+
+	router.GET(`/test\:action`, func(c *Context) {
+		c.JSON(http.StatusOK, H{"path": "literal_colon"})
+	})
+
+	router.GET("/test/:param", func(c *Context) {
+		c.JSON(http.StatusOK, H{"param": c.Param("param")})
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Contains(t, w.Body.String(), "literal_colon")
+
+	w2 := httptest.NewRecorder()
+	req2, _ := http.NewRequest(http.MethodGet, "/test/foo", nil)
+	router.ServeHTTP(w2, req2)
+
+	assert.Equal(t, http.StatusOK, w2.Code)
+	assert.Contains(t, w2.Body.String(), "foo")
+}
+
+// Test that updateRouteTrees is called only once
+func TestUpdateRouteTreesCalledOnce(t *testing.T) {
+	SetMode(TestMode)
+	router := New()
+
+	router.GET(`/test\:action`, func(c *Context) {
+		c.String(http.StatusOK, "ok")
+	})
+
+	for range 5 {
+		w := httptest.NewRecorder()
+		req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
+		router.ServeHTTP(w, req)
+		assert.Equal(t, http.StatusOK, w.Code)
+		assert.Equal(t, "ok", w.Body.String())
+	}
+}

githubapi_test.go

@@ -10,10 +10,12 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
+	"strconv"
 	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 type route struct {
@@ -295,9 +297,9 @@ func TestShouldBindUri(t *testing.T) {
 	}
 	router.Handle(http.MethodGet, "/rest/:name/:id", func(c *Context) {
 		var person Person
-		assert.NoError(t, c.ShouldBindUri(&person))
-		assert.True(t, person.Name != "")
-		assert.True(t, person.ID != "")
+		require.NoError(t, c.ShouldBindUri(&person))
+		assert.NotEmpty(t, person.Name)
+		assert.NotEmpty(t, person.ID)
 		c.String(http.StatusOK, "ShouldBindUri test OK")
 	})
 
@@ -317,9 +319,9 @@ func TestBindUri(t *testing.T) {
 	}
 	router.Handle(http.MethodGet, "/rest/:name/:id", func(c *Context) {
 		var person Person
-		assert.NoError(t, c.BindUri(&person))
-		assert.True(t, person.Name != "")
-		assert.True(t, person.ID != "")
+		require.NoError(t, c.BindUri(&person))
+		assert.NotEmpty(t, person.Name)
+		assert.NotEmpty(t, person.ID)
 		c.String(http.StatusOK, "BindUri test OK")
 	})
 
@@ -338,7 +340,7 @@ func TestBindUriError(t *testing.T) {
 	}
 	router.Handle(http.MethodGet, "/new/rest/:num", func(c *Context) {
 		var m Member
-		assert.Error(t, c.BindUri(&m))
+		require.Error(t, c.BindUri(&m))
 	})
 
 	path1, _ := exampleFromPath("/new/rest/:num")
@@ -410,7 +412,7 @@ func exampleFromPath(path string) (string, Params) {
 		}
 		if start >= 0 {
 			if c == '/' {
-				value := fmt.Sprint(rand.Intn(100000))
+				value := strconv.Itoa(rand.Intn(100000))
 				params = append(params, Param{
 					Key:   path[start:i],
 					Value: value,
@@ -424,7 +426,7 @@ func exampleFromPath(path string) (string, Params) {
 		}
 	}
 	if start >= 0 {
-		value := fmt.Sprint(rand.Intn(100000))
+		value := strconv.Itoa(rand.Intn(100000))
 		params = append(params, Param{
 			Key:   path[start:],
 			Value: value,

go.mod

@@ -1,36 +1,42 @@
 module github.com/gin-gonic/gin
 
-go 1.18
+go 1.24.0
 
 require (
-	github.com/bytedance/sonic v1.8.0
-	github.com/gin-contrib/sse v0.1.0
-	github.com/go-playground/validator/v10 v10.11.2
-	github.com/goccy/go-json v0.10.0
+	github.com/bytedance/sonic v1.14.2
+	github.com/gin-contrib/sse v1.1.0
+	github.com/go-playground/validator/v10 v10.28.0
+	github.com/goccy/go-json v0.10.2
+	github.com/goccy/go-yaml v1.19.0
 	github.com/json-iterator/go v1.1.12
-	github.com/mattn/go-isatty v0.0.17
-	github.com/pelletier/go-toml/v2 v2.0.6
-	github.com/stretchr/testify v1.8.1
-	github.com/ugorji/go/codec v1.2.9
-	golang.org/x/net v0.7.0
-	google.golang.org/protobuf v1.28.1
-	gopkg.in/yaml.v3 v3.0.1
+	github.com/mattn/go-isatty v0.0.20
+	github.com/modern-go/reflect2 v1.0.2
+	github.com/pelletier/go-toml/v2 v2.2.4
+	github.com/quic-go/quic-go v0.57.1
+	github.com/stretchr/testify v1.11.1
+	github.com/ugorji/go/codec v1.3.1
+	golang.org/x/net v0.47.0
+	google.golang.org/protobuf v1.36.10
 )
 
 require (
-	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
-	golang.org/x/crypto v0.5.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/arch v0.20.0 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,81 +1,95 @@
-github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
-github.com/bytedance/sonic v1.8.0 h1:ea0Xadu+sHlu7x5O3gKhRpQ1IKiMrSiHttPF0ybECuA=
-github.com/bytedance/sonic v1.8.0/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
-github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
-github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
-github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
+github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
+github.com/bytedance/sonic v1.14.2/go.mod h1:T80iDELeHiHKSc0C9tubFygiuXoGzrkjKzX2quAx980=
+github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2NYzevs+o=
+github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
+github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
-github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
-github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
-github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
+github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-yaml v1.19.0 h1:EmkZ9RIsX+Uq4DYFowegAuJo8+xdX3T/2dwNPXbxEYE=
+github.com/goccy/go-yaml v1.19.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
-github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI10=
+github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.9 h1:rmenucSohSTiyL09Y+l2OCk+FrMxGMzho2+tjr5ticU=
-github.com/ugorji/go/codec v1.2.9/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
-golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
+golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
+golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

internal/bytesconv/bytesconv.go

@@ -1,4 +1,4 @@
-// Copyright 2020 Gin Core Team. All rights reserved.
+// Copyright 2023 Gin Core Team. All rights reserved.
 // Use of this source code is governed by a MIT style
 // license that can be found in the LICENSE file.
 
@@ -9,16 +9,13 @@ import (
 )
 
 // StringToBytes converts string to byte slice without a memory allocation.
+// For more details, see https://github.com/golang/go/issues/53003#issuecomment-1140276077.
 func StringToBytes(s string) []byte {
-	return *(*[]byte)(unsafe.Pointer(
-		&struct {
-			string
-			Cap int
-		}{s, len(s)},
-	))
+	return unsafe.Slice(unsafe.StringData(s), len(s))
 }
 
 // BytesToString converts byte slice to string without a memory allocation.
+// For more details, see https://github.com/golang/go/issues/53003#issuecomment-1140276077.
 func BytesToString(b []byte) string {
-	return *(*string)(unsafe.Pointer(&b))
+	return unsafe.String(unsafe.SliceData(b), len(b))
 }

internal/bytesconv/bytesconv_test.go

@@ -6,14 +6,17 @@ package bytesconv
 
 import (
 	"bytes"
+	cRand "crypto/rand"
 	"math/rand"
 	"strings"
 	"testing"
 	"time"
 )
 
-var testString = "Albert Einstein: Logic will get you from A to B. Imagination will take you everywhere."
-var testBytes = []byte(testString)
+var (
+	testString = "Albert Einstein: Logic will get you from A to B. Imagination will take you everywhere."
+	testBytes  = []byte(testString)
+)
 
 func rawBytesToStr(b []byte) string {
 	return string(b)
@@ -28,13 +31,25 @@ func rawStrToBytes(s string) []byte {
 func TestBytesToString(t *testing.T) {
 	data := make([]byte, 1024)
 	for i := 0; i < 100; i++ {
-		rand.Read(data)
+		_, err := cRand.Read(data)
+		if err != nil {
+			t.Fatal(err)
+		}
 		if rawBytesToStr(data) != BytesToString(data) {
 			t.Fatal("don't match")
 		}
 	}
 }
 
+func TestBytesToStringEmpty(t *testing.T) {
+	if got := BytesToString([]byte{}); got != "" {
+		t.Fatalf("BytesToString([]byte{}) = %q; want empty string", got)
+	}
+	if got := BytesToString(nil); got != "" {
+		t.Fatalf("BytesToString(nil) = %q; want empty string", got)
+	}
+}
+
 const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 const (
 	letterIdxBits = 6                    // 6 bits to represent a letter index
@@ -42,7 +57,7 @@ const (
 	letterIdxMax  = 63 / letterIdxBits   // # of letter indices fitting in 63 bits
 )
 
-var src = rand.NewSource(time.Now().UnixNano())
+var src = rand.New(rand.NewSource(time.Now().UnixNano()))
 
 func RandStringBytesMaskImprSrcSB(n int) string {
 	sb := strings.Builder{}
@@ -72,28 +87,38 @@ func TestStringToBytes(t *testing.T) {
 	}
 }
 
+func TestStringToBytesEmpty(t *testing.T) {
+	b := StringToBytes("")
+	if len(b) != 0 {
+		t.Fatalf(`StringToBytes("") length = %d; want 0`, len(b))
+	}
+	if !bytes.Equal(b, []byte("")) {
+		t.Fatalf(`StringToBytes("") = %v; want []byte("")`, b)
+	}
+}
+
 // go test -v -run=none -bench=^BenchmarkBytesConv -benchmem=true
 
 func BenchmarkBytesConvBytesToStrRaw(b *testing.B) {
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		rawBytesToStr(testBytes)
 	}
 }
 
 func BenchmarkBytesConvBytesToStr(b *testing.B) {
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		BytesToString(testBytes)
 	}
 }
 
 func BenchmarkBytesConvStrToBytesRaw(b *testing.B) {
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		rawStrToBytes(testString)
 	}
 }
 
 func BenchmarkBytesConvStrToBytes(b *testing.B) {
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		StringToBytes(testString)
 	}
 }

internal/fs/fs.go

@@ -0,0 +1,21 @@
+package fs
+
+import (
+	"io/fs"
+	"net/http"
+)
+
+// FileSystem implements an [fs.FS].
+type FileSystem struct {
+	http.FileSystem
+}
+
+// Open passes `Open` to the upstream implementation and return an [fs.File].
+func (o FileSystem) Open(name string) (fs.File, error) {
+	f, err := o.FileSystem.Open(name)
+	if err != nil {
+		return nil, err
+	}
+
+	return fs.File(f), nil
+}

internal/fs/fs_test.go

@@ -0,0 +1,49 @@
+package fs
+
+import (
+	"errors"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type mockFileSystem struct {
+	open func(name string) (http.File, error)
+}
+
+func (m *mockFileSystem) Open(name string) (http.File, error) {
+	return m.open(name)
+}
+
+func TestFileSystem_Open(t *testing.T) {
+	var testFile *os.File
+	mockFS := &mockFileSystem{
+		open: func(name string) (http.File, error) {
+			return testFile, nil
+		},
+	}
+	fs := &FileSystem{mockFS}
+
+	file, err := fs.Open("foo")
+
+	require.NoError(t, err)
+	assert.Equal(t, testFile, file)
+}
+
+func TestFileSystem_Open_err(t *testing.T) {
+	testError := errors.New("mock")
+	mockFS := &mockFileSystem{
+		open: func(_ string) (http.File, error) {
+			return nil, testError
+		},
+	}
+	fs := &FileSystem{mockFS}
+
+	file, err := fs.Open("foo")
+
+	require.ErrorIs(t, err, testError)
+	assert.Nil(t, file)
+}

internal/json/go_json.go

@@ -1,23 +0,0 @@
-// Copyright 2017 Bo-Yi Wu. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build go_json
-// +build go_json
-
-package json
-
-import json "github.com/goccy/go-json"
-
-var (
-	// Marshal is exported by gin/json package.
-	Marshal = json.Marshal
-	// Unmarshal is exported by gin/json package.
-	Unmarshal = json.Unmarshal
-	// MarshalIndent is exported by gin/json package.
-	MarshalIndent = json.MarshalIndent
-	// NewDecoder is exported by gin/json package.
-	NewDecoder = json.NewDecoder
-	// NewEncoder is exported by gin/json package.
-	NewEncoder = json.NewEncoder
-)

internal/json/json.go

@@ -1,25 +0,0 @@
-// Copyright 2017 Bo-Yi Wu. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build !jsoniter && !go_json && !(sonic && avx && (linux || windows || darwin) && amd64)
-// +build !jsoniter
-// +build !go_json
-// +build !sonic !avx !linux,!windows,!darwin !amd64
-
-package json
-
-import "encoding/json"
-
-var (
-	// Marshal is exported by gin/json package.
-	Marshal = json.Marshal
-	// Unmarshal is exported by gin/json package.
-	Unmarshal = json.Unmarshal
-	// MarshalIndent is exported by gin/json package.
-	MarshalIndent = json.MarshalIndent
-	// NewDecoder is exported by gin/json package.
-	NewDecoder = json.NewDecoder
-	// NewEncoder is exported by gin/json package.
-	NewEncoder = json.NewEncoder
-)

internal/json/jsoniter.go

@@ -1,24 +0,0 @@
-// Copyright 2017 Bo-Yi Wu. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build jsoniter
-// +build jsoniter
-
-package json
-
-import jsoniter "github.com/json-iterator/go"
-
-var (
-	json = jsoniter.ConfigCompatibleWithStandardLibrary
-	// Marshal is exported by gin/json package.
-	Marshal = json.Marshal
-	// Unmarshal is exported by gin/json package.
-	Unmarshal = json.Unmarshal
-	// MarshalIndent is exported by gin/json package.
-	MarshalIndent = json.MarshalIndent
-	// NewDecoder is exported by gin/json package.
-	NewDecoder = json.NewDecoder
-	// NewEncoder is exported by gin/json package.
-	NewEncoder = json.NewEncoder
-)

internal/json/sonic.go

@@ -1,27 +0,0 @@
-// Copyright 2022 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build sonic && avx && (linux || windows || darwin) && amd64
-// +build sonic
-// +build avx
-// +build linux windows darwin
-// +build amd64
-
-package json
-
-import "github.com/bytedance/sonic"
-
-var (
-	json = sonic.ConfigStd
-	// Marshal is exported by gin/json package.
-	Marshal = json.Marshal
-	// Unmarshal is exported by gin/json package.
-	Unmarshal = json.Unmarshal
-	// MarshalIndent is exported by gin/json package.
-	MarshalIndent = json.MarshalIndent
-	// NewDecoder is exported by gin/json package.
-	NewDecoder = json.NewDecoder
-	// NewEncoder is exported by gin/json package.
-	NewEncoder = json.NewEncoder
-)

logger.go

@@ -44,11 +44,18 @@ type LoggerConfig struct {
 	// Optional. Default value is gin.DefaultWriter.
 	Output io.Writer
 
-	// SkipPaths is an url path array which logs are not written.
+	// SkipPaths is a URL path array which logs are not written.
 	// Optional.
 	SkipPaths []string
+
+	// Skip is a Skipper that indicates which logs should not be written.
+	// Optional.
+	Skip Skipper
 }
 
+// Skipper is a function to skip logs based on provided Context
+type Skipper func(c *Context) bool
+
 // LogFormatter gives the signature of the formatter function passed to LoggerWithFormatter
 type LogFormatter func(params LogFormatterParams) string
 
@@ -75,7 +82,7 @@ type LogFormatterParams struct {
 	// BodySize is the size of the Response Body
 	BodySize int
 	// Keys are the keys set on the request's context.
-	Keys map[string]any
+	Keys map[any]any
 }
 
 // StatusCodeColor is the ANSI color for appropriately logging http status code to a terminal.
@@ -83,6 +90,8 @@ func (p *LogFormatterParams) StatusCodeColor() string {
 	code := p.StatusCode
 
 	switch {
+	case code >= http.StatusContinue && code < http.StatusOK:
+		return white
 	case code >= http.StatusOK && code < http.StatusMultipleChoices:
 		return green
 	case code >= http.StatusMultipleChoices && code < http.StatusBadRequest:
@@ -94,6 +103,27 @@ func (p *LogFormatterParams) StatusCodeColor() string {
 	}
 }
 
+// LatencyColor is the ANSI color for latency
+func (p *LogFormatterParams) LatencyColor() string {
+	latency := p.Latency
+	switch {
+	case latency < time.Millisecond*100:
+		return white
+	case latency < time.Millisecond*200:
+		return green
+	case latency < time.Millisecond*300:
+		return cyan
+	case latency < time.Millisecond*500:
+		return blue
+	case latency < time.Second:
+		return yellow
+	case latency < time.Second*2:
+		return magenta
+	default:
+		return red
+	}
+}
+
 // MethodColor is the ANSI color for appropriately logging http method to a terminal.
 func (p *LogFormatterParams) MethodColor() string {
 	method := p.Method
@@ -130,20 +160,27 @@ func (p *LogFormatterParams) IsOutputColor() bool {
 
 // defaultLogFormatter is the default log format function Logger middleware uses.
 var defaultLogFormatter = func(param LogFormatterParams) string {
-	var statusColor, methodColor, resetColor string
+	var statusColor, methodColor, resetColor, latencyColor string
 	if param.IsOutputColor() {
 		statusColor = param.StatusCodeColor()
 		methodColor = param.MethodColor()
 		resetColor = param.ResetColor()
+		latencyColor = param.LatencyColor()
 	}
 
-	if param.Latency > time.Minute {
-		param.Latency = param.Latency.Truncate(time.Second)
+	switch {
+	case param.Latency > time.Minute:
+		param.Latency = param.Latency.Truncate(time.Second * 10)
+	case param.Latency > time.Second:
+		param.Latency = param.Latency.Truncate(time.Millisecond * 10)
+	case param.Latency > time.Millisecond:
+		param.Latency = param.Latency.Truncate(time.Microsecond * 10)
 	}
-	return fmt.Sprintf("[GIN] %v |%s %3d %s| %13v | %15s |%s %-7s %s %#v\n%s",
+
+	return fmt.Sprintf("[GIN] %v |%s %3d %s|%s %8v %s| %15s |%s %-7s %s %#v\n%s",
 		param.TimeStamp.Format("2006/01/02 - 15:04:05"),
 		statusColor, param.StatusCode, resetColor,
-		param.Latency,
+		latencyColor, param.Latency, resetColor,
 		param.ClientIP,
 		methodColor, param.Method, resetColor,
 		param.Path,
@@ -239,32 +276,34 @@ func LoggerWithConfig(conf LoggerConfig) HandlerFunc {
 		// Process request
 		c.Next()
 
-		// Log only when path is not being skipped
-		if _, ok := skip[path]; !ok {
-			param := LogFormatterParams{
-				Request: c.Request,
-				isTerm:  isTerm,
-				Keys:    c.Keys,
-			}
-
-			// Stop timer
-			param.TimeStamp = time.Now()
-			param.Latency = param.TimeStamp.Sub(start)
-
-			param.ClientIP = c.ClientIP()
-			param.Method = c.Request.Method
-			param.StatusCode = c.Writer.Status()
-			param.ErrorMessage = c.Errors.ByType(ErrorTypePrivate).String()
-
-			param.BodySize = c.Writer.Size()
-
-			if raw != "" {
-				path = path + "?" + raw
-			}
-
-			param.Path = path
-
-			fmt.Fprint(out, formatter(param))
+		// Log only when it is not being skipped
+		if _, ok := skip[path]; ok || (conf.Skip != nil && conf.Skip(c)) {
+			return
 		}
+
+		param := LogFormatterParams{
+			Request: c.Request,
+			isTerm:  isTerm,
+			Keys:    c.Keys,
+		}
+
+		// Stop timer
+		param.TimeStamp = time.Now()
+		param.Latency = param.TimeStamp.Sub(start)
+
+		param.ClientIP = c.ClientIP()
+		param.Method = c.Request.Method
+		param.StatusCode = c.Writer.Status()
+		param.ErrorMessage = c.Errors.ByType(ErrorTypePrivate).String()
+
+		param.BodySize = c.Writer.Size()
+
+		if raw != "" {
+			path = path + "?" + raw
+		}
+
+		param.Path = path
+
+		fmt.Fprint(out, formatter(param))
 	}
 }

logger_test.go

@@ -31,31 +31,31 @@ func TestLogger(t *testing.T) {
 	router.HEAD("/example", func(c *Context) {})
 	router.OPTIONS("/example", func(c *Context) {})
 
-	PerformRequest(router, "GET", "/example?a=100")
+	PerformRequest(router, http.MethodGet, "/example?a=100")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "GET")
+	assert.Contains(t, buffer.String(), http.MethodGet)
 	assert.Contains(t, buffer.String(), "/example")
 	assert.Contains(t, buffer.String(), "a=100")
 
 	// I wrote these first (extending the above) but then realized they are more
 	// like integration tests because they test the whole logging process rather
-	// than individual functions.  Im not sure where these should go.
+	// than individual functions. I'm not sure where these should go.
 	buffer.Reset()
-	PerformRequest(router, "POST", "/example")
+	PerformRequest(router, http.MethodPost, "/example")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "POST")
+	assert.Contains(t, buffer.String(), http.MethodPost)
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
-	PerformRequest(router, "PUT", "/example")
+	PerformRequest(router, http.MethodPut, "/example")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "PUT")
+	assert.Contains(t, buffer.String(), http.MethodPut)
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
-	PerformRequest(router, "DELETE", "/example")
+	PerformRequest(router, http.MethodDelete, "/example")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "DELETE")
+	assert.Contains(t, buffer.String(), http.MethodDelete)
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
@@ -77,9 +77,9 @@ func TestLogger(t *testing.T) {
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
-	PerformRequest(router, "GET", "/notfound")
+	PerformRequest(router, http.MethodGet, "/notfound")
 	assert.Contains(t, buffer.String(), "404")
-	assert.Contains(t, buffer.String(), "GET")
+	assert.Contains(t, buffer.String(), http.MethodGet)
 	assert.Contains(t, buffer.String(), "/notfound")
 }
 
@@ -95,31 +95,31 @@ func TestLoggerWithConfig(t *testing.T) {
 	router.HEAD("/example", func(c *Context) {})
 	router.OPTIONS("/example", func(c *Context) {})
 
-	PerformRequest(router, "GET", "/example?a=100")
+	PerformRequest(router, http.MethodGet, "/example?a=100")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "GET")
+	assert.Contains(t, buffer.String(), http.MethodGet)
 	assert.Contains(t, buffer.String(), "/example")
 	assert.Contains(t, buffer.String(), "a=100")
 
 	// I wrote these first (extending the above) but then realized they are more
 	// like integration tests because they test the whole logging process rather
-	// than individual functions.  Im not sure where these should go.
+	// than individual functions. I'm not sure where these should go.
 	buffer.Reset()
-	PerformRequest(router, "POST", "/example")
+	PerformRequest(router, http.MethodPost, "/example")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "POST")
+	assert.Contains(t, buffer.String(), http.MethodPost)
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
-	PerformRequest(router, "PUT", "/example")
+	PerformRequest(router, http.MethodPut, "/example")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "PUT")
+	assert.Contains(t, buffer.String(), http.MethodPut)
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
-	PerformRequest(router, "DELETE", "/example")
+	PerformRequest(router, http.MethodDelete, "/example")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "DELETE")
+	assert.Contains(t, buffer.String(), http.MethodDelete)
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
@@ -141,9 +141,9 @@ func TestLoggerWithConfig(t *testing.T) {
 	assert.Contains(t, buffer.String(), "/example")
 
 	buffer.Reset()
-	PerformRequest(router, "GET", "/notfound")
+	PerformRequest(router, http.MethodGet, "/notfound")
 	assert.Contains(t, buffer.String(), "404")
-	assert.Contains(t, buffer.String(), "GET")
+	assert.Contains(t, buffer.String(), http.MethodGet)
 	assert.Contains(t, buffer.String(), "/notfound")
 }
 
@@ -169,19 +169,19 @@ func TestLoggerWithFormatter(t *testing.T) {
 		)
 	}))
 	router.GET("/example", func(c *Context) {})
-	PerformRequest(router, "GET", "/example?a=100")
+	PerformRequest(router, http.MethodGet, "/example?a=100")
 
 	// output test
 	assert.Contains(t, buffer.String(), "[FORMATTER TEST]")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "GET")
+	assert.Contains(t, buffer.String(), http.MethodGet)
 	assert.Contains(t, buffer.String(), "/example")
 	assert.Contains(t, buffer.String(), "a=100")
 }
 
 func TestLoggerWithConfigFormatting(t *testing.T) {
 	var gotParam LogFormatterParams
-	var gotKeys map[string]any
+	var gotKeys map[any]any
 	buffer := new(strings.Builder)
 
 	router := New()
@@ -210,12 +210,12 @@ func TestLoggerWithConfigFormatting(t *testing.T) {
 		gotKeys = c.Keys
 		time.Sleep(time.Millisecond)
 	})
-	PerformRequest(router, "GET", "/example?a=100")
+	PerformRequest(router, http.MethodGet, "/example?a=100")
 
 	// output test
 	assert.Contains(t, buffer.String(), "[FORMATTER TEST]")
 	assert.Contains(t, buffer.String(), "200")
-	assert.Contains(t, buffer.String(), "GET")
+	assert.Contains(t, buffer.String(), http.MethodGet)
 	assert.Contains(t, buffer.String(), "/example")
 	assert.Contains(t, buffer.String(), "a=100")
 
@@ -225,7 +225,7 @@ func TestLoggerWithConfigFormatting(t *testing.T) {
 	assert.Equal(t, 200, gotParam.StatusCode)
 	assert.NotEmpty(t, gotParam.Latency)
 	assert.Equal(t, "20.20.20.20", gotParam.ClientIP)
-	assert.Equal(t, "GET", gotParam.Method)
+	assert.Equal(t, http.MethodGet, gotParam.Method)
 	assert.Equal(t, "/example?a=100", gotParam.Path)
 	assert.Empty(t, gotParam.ErrorMessage)
 	assert.Equal(t, gotKeys, gotParam.Keys)
@@ -239,7 +239,7 @@ func TestDefaultLogFormatter(t *testing.T) {
 		StatusCode:   200,
 		Latency:      time.Second * 5,
 		ClientIP:     "20.20.20.20",
-		Method:       "GET",
+		Method:       http.MethodGet,
 		Path:         "/",
 		ErrorMessage: "",
 		isTerm:       false,
@@ -250,7 +250,7 @@ func TestDefaultLogFormatter(t *testing.T) {
 		StatusCode:   200,
 		Latency:      time.Second * 5,
 		ClientIP:     "20.20.20.20",
-		Method:       "GET",
+		Method:       http.MethodGet,
 		Path:         "/",
 		ErrorMessage: "",
 		isTerm:       true,
@@ -260,7 +260,7 @@ func TestDefaultLogFormatter(t *testing.T) {
 		StatusCode:   200,
 		Latency:      time.Millisecond * 9876543210,
 		ClientIP:     "20.20.20.20",
-		Method:       "GET",
+		Method:       http.MethodGet,
 		Path:         "/",
 		ErrorMessage: "",
 		isTerm:       true,
@@ -271,17 +271,17 @@ func TestDefaultLogFormatter(t *testing.T) {
 		StatusCode:   200,
 		Latency:      time.Millisecond * 9876543210,
 		ClientIP:     "20.20.20.20",
-		Method:       "GET",
+		Method:       http.MethodGet,
 		Path:         "/",
 		ErrorMessage: "",
 		isTerm:       false,
 	}
 
-	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 | 200 |            5s |     20.20.20.20 | GET      \"/\"\n", defaultLogFormatter(termFalseParam))
-	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 | 200 |    2743h29m3s |     20.20.20.20 | GET      \"/\"\n", defaultLogFormatter(termFalseLongDurationParam))
+	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 | 200 |       5s |     20.20.20.20 | GET      \"/\"\n", defaultLogFormatter(termFalseParam))
+	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 | 200 | 2743h29m0s |     20.20.20.20 | GET      \"/\"\n", defaultLogFormatter(termFalseLongDurationParam))
 
-	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 |\x1b[97;42m 200 \x1b[0m|            5s |     20.20.20.20 |\x1b[97;44m GET     \x1b[0m \"/\"\n", defaultLogFormatter(termTrueParam))
-	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 |\x1b[97;42m 200 \x1b[0m|    2743h29m3s |     20.20.20.20 |\x1b[97;44m GET     \x1b[0m \"/\"\n", defaultLogFormatter(termTrueLongDurationParam))
+	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 |\x1b[97;42m 200 \x1b[0m|\x1b[97;41m       5s \x1b[0m|     20.20.20.20 |\x1b[97;44m GET     \x1b[0m \"/\"\n", defaultLogFormatter(termTrueParam))
+	assert.Equal(t, "[GIN] 2018/12/07 - 09:11:42 |\x1b[97;42m 200 \x1b[0m|\x1b[97;41m 2743h29m0s \x1b[0m|     20.20.20.20 |\x1b[97;44m GET     \x1b[0m \"/\"\n", defaultLogFormatter(termTrueLongDurationParam))
 }
 
 func TestColorForMethod(t *testing.T) {
@@ -292,10 +292,10 @@ func TestColorForMethod(t *testing.T) {
 		return p.MethodColor()
 	}
 
-	assert.Equal(t, blue, colorForMethod("GET"), "get should be blue")
-	assert.Equal(t, cyan, colorForMethod("POST"), "post should be cyan")
-	assert.Equal(t, yellow, colorForMethod("PUT"), "put should be yellow")
-	assert.Equal(t, red, colorForMethod("DELETE"), "delete should be red")
+	assert.Equal(t, blue, colorForMethod(http.MethodGet), "get should be blue")
+	assert.Equal(t, cyan, colorForMethod(http.MethodPost), "post should be cyan")
+	assert.Equal(t, yellow, colorForMethod(http.MethodPut), "put should be yellow")
+	assert.Equal(t, red, colorForMethod(http.MethodDelete), "delete should be red")
 	assert.Equal(t, green, colorForMethod("PATCH"), "patch should be green")
 	assert.Equal(t, magenta, colorForMethod("HEAD"), "head should be magenta")
 	assert.Equal(t, white, colorForMethod("OPTIONS"), "options should be white")
@@ -310,12 +310,30 @@ func TestColorForStatus(t *testing.T) {
 		return p.StatusCodeColor()
 	}
 
+	assert.Equal(t, white, colorForStatus(http.StatusContinue), "1xx should be white")
 	assert.Equal(t, green, colorForStatus(http.StatusOK), "2xx should be green")
 	assert.Equal(t, white, colorForStatus(http.StatusMovedPermanently), "3xx should be white")
 	assert.Equal(t, yellow, colorForStatus(http.StatusNotFound), "4xx should be yellow")
 	assert.Equal(t, red, colorForStatus(2), "other things should be red")
 }
 
+func TestColorForLatency(t *testing.T) {
+	colorForLantency := func(latency time.Duration) string {
+		p := LogFormatterParams{
+			Latency: latency,
+		}
+		return p.LatencyColor()
+	}
+
+	assert.Equal(t, white, colorForLantency(time.Duration(0)), "0 should be white")
+	assert.Equal(t, white, colorForLantency(time.Millisecond*20), "20ms should be white")
+	assert.Equal(t, green, colorForLantency(time.Millisecond*150), "150ms should be green")
+	assert.Equal(t, cyan, colorForLantency(time.Millisecond*250), "250ms should be cyan")
+	assert.Equal(t, yellow, colorForLantency(time.Millisecond*600), "600ms should be yellow")
+	assert.Equal(t, magenta, colorForLantency(time.Millisecond*1500), "1.5s should be magenta")
+	assert.Equal(t, red, colorForLantency(time.Second*3), "other things should be red")
+}
+
 func TestResetColor(t *testing.T) {
 	p := LogFormatterParams{}
 	assert.Equal(t, string([]byte{27, 91, 48, 109}), p.ResetColor())
@@ -328,13 +346,13 @@ func TestIsOutputColor(t *testing.T) {
 	}
 
 	consoleColorMode = autoColor
-	assert.Equal(t, true, p.IsOutputColor())
+	assert.True(t, p.IsOutputColor())
 
 	ForceConsoleColor()
-	assert.Equal(t, true, p.IsOutputColor())
+	assert.True(t, p.IsOutputColor())
 
 	DisableConsoleColor()
-	assert.Equal(t, false, p.IsOutputColor())
+	assert.False(t, p.IsOutputColor())
 
 	// test with isTerm flag false.
 	p = LogFormatterParams{
@@ -342,13 +360,13 @@ func TestIsOutputColor(t *testing.T) {
 	}
 
 	consoleColorMode = autoColor
-	assert.Equal(t, false, p.IsOutputColor())
+	assert.False(t, p.IsOutputColor())
 
 	ForceConsoleColor()
-	assert.Equal(t, true, p.IsOutputColor())
+	assert.True(t, p.IsOutputColor())
 
 	DisableConsoleColor()
-	assert.Equal(t, false, p.IsOutputColor())
+	assert.False(t, p.IsOutputColor())
 
 	// reset console color mode.
 	consoleColorMode = autoColor
@@ -368,15 +386,15 @@ func TestErrorLogger(t *testing.T) {
 		c.String(http.StatusInternalServerError, "hola!")
 	})
 
-	w := PerformRequest(router, "GET", "/error")
+	w := PerformRequest(router, http.MethodGet, "/error")
 	assert.Equal(t, http.StatusOK, w.Code)
-	assert.Equal(t, "{\"error\":\"this is an error\"}", w.Body.String())
+	assert.JSONEq(t, "{\"error\":\"this is an error\"}", w.Body.String())
 
-	w = PerformRequest(router, "GET", "/abort")
+	w = PerformRequest(router, http.MethodGet, "/abort")
 	assert.Equal(t, http.StatusUnauthorized, w.Code)
-	assert.Equal(t, "{\"error\":\"no authorized\"}", w.Body.String())
+	assert.JSONEq(t, "{\"error\":\"no authorized\"}", w.Body.String())
 
-	w = PerformRequest(router, "GET", "/print")
+	w = PerformRequest(router, http.MethodGet, "/print")
 	assert.Equal(t, http.StatusInternalServerError, w.Code)
 	assert.Equal(t, "hola!{\"error\":\"this is an error\"}", w.Body.String())
 }
@@ -388,11 +406,11 @@ func TestLoggerWithWriterSkippingPaths(t *testing.T) {
 	router.GET("/logged", func(c *Context) {})
 	router.GET("/skipped", func(c *Context) {})
 
-	PerformRequest(router, "GET", "/logged")
+	PerformRequest(router, http.MethodGet, "/logged")
 	assert.Contains(t, buffer.String(), "200")
 
 	buffer.Reset()
-	PerformRequest(router, "GET", "/skipped")
+	PerformRequest(router, http.MethodGet, "/skipped")
 	assert.Contains(t, buffer.String(), "")
 }
 
@@ -406,11 +424,31 @@ func TestLoggerWithConfigSkippingPaths(t *testing.T) {
 	router.GET("/logged", func(c *Context) {})
 	router.GET("/skipped", func(c *Context) {})
 
-	PerformRequest(router, "GET", "/logged")
+	PerformRequest(router, http.MethodGet, "/logged")
 	assert.Contains(t, buffer.String(), "200")
 
 	buffer.Reset()
-	PerformRequest(router, "GET", "/skipped")
+	PerformRequest(router, http.MethodGet, "/skipped")
+	assert.Contains(t, buffer.String(), "")
+}
+
+func TestLoggerWithConfigSkipper(t *testing.T) {
+	buffer := new(strings.Builder)
+	router := New()
+	router.Use(LoggerWithConfig(LoggerConfig{
+		Output: buffer,
+		Skip: func(c *Context) bool {
+			return c.Writer.Status() == http.StatusNoContent
+		},
+	}))
+	router.GET("/logged", func(c *Context) { c.Status(http.StatusOK) })
+	router.GET("/skipped", func(c *Context) { c.Status(http.StatusNoContent) })
+
+	PerformRequest(router, http.MethodGet, "/logged")
+	assert.Contains(t, buffer.String(), "200")
+
+	buffer.Reset()
+	PerformRequest(router, http.MethodGet, "/skipped")
 	assert.Contains(t, buffer.String(), "")
 }
 

middleware_test.go

@@ -35,7 +35,7 @@ func TestMiddlewareGeneralCase(t *testing.T) {
 		signature += " XX "
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusOK, w.Code)
@@ -71,7 +71,7 @@ func TestMiddlewareNoRoute(t *testing.T) {
 		signature += " X "
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusNotFound, w.Code)
@@ -108,7 +108,7 @@ func TestMiddlewareNoMethodEnabled(t *testing.T) {
 		signature += " XX "
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusMethodNotAllowed, w.Code)
@@ -149,7 +149,7 @@ func TestMiddlewareNoMethodDisabled(t *testing.T) {
 	})
 
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusNotFound, w.Code)
@@ -175,7 +175,7 @@ func TestMiddlewareAbort(t *testing.T) {
 	})
 
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusUnauthorized, w.Code)
@@ -196,14 +196,14 @@ func TestMiddlewareAbortHandlersChainAndNext(t *testing.T) {
 		c.Next()
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusGone, w.Code)
 	assert.Equal(t, "ACB", signature)
 }
 
-// TestFailHandlersChain - ensure that Fail interrupt used middleware in fifo order as
+// TestMiddlewareFailHandlersChain - ensure that Fail interrupt used middleware in fifo order as
 // as well as Abort
 func TestMiddlewareFailHandlersChain(t *testing.T) {
 	// SETUP
@@ -219,7 +219,7 @@ func TestMiddlewareFailHandlersChain(t *testing.T) {
 		signature += "C"
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	// TEST
 	assert.Equal(t, http.StatusInternalServerError, w.Code)
@@ -246,8 +246,8 @@ func TestMiddlewareWrite(t *testing.T) {
 		})
 	})
 
-	w := PerformRequest(router, "GET", "/")
+	w := PerformRequest(router, http.MethodGet, "/")
 
 	assert.Equal(t, http.StatusBadRequest, w.Code)
-	assert.Equal(t, strings.Replace("hola\n<map><foo>bar</foo></map>{\"foo\":\"bar\"}{\"foo\":\"bar\"}event:test\ndata:message\n\n", " ", "", -1), strings.Replace(w.Body.String(), " ", "", -1))
+	assert.Equal(t, strings.ReplaceAll("hola\n<map><foo>bar</foo></map>{\"foo\":\"bar\"}{\"foo\":\"bar\"}event:test\ndata:message\n\n", " ", ""), strings.ReplaceAll(w.Body.String(), " ", ""))
 }

mode.go

@@ -8,6 +8,7 @@ import (
 	"flag"
 	"io"
 	"os"
+	"sync/atomic"
 
 	"github.com/gin-gonic/gin/binding"
 )
@@ -44,8 +45,8 @@ var DefaultWriter io.Writer = os.Stdout
 var DefaultErrorWriter io.Writer = os.Stderr
 
 var (
-	ginMode  = debugCode
-	modeName = DebugMode
+	ginMode  int32 = debugCode
+	modeName atomic.Value
 )
 
 func init() {
@@ -65,16 +66,15 @@ func SetMode(value string) {
 
 	switch value {
 	case DebugMode:
-		ginMode = debugCode
+		atomic.StoreInt32(&ginMode, debugCode)
 	case ReleaseMode:
-		ginMode = releaseCode
+		atomic.StoreInt32(&ginMode, releaseCode)
 	case TestMode:
-		ginMode = testCode
+		atomic.StoreInt32(&ginMode, testCode)
 	default:
 		panic("gin mode unknown: " + value + " (available mode: debug release test)")
 	}
-
-	modeName = value
+	modeName.Store(value)
 }
 
 // DisableBindValidation closes the default validator.
@@ -96,5 +96,5 @@ func EnableJsonDecoderDisallowUnknownFields() {
 
 // Mode returns current gin mode.
 func Mode() string {
-	return modeName
+	return modeName.Load().(string)
 }

mode_test.go

@@ -5,8 +5,8 @@
 package gin
 
 import (
-	"flag"
 	"os"
+	"sync/atomic"
 	"testing"
 
 	"github.com/gin-gonic/gin/binding"
@@ -18,31 +18,24 @@ func init() {
 }
 
 func TestSetMode(t *testing.T) {
-	assert.Equal(t, testCode, ginMode)
+	assert.Equal(t, int32(testCode), atomic.LoadInt32(&ginMode))
 	assert.Equal(t, TestMode, Mode())
 	os.Unsetenv(EnvGinMode)
 
 	SetMode("")
-	assert.Equal(t, testCode, ginMode)
+	assert.Equal(t, int32(testCode), atomic.LoadInt32(&ginMode))
 	assert.Equal(t, TestMode, Mode())
 
-	tmp := flag.CommandLine
-	flag.CommandLine = flag.NewFlagSet("", flag.ContinueOnError)
-	SetMode("")
-	assert.Equal(t, debugCode, ginMode)
-	assert.Equal(t, DebugMode, Mode())
-	flag.CommandLine = tmp
-
 	SetMode(DebugMode)
-	assert.Equal(t, debugCode, ginMode)
+	assert.Equal(t, int32(debugCode), atomic.LoadInt32(&ginMode))
 	assert.Equal(t, DebugMode, Mode())
 
 	SetMode(ReleaseMode)
-	assert.Equal(t, releaseCode, ginMode)
+	assert.Equal(t, int32(releaseCode), atomic.LoadInt32(&ginMode))
 	assert.Equal(t, ReleaseMode, Mode())
 
 	SetMode(TestMode)
-	assert.Equal(t, testCode, ginMode)
+	assert.Equal(t, int32(testCode), atomic.LoadInt32(&ginMode))
 	assert.Equal(t, TestMode, Mode())
 
 	assert.Panics(t, func() { SetMode("unknown") })

path.go

@@ -5,6 +5,8 @@
 
 package gin
 
+const stackBufSize = 128
+
 // cleanPath is the URL version of path.Clean, it returns a canonical URL path
 // for p, eliminating . and .. elements.
 //
@@ -19,7 +21,6 @@ package gin
 //
 // If the result of this process is an empty string, "/" is returned.
 func cleanPath(p string) string {
-	const stackBufSize = 128
 	// Turn empty string into "/"
 	if p == "" {
 		return "/"
@@ -148,3 +149,55 @@ func bufApp(buf *[]byte, s string, w int, c byte) {
 	}
 	b[w] = c
 }
+
+// removeRepeatedChar removes multiple consecutive 'char's from a string.
+// if s == "/a//b///c////" && char == '/', it returns "/a/b/c/"
+func removeRepeatedChar(s string, char byte) string {
+	// Check if there are any consecutive chars
+	hasRepeatedChar := false
+	for i := 1; i < len(s); i++ {
+		if s[i] == char && s[i-1] == char {
+			hasRepeatedChar = true
+			break
+		}
+	}
+	if !hasRepeatedChar {
+		return s
+	}
+
+	// Reasonably sized buffer on stack to avoid allocations in the common case.
+	buf := make([]byte, 0, stackBufSize)
+
+	// Invariants:
+	//      reading from s; r is index of next byte to process.
+	//      writing to buf; w is index of next byte to write.
+	r := 0
+	w := 0
+
+	for n := len(s); r < n; {
+		if s[r] == char {
+			// Write the first char
+			bufApp(&buf, s, w, char)
+			w++
+			r++
+
+			// Skip all consecutive chars
+			for r < n && s[r] == char {
+				r++
+			}
+		} else {
+			// Copy non-char character
+			bufApp(&buf, s, w, s[r])
+			w++
+			r++
+		}
+	}
+
+	// If the original string was not modified (or only shortened at the end),
+	// return the respective substring of the original string.
+	// Otherwise, return a new string from the buffer.
+	if len(buf) == 0 {
+		return s[:w]
+	}
+	return string(buf[:w])
+}

path_test.go

@@ -6,6 +6,7 @@
 package gin
 
 import (
+	"runtime"
 	"strings"
 	"testing"
 
@@ -80,16 +81,20 @@ func TestPathCleanMallocs(t *testing.T) {
 		t.Skip("skipping malloc count in short mode")
 	}
 
+	if runtime.GOMAXPROCS(0) > 1 {
+		t.Skip("skipping malloc count; GOMAXPROCS>1")
+	}
+
 	for _, test := range cleanTests {
 		allocs := testing.AllocsPerRun(100, func() { cleanPath(test.result) })
-		assert.EqualValues(t, allocs, 0)
+		assert.InDelta(t, 0, allocs, 0.01)
 	}
 }
 
 func BenchmarkPathClean(b *testing.B) {
 	b.ReportAllocs()
 
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		for _, test := range cleanTests {
 			cleanPath(test.path)
 		}
@@ -129,12 +134,59 @@ func TestPathCleanLong(t *testing.T) {
 
 func BenchmarkPathCleanLong(b *testing.B) {
 	cleanTests := genLongPaths()
-	b.ResetTimer()
+
 	b.ReportAllocs()
 
-	for i := 0; i < b.N; i++ {
+	for b.Loop() {
 		for _, test := range cleanTests {
 			cleanPath(test.path)
 		}
 	}
 }
+
+func TestRemoveRepeatedChar(t *testing.T) {
+	testCases := []struct {
+		name string
+		str  string
+		char byte
+		want string
+	}{
+		{
+			name: "empty",
+			str:  "",
+			char: 'a',
+			want: "",
+		},
+		{
+			name: "noSlash",
+			str:  "abc",
+			char: ',',
+			want: "abc",
+		},
+		{
+			name: "withSlash",
+			str:  "/a/b/c/",
+			char: '/',
+			want: "/a/b/c/",
+		},
+		{
+			name: "withRepeatedSlashes",
+			str:  "/a//b///c////",
+			char: '/',
+			want: "/a/b/c/",
+		},
+		{
+			name: "threeSlashes",
+			str:  "///",
+			char: '/',
+			want: "/",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			res := removeRepeatedChar(tc.str, tc.char)
+			assert.Equal(t, tc.want, res)
+		})
+	}
+}

recovery.go

@@ -5,7 +5,9 @@
 package gin
 
 import (
+	"bufio"
 	"bytes"
+	"cmp"
 	"errors"
 	"fmt"
 	"io"
@@ -17,13 +19,13 @@ import (
 	"runtime"
 	"strings"
 	"time"
+
+	"github.com/gin-gonic/gin/internal/bytesconv"
 )
 
-var (
-	dunno     = []byte("???")
-	centerDot = []byte("·")
-	dot       = []byte(".")
-	slash     = []byte("/")
+const (
+	dunno     = "???"
+	stackSkip = 3
 )
 
 // RecoveryFunc defines the function passable to CustomRecovery.
@@ -69,25 +71,18 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 						}
 					}
 				}
+				if e, ok := err.(error); ok && errors.Is(e, http.ErrAbortHandler) {
+					brokenPipe = true
+				}
 				if logger != nil {
-					stack := stack(3)
-					httpRequest, _ := httputil.DumpRequest(c.Request, false)
-					headers := strings.Split(string(httpRequest), "\r\n")
-					for idx, header := range headers {
-						current := strings.Split(header, ":")
-						if current[0] == "Authorization" {
-							headers[idx] = current[0] + ": *"
-						}
-					}
-					headersToStr := strings.Join(headers, "\r\n")
 					if brokenPipe {
-						logger.Printf("%s\n%s%s", err, headersToStr, reset)
+						logger.Printf("%s\n%s%s", err, secureRequestDump(c.Request), reset)
 					} else if IsDebugging() {
 						logger.Printf("[Recovery] %s panic recovered:\n%s\n%s\n%s%s",
-							timeFormat(time.Now()), headersToStr, err, stack, reset)
+							timeFormat(time.Now()), secureRequestDump(c.Request), err, stack(stackSkip), reset)
 					} else {
 						logger.Printf("[Recovery] %s panic recovered:\n%s\n%s%s",
-							timeFormat(time.Now()), err, stack, reset)
+							timeFormat(time.Now()), err, stack(stackSkip), reset)
 					}
 				}
 				if brokenPipe {
@@ -103,7 +98,22 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 	}
 }
 
-func defaultHandleRecovery(c *Context, err any) {
+// secureRequestDump returns a sanitized HTTP request dump where the Authorization header,
+// if present, is replaced with a masked value ("Authorization: *") to avoid leaking sensitive credentials.
+//
+// Currently, only the Authorization header is sanitized. All other headers and request data remain unchanged.
+func secureRequestDump(r *http.Request) string {
+	httpRequest, _ := httputil.DumpRequest(r, false)
+	lines := strings.Split(bytesconv.BytesToString(httpRequest), "\r\n")
+	for i, line := range lines {
+		if strings.HasPrefix(line, "Authorization:") {
+			lines[i] = "Authorization: *"
+		}
+	}
+	return strings.Join(lines, "\r\n")
+}
+
+func defaultHandleRecovery(c *Context, _ any) {
 	c.AbortWithStatus(http.StatusInternalServerError)
 }
 
@@ -112,8 +122,11 @@ func stack(skip int) []byte {
 	buf := new(bytes.Buffer) // the returned data
 	// As we loop, we open files and read them. These variables record the currently
 	// loaded file.
-	var lines [][]byte
-	var lastFile string
+	var (
+		nLine    string
+		lastFile string
+		err      error
+	)
 	for i := skip; ; i++ { // Skip the expected number of frames
 		pc, file, line, ok := runtime.Caller(i)
 		if !ok {
@@ -122,34 +135,53 @@ func stack(skip int) []byte {
 		// Print this much at least.  If we can't find the source, it won't show.
 		fmt.Fprintf(buf, "%s:%d (0x%x)\n", file, line, pc)
 		if file != lastFile {
-			data, err := os.ReadFile(file)
+			nLine, err = readNthLine(file, line-1)
 			if err != nil {
 				continue
 			}
-			lines = bytes.Split(data, []byte{'\n'})
 			lastFile = file
 		}
-		fmt.Fprintf(buf, "\t%s: %s\n", function(pc), source(lines, line))
+		fmt.Fprintf(buf, "\t%s: %s\n", function(pc), cmp.Or(nLine, dunno))
 	}
 	return buf.Bytes()
 }
 
-// source returns a space-trimmed slice of the n'th line.
-func source(lines [][]byte, n int) []byte {
-	n-- // in stack trace, lines are 1-indexed but our array is 0-indexed
-	if n < 0 || n >= len(lines) {
-		return dunno
+// readNthLine reads the nth line from the file.
+// It returns the trimmed content of the line if found,
+// or an empty string if the line doesn't exist.
+// If there's an error opening the file, it returns the error.
+func readNthLine(file string, n int) (string, error) {
+	if n < 0 {
+		return "", nil
 	}
-	return bytes.TrimSpace(lines[n])
+
+	f, err := os.Open(file)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for i := 0; i < n; i++ {
+		if !scanner.Scan() {
+			return "", nil
+		}
+	}
+
+	if scanner.Scan() {
+		return strings.TrimSpace(scanner.Text()), nil
+	}
+
+	return "", nil
 }
 
 // function returns, if possible, the name of the function containing the PC.
-func function(pc uintptr) []byte {
+func function(pc uintptr) string {
 	fn := runtime.FuncForPC(pc)
 	if fn == nil {
 		return dunno
 	}
-	name := []byte(fn.Name())
+	name := fn.Name()
 	// The name includes the path name to the package, which is unnecessary
 	// since the file name is already included.  Plus, it has center dots.
 	// That is, we see
@@ -158,13 +190,13 @@ func function(pc uintptr) []byte {
 	//	*T.ptrmethod
 	// Also the package path might contain dot (e.g. code.google.com/...),
 	// so first eliminate the path prefix
-	if lastSlash := bytes.LastIndex(name, slash); lastSlash >= 0 {
+	if lastSlash := strings.LastIndexByte(name, '/'); lastSlash >= 0 {
 		name = name[lastSlash+1:]
 	}
-	if period := bytes.Index(name, dot); period >= 0 {
+	if period := strings.IndexByte(name, '.'); period >= 0 {
 		name = name[period+1:]
 	}
-	name = bytes.Replace(name, centerDot, dot, -1)
+	name = strings.ReplaceAll(name, "·", ".")
 	return name
 }
 

recovery_test.go

@@ -5,7 +5,6 @@
 package gin
 
 import (
-	"fmt"
 	"net"
 	"net/http"
 	"os"
@@ -26,14 +25,14 @@ func TestPanicClean(t *testing.T) {
 		panic("Oupps, Houston, we have a problem")
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/recovery",
+	w := PerformRequest(router, http.MethodGet, "/recovery",
 		header{
 			Key:   "Host",
 			Value: "www.google.com",
 		},
 		header{
 			Key:   "Authorization",
-			Value: fmt.Sprintf("Bearer %s", password),
+			Value: "Bearer " + password,
 		},
 		header{
 			Key:   "Content-Type",
@@ -56,7 +55,7 @@ func TestPanicInHandler(t *testing.T) {
 		panic("Oupps, Houston, we have a problem")
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/recovery")
+	w := PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusInternalServerError, w.Code)
 	assert.Contains(t, buffer.String(), "panic recovered")
@@ -67,7 +66,7 @@ func TestPanicInHandler(t *testing.T) {
 	// Debug mode prints the request
 	SetMode(DebugMode)
 	// RUN
-	w = PerformRequest(router, "GET", "/recovery")
+	w = PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusInternalServerError, w.Code)
 	assert.Contains(t, buffer.String(), "GET /recovery")
@@ -84,26 +83,11 @@ func TestPanicWithAbort(t *testing.T) {
 		panic("Oupps, Houston, we have a problem")
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/recovery")
+	w := PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 }
 
-func TestSource(t *testing.T) {
-	bs := source(nil, 0)
-	assert.Equal(t, dunno, bs)
-
-	in := [][]byte{
-		[]byte("Hello world."),
-		[]byte("Hi, gin.."),
-	}
-	bs = source(in, 10)
-	assert.Equal(t, dunno, bs)
-
-	bs = source(in, 1)
-	assert.Equal(t, []byte("Hello world."), bs)
-}
-
 func TestFunction(t *testing.T) {
 	bs := function(1)
 	assert.Equal(t, dunno, bs)
@@ -135,7 +119,7 @@ func TestPanicWithBrokenPipe(t *testing.T) {
 				panic(e)
 			})
 			// RUN
-			w := PerformRequest(router, "GET", "/recovery")
+			w := PerformRequest(router, http.MethodGet, "/recovery")
 			// TEST
 			assert.Equal(t, expectCode, w.Code)
 			assert.Contains(t, strings.ToLower(buf.String()), expectMsg)
@@ -143,6 +127,30 @@ func TestPanicWithBrokenPipe(t *testing.T) {
 	}
 }
 
+// TestPanicWithAbortHandler asserts that recovery handles http.ErrAbortHandler as broken pipe
+func TestPanicWithAbortHandler(t *testing.T) {
+	const expectCode = 204
+
+	var buf strings.Builder
+	router := New()
+	router.Use(RecoveryWithWriter(&buf))
+	router.GET("/recovery", func(c *Context) {
+		// Start writing response
+		c.Header("X-Test", "Value")
+		c.Status(expectCode)
+
+		// Panic with ErrAbortHandler which should be treated as broken pipe
+		panic(http.ErrAbortHandler)
+	})
+	// RUN
+	w := PerformRequest(router, http.MethodGet, "/recovery")
+	// TEST
+	assert.Equal(t, expectCode, w.Code)
+	out := buf.String()
+	assert.Contains(t, out, "net/http: abort Handler")
+	assert.NotContains(t, out, "panic recovered")
+}
+
 func TestCustomRecoveryWithWriter(t *testing.T) {
 	errBuffer := new(strings.Builder)
 	buffer := new(strings.Builder)
@@ -156,7 +164,7 @@ func TestCustomRecoveryWithWriter(t *testing.T) {
 		panic("Oupps, Houston, we have a problem")
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/recovery")
+	w := PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 	assert.Contains(t, buffer.String(), "panic recovered")
@@ -167,7 +175,7 @@ func TestCustomRecoveryWithWriter(t *testing.T) {
 	// Debug mode prints the request
 	SetMode(DebugMode)
 	// RUN
-	w = PerformRequest(router, "GET", "/recovery")
+	w = PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 	assert.Contains(t, buffer.String(), "GET /recovery")
@@ -191,7 +199,7 @@ func TestCustomRecovery(t *testing.T) {
 		panic("Oupps, Houston, we have a problem")
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/recovery")
+	w := PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 	assert.Contains(t, buffer.String(), "panic recovered")
@@ -202,7 +210,7 @@ func TestCustomRecovery(t *testing.T) {
 	// Debug mode prints the request
 	SetMode(DebugMode)
 	// RUN
-	w = PerformRequest(router, "GET", "/recovery")
+	w = PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 	assert.Contains(t, buffer.String(), "GET /recovery")
@@ -226,7 +234,7 @@ func TestRecoveryWithWriterWithCustomRecovery(t *testing.T) {
 		panic("Oupps, Houston, we have a problem")
 	})
 	// RUN
-	w := PerformRequest(router, "GET", "/recovery")
+	w := PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 	assert.Contains(t, buffer.String(), "panic recovered")
@@ -237,7 +245,7 @@ func TestRecoveryWithWriterWithCustomRecovery(t *testing.T) {
 	// Debug mode prints the request
 	SetMode(DebugMode)
 	// RUN
-	w = PerformRequest(router, "GET", "/recovery")
+	w = PerformRequest(router, http.MethodGet, "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 	assert.Contains(t, buffer.String(), "GET /recovery")
@@ -246,3 +254,115 @@ func TestRecoveryWithWriterWithCustomRecovery(t *testing.T) {
 
 	SetMode(TestMode)
 }
+
+func TestSecureRequestDump(t *testing.T) {
+	tests := []struct {
+		name           string
+		req            *http.Request
+		wantContains   string
+		wantNotContain string
+	}{
+		{
+			name: "Authorization header standard case",
+			req: func() *http.Request {
+				r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+				r.Header.Set("Authorization", "Bearer secret-token")
+				return r
+			}(),
+			wantContains:   "Authorization: *",
+			wantNotContain: "Bearer secret-token",
+		},
+		{
+			name: "authorization header lowercase",
+			req: func() *http.Request {
+				r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+				r.Header.Set("authorization", "some-secret")
+				return r
+			}(),
+			wantContains:   "Authorization: *",
+			wantNotContain: "some-secret",
+		},
+		{
+			name: "Authorization header mixed case",
+			req: func() *http.Request {
+				r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+				r.Header.Set("AuThOrIzAtIoN", "token123")
+				return r
+			}(),
+			wantContains:   "Authorization: *",
+			wantNotContain: "token123",
+		},
+		{
+			name: "No Authorization header",
+			req: func() *http.Request {
+				r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+				r.Header.Set("Content-Type", "application/json")
+				return r
+			}(),
+			wantContains:   "",
+			wantNotContain: "Authorization: *",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := secureRequestDump(tt.req)
+			if tt.wantContains != "" && !strings.Contains(result, tt.wantContains) {
+				t.Errorf("maskHeaders() = %q, want contains %q", result, tt.wantContains)
+			}
+			if tt.wantNotContain != "" && strings.Contains(result, tt.wantNotContain) {
+				t.Errorf("maskHeaders() = %q, want NOT contain %q", result, tt.wantNotContain)
+			}
+		})
+	}
+}
+
+// TestReadNthLine tests the readNthLine function with various scenarios.
+func TestReadNthLine(t *testing.T) {
+	// Create a temporary test file
+	testContent := "line 0 \n line 1  \nline 2 \nline 3  \nline 4"
+	tempFile, err := os.CreateTemp("", "testfile*.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(tempFile.Name())
+
+	// Write test content to the temporary file
+	if _, err := tempFile.WriteString(testContent); err != nil {
+		t.Fatal(err)
+	}
+	if err := tempFile.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Test cases
+	tests := []struct {
+		name     string
+		lineNum  int
+		fileName string
+		want     string
+		wantErr  bool
+	}{
+		{name: "Read first line", lineNum: 0, fileName: tempFile.Name(), want: "line 0", wantErr: false},
+		{name: "Read middle line", lineNum: 2, fileName: tempFile.Name(), want: "line 2", wantErr: false},
+		{name: "Read last line", lineNum: 4, fileName: tempFile.Name(), want: "line 4", wantErr: false},
+		{name: "Line number exceeds file length", lineNum: 10, fileName: tempFile.Name(), want: "", wantErr: false},
+		{name: "Negative line number", lineNum: -1, fileName: tempFile.Name(), want: "", wantErr: false},
+		{name: "Non-existent file", lineNum: 1, fileName: "/non/existent/file.txt", want: "", wantErr: true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := readNthLine(tt.fileName, tt.lineNum)
+			assert.Equal(t, tt.wantErr, err != nil)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func BenchmarkStack(b *testing.B) {
+	b.ReportAllocs()
+	for b.Loop() {
+		_ = stack(stackSkip)
+	}
+}

render/any.go

@@ -1,10 +0,0 @@
-// Copyright 2021 Gin Core Team. All rights reserved.
-// Use of this source code is governed by a MIT style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.18
-// +build !go1.18
-
-package render
-
-type any = interface{}

render/html.go

@@ -7,6 +7,8 @@ package render
 import (
 	"html/template"
 	"net/http"
+
+	"github.com/gin-gonic/gin/internal/fs"
 )
 
 // Delims represents a set of Left and Right delimiters for HTML template rendering.
@@ -31,10 +33,12 @@ type HTMLProduction struct {
 
 // HTMLDebug contains template delims and pattern and function with file list.
 type HTMLDebug struct {
-	Files   []string
-	Glob    string
-	Delims  Delims
-	FuncMap template.FuncMap
+	Files      []string
+	Glob       string
+	FileSystem http.FileSystem
+	Patterns   []string
+	Delims     Delims
+	FuncMap    template.FuncMap
 }
 
 // HTML contains template reference and its name with given interface object.
@@ -63,6 +67,7 @@ func (r HTMLDebug) Instance(name string, data any) Render {
 		Data:     data,
 	}
 }
+
 func (r HTMLDebug) loadTemplate() *template.Template {
 	if r.FuncMap == nil {
 		r.FuncMap = template.FuncMap{}
@@ -73,7 +78,11 @@ func (r HTMLDebug) loadTemplate() *template.Template {
 	if r.Glob != "" {
 		return template.Must(template.New("").Delims(r.Delims.Left, r.Delims.Right).Funcs(r.FuncMap).ParseGlob(r.Glob))
 	}
-	panic("the HTML debug render was created without files or glob pattern")
+	if r.FileSystem != nil && len(r.Patterns) > 0 {
+		return template.Must(template.New("").Delims(r.Delims.Left, r.Delims.Right).Funcs(r.FuncMap).ParseFS(
+			fs.FileSystem{FileSystem: r.FileSystem}, r.Patterns...))
+	}
+	panic("the HTML debug render was created without files or glob pattern or file system with patterns")
 }
 
 // Render (HTML) executes template and writes its result with custom ContentType for response.

render/json.go

@@ -9,9 +9,10 @@ import (
 	"fmt"
 	"html/template"
 	"net/http"
+	"unicode"
 
+	"github.com/gin-gonic/gin/codec/json"
 	"github.com/gin-gonic/gin/internal/bytesconv"
-	"github.com/gin-gonic/gin/internal/json"
 )
 
 // JSON contains the given interface object.
@@ -65,7 +66,7 @@ func (r JSON) WriteContentType(w http.ResponseWriter) {
 // WriteJSON marshals the given interface object and writes it with custom ContentType.
 func WriteJSON(w http.ResponseWriter, obj any) error {
 	writeContentType(w, jsonContentType)
-	jsonBytes, err := json.Marshal(obj)
+	jsonBytes, err := json.API.Marshal(obj)
 	if err != nil {
 		return err
 	}
@@ -76,7 +77,7 @@ func WriteJSON(w http.ResponseWriter, obj any) error {
 // Render (IndentedJSON) marshals the given interface object and writes it with custom ContentType.
 func (r IndentedJSON) Render(w http.ResponseWriter) error {
 	r.WriteContentType(w)
-	jsonBytes, err := json.MarshalIndent(r.Data, "", "    ")
+	jsonBytes, err := json.API.MarshalIndent(r.Data, "", "    ")
 	if err != nil {
 		return err
 	}
@@ -92,7 +93,7 @@ func (r IndentedJSON) WriteContentType(w http.ResponseWriter) {
 // Render (SecureJSON) marshals the given interface object and writes it with custom ContentType.
 func (r SecureJSON) Render(w http.ResponseWriter) error {
 	r.WriteContentType(w)
-	jsonBytes, err := json.Marshal(r.Data)
+	jsonBytes, err := json.API.Marshal(r.Data)
 	if err != nil {
 		return err
 	}
@@ -115,7 +116,7 @@ func (r SecureJSON) WriteContentType(w http.ResponseWriter) {
 // Render (JsonpJSON) marshals the given interface object and writes it and its callback with custom ContentType.
 func (r JsonpJSON) Render(w http.ResponseWriter) (err error) {
 	r.WriteContentType(w)
-	ret, err := json.Marshal(r.Data)
+	ret, err := json.API.Marshal(r.Data)
 	if err != nil {
 		return err
 	}
@@ -151,20 +152,23 @@ func (r JsonpJSON) WriteContentType(w http.ResponseWriter) {
 }
 
 // Render (AsciiJSON) marshals the given interface object and writes it with custom ContentType.
-func (r AsciiJSON) Render(w http.ResponseWriter) (err error) {
+func (r AsciiJSON) Render(w http.ResponseWriter) error {
 	r.WriteContentType(w)
-	ret, err := json.Marshal(r.Data)
+	ret, err := json.API.Marshal(r.Data)
 	if err != nil {
 		return err
 	}
 
 	var buffer bytes.Buffer
+	escapeBuf := make([]byte, 0, 6) // Preallocate 6 bytes for Unicode escape sequences
+
 	for _, r := range bytesconv.BytesToString(ret) {
-		cvt := string(r)
-		if r >= 128 {
-			cvt = fmt.Sprintf("\\u%04x", int64(r))
+		if r > unicode.MaxASCII {
+			escapeBuf = fmt.Appendf(escapeBuf[:0], "\\u%04x", r) // Reuse escapeBuf
+			buffer.Write(escapeBuf)
+		} else {
+			buffer.WriteByte(byte(r))
 		}
-		buffer.WriteString(cvt)
 	}
 
 	_, err = w.Write(buffer.Bytes())
@@ -179,7 +183,7 @@ func (r AsciiJSON) WriteContentType(w http.ResponseWriter) {
 // Render (PureJSON) writes custom ContentType and encodes the given interface object.
 func (r PureJSON) Render(w http.ResponseWriter) error {
 	r.WriteContentType(w)
-	encoder := json.NewEncoder(w)
+	encoder := json.API.NewEncoder(w)
 	encoder.SetEscapeHTML(false)
 	return encoder.Encode(r.Data)
 }

render/msgpack.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !nomsgpack
-// +build !nomsgpack
 
 package render
 

render/reader.go

@@ -27,7 +27,7 @@ func (r Reader) Render(w http.ResponseWriter) (err error) {
 		}
 		r.Headers["Content-Length"] = strconv.FormatInt(r.ContentLength, 10)
 	}
-	r.writeHeaders(w, r.Headers)
+	r.writeHeaders(w)
 	_, err = io.Copy(w, r.Reader)
 	return
 }
@@ -37,10 +37,10 @@ func (r Reader) WriteContentType(w http.ResponseWriter) {
 	writeContentType(w, []string{r.ContentType})
 }
 
-// writeHeaders writes custom Header.
-func (r Reader) writeHeaders(w http.ResponseWriter, headers map[string]string) {
+// writeHeaders writes headers from r.Headers into response.
+func (r Reader) writeHeaders(w http.ResponseWriter) {
 	header := w.Header()
-	for k, v := range headers {
+	for k, v := range r.Headers {
 		if header.Get(k) == "" {
 			header.Set(k, v)
 		}

render/render.go

@@ -15,22 +15,22 @@ type Render interface {
 }
 
 var (
-	_ Render     = JSON{}
-	_ Render     = IndentedJSON{}
-	_ Render     = SecureJSON{}
-	_ Render     = JsonpJSON{}
-	_ Render     = XML{}
-	_ Render     = String{}
-	_ Render     = Redirect{}
-	_ Render     = Data{}
-	_ Render     = HTML{}
-	_ HTMLRender = HTMLDebug{}
-	_ HTMLRender = HTMLProduction{}
-	_ Render     = YAML{}
-	_ Render     = Reader{}
-	_ Render     = AsciiJSON{}
-	_ Render     = ProtoBuf{}
-	_ Render     = TOML{}
+	_ Render     = (*JSON)(nil)
+	_ Render     = (*IndentedJSON)(nil)
+	_ Render     = (*SecureJSON)(nil)
+	_ Render     = (*JsonpJSON)(nil)
+	_ Render     = (*XML)(nil)
+	_ Render     = (*String)(nil)
+	_ Render     = (*Redirect)(nil)
+	_ Render     = (*Data)(nil)
+	_ Render     = (*HTML)(nil)
+	_ HTMLRender = (*HTMLDebug)(nil)
+	_ HTMLRender = (*HTMLProduction)(nil)
+	_ Render     = (*YAML)(nil)
+	_ Render     = (*Reader)(nil)
+	_ Render     = (*AsciiJSON)(nil)
+	_ Render     = (*ProtoBuf)(nil)
+	_ Render     = (*TOML)(nil)
 )
 
 func writeContentType(w http.ResponseWriter, value []string) {

render/render_msgpack_test.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !nomsgpack
-// +build !nomsgpack
 
 package render
 
@@ -13,6 +12,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/ugorji/go/codec"
 )
 
@@ -30,7 +30,7 @@ func TestRenderMsgPack(t *testing.T) {
 
 	err := (MsgPack{data}).Render(w)
 
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	h := new(codec.MsgpackHandle)
 	assert.NotNil(t, h)
@@ -38,7 +38,7 @@ func TestRenderMsgPack(t *testing.T) {
 	assert.NotNil(t, buf)
 	err = codec.NewEncoder(buf, h).Encode(data)
 
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, w.Body.String(), buf.String())
 	assert.Equal(t, "application/msgpack; charset=utf-8", w.Header().Get("Content-Type"))
 }