Skip to content

dotweb v1.8.3 Release, includes Redis client migration, security updates, and bug fixes

Latest
Latest

Choose a tag to compare

View all tags
@devfeel devfeel released this 10 Mar 11:02
v1.8.3
d5bf658
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

dotweb v1.8.3 Release Notes

Overview

dotweb v1.8.3 is now available! This release includes Redis client migration, security updates, and bug fixes.

What's Changed

New Features

Redis Client Migration (v1.8.2)

Item Old New
Redis Client redigo (deprecated) go-redis/v9

Impact: Internal implementation changed, API fully compatible

// No code changes required
// New features:
// - Connection pool management (MinIdleConns, PoolSize)
// - Context support

Security Updates (v1.8.2)

Fixed 12 Go standard library vulnerabilities:

CVE Component
GO-2026-4341 net/url
GO-2026-4340 crypto/tls
GO-2026-4337 crypto/tls
GO-2025-4175 crypto/x509
GO-2025-4155 crypto/x509
GO-2025-4013 crypto/x509
GO-2025-4012 net/http
GO-2025-4011 encoding/asn1
GO-2025-4010 net/url
GO-2025-4009 encoding/pem
GO-2025-4008 crypto/tls
GO-2025-4007 crypto/x509

Bug Fixes (v1.8.3)

Fix Description
Incr/Decr lock leak Use defer Unlock to prevent deadlock
Race conditions Passed race detection tests

CI/CD Enhancements

Item Change
golangci-lint Added code quality checks
Security scan Added weekly security scanning workflow

Breaking Changes

Change Impact
Go minimum version 1.22 - 1.24

WARNING: Warning: Go < 1.24 contains known vulnerabilities

Upgrade Guide

1. Update Go Version

# Minimum required: Go 1.24
go version  # Ensure >= 1.24

2. Update Dependency

go get -u github.com/devfeel/dotweb

3. Update Redis Dependency (if needed)

// Remove old dependency (deprecated)
// github.com/garyburd/redigo v1.6.0

// New dependency (included in dotweb)
github.com/redis/go-redis/v9 v9.18.0

4. Verify

go build ./...
go test ./...

Compatibility

Type Compatibility
Public API Fully compatible
Redis Cache Compatible with existing config
Session Store Compatible with existing config
Config Files No changes needed

Notes

  1. Go Version Required: Must use Go 1.24+
  2. Security Warning: Go < 1.24 has known vulnerabilities
  3. Redis Config: If using external Redis, ensure network accessibility

Related Links

Assets 2
Loading