A fleet of adversarial test agents (load, fuzz, injection, leak, security) probed every subsystem like a real attacker. This release ships the root-cause fixes plus extensive new regression/fuzz/stress tests.
Critical fixes
- web: panicking handler returned an empty
200instead of500— recovery now writes the 500. - web/router:
Get("/")crashednet/httpat startup — fixed empty-prefix path join. - admin: panel was open by default → now fail-closed (no
Authorizer= 403); addedWithInsecureAllowAll()opt-in. Runtime behavior change. - validation: data race on the global regex cache →
sync.RWMutex. - openapi: stack overflow on recursive types → inline cycle guard.
High / medium fixes
- query: operator injection via
Where(col,op,val)→ operator whitelist + strict column quoting. - realtime: goroutine flood under broadcast storms to a slow consumer → single CAS-guarded teardown.
- telescope: unbounded N+1 map → FIFO cap; added
RequireBasicAuth. - process: timeout leaked the child process tree → process-group kill.
- cache: thundering herd in
Remember→ per-key single-flight; tighter TTL sweep.
Production safety
- graphql: configurable DoS limits (depth/nodes/aliases/bytes/tokens) + introspection toggle.
Handler(cs, ...Option)backward-compatible. - New fuzz/stress/injection/security suites across the framework.
- drivers/redis: tests no longer need a live server.
Quality
go test -race green (55 packages) · go vet + gofmt clean · govulncheck: no vulnerabilities.
Authorizer, add one (production) or admin.WithInsecureAllowAll() (local) — it is now fail-closed.