gin-gonic/gin v1.11.0 → v1.12.0

Release v1.12.0 adds a broad set of user-facing features across binding, context, routing, rendering, and logging. It also includes a handful of fixes that clean up edge cases in request handling, response behavior, and route matching.

What's new

  • Gin now supports encoding.TextUnmarshaler in URI and query binding through an opt-in parser tag. That lets types with UnmarshalText participate in binding without adding Gin-specific interfaces, and it stays backwards-compatible because the new parser is only enabled when requested (#4203).
  • Context gains GetError and GetErrorSlice for type-safe retrieval of stored errors. These methods make it easier to collect and propagate middleware errors without manual type assertions (#4502).
  • Protocol Buffers content negotiation is now available through Context.Negotiate, so API clients can receive protobuf-encoded responses when that format is selected (#4423).
  • Context.Delete is now implemented, giving handlers a direct way to remove values from the context (#4196).
  • Gin adds UseEscapedPath on Engine, which uses url.EscapedPath() when resolving route parameters. This is aimed at cases where %252F and similar escaped paths need to be handled without falling back to the unescaped path (#4420).
  • The logger can now color latency output based on request timing, and it also adds an option to skip query string output in logs when you do not want query parameters recorded (#4146, #4547).
  • The render package now supports BSON and PDF responses. BSON support adds a new body encoding/decoding path, and the PDF renderer writes raw PDF bytes with the correct Content-Type (#4145, #4491).

Breaking changes

  • Gin now requires Go 1.25 or later. CI support for Go 1.24 was removed, and the docs were updated to match (#4550).

Fixes

  • Empty form slices and arrays now handle defaults correctly instead of panicking or reporting empty-value errors in cases that should bind cleanly (#4380, #2169).
  • Context.ClientIP now handles multiple X-Forwarded-For header values correctly by combining them before validation (#4472).
  • Literal colon routes now work when using engine.Handler() or serving Gin directly as an http.Handler (#4415).
  • gin.Recovery no longer logs http.ErrAbortHandler as an application error, which keeps expected aborts out of the panic log (#4336).
  • RunFd now closes the os.File it creates, avoiding a file descriptor leak (#4422).
  • ResponseWriter hijack behavior is tighter and clearer: hijacking is allowed after headers are written, but blocked after body data has been sent (#4373).
  • Data.Render now writes Content-Length correctly for larger responses (#4206).
  • findCaseInsensitivePathRec no longer panics when RedirectFixedPath is enabled and a route lookup misses (#4535).

Other notable changes

  • The minimum supported Go version was bumped to 1.24 earlier in the release cycle, and later the project moved to Go 1.25+ support across CI and docs (#4388, #4550).
  • Several path and stack-trace internals were optimized, including redirect trailing slash handling, case-insensitive path lookup, and stack line reading (#4414, #4417, #4466).
  • Gin’s CI now uses Trivy-based vulnerability scanning, with scheduled scans and Security tab output (#4421, #4439).
  • The bundled BSON driver dependency was upgraded to mongo-driver v2 (#4549).

Contributors

@takanuva15 @raju-mechatronics @1911860538 @Spyder01 @ldesauw @wsyqn6 @laurentcau @guonaihong @Nurysso @zeek0x @appleboy @MondayCha @dengaleev @pawannn @Twacqwq @veeceey @mahanadh @USA-RedDragon @WeidiDeng @BobDu

Only the most active 50 of 100 merged PRs were included. See the full compare view.

View on GitHub →