Skip to content

build(deps): bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo#1253

Merged
giortzisg merged 1 commit intomasterfrom
dependabot/go_modules/echo/github.com/labstack/echo/v5-5.0.3
Apr 20, 2026
Merged

build(deps): bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo#1253
giortzisg merged 1 commit intomasterfrom
dependabot/go_modules/echo/github.com/labstack/echo/v5-5.0.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps github.com/labstack/echo/v5 from 5.0.0 to 5.0.3.

Release notes

Sourced from github.com/labstack/echo/v5's releases.

v5.0.3 security (static middleware directory traversal under Windows)

Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21 (labstack/echo#2891).

This applies to cases when:

  • Windows is used as OS
  • middleware.StaticConfig.Filesystem is nil (default)
  • echo.Filesystem is has not been set explicitly (default)

Full Changelog: labstack/echo@v5.0.2...v5.0.3

v5.0.2 security (static middleware folder browsing)

Security

  • Fix Static middleware when folder browsing is enabled (config.Browse=true , defaults to false) lists all files/subfolders from config.Filesystem root folder and not starting from config.Root and requested folder in labstack/echo#2887 . Reported by @​shblue21 in labstack/echo#2886

Full Changelog: labstack/echo@v5.0.1...v5.0.2

v5.0.1 small fixes

What's Changed

New Contributors

Full Changelog: labstack/echo@v5.0.0...v5.0.1

Changelog

Sourced from github.com/labstack/echo/v5's changelog.

v5.0.3 - 2026-02-06

Security

  • Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21.

This applies to cases when:

  • Windows is used as OS
  • middleware.StaticConfig.Filesystem is nil (default)
  • echo.Filesystem is has not been set explicitly (default)

Exposure is restricted to the active process working directory and its subfolders.

v5.0.2 - 2026-02-02

Security

  • Fix Static middleware with config.Browse=true lists all files/subfolders from config.Filesystem root and not starting from config.Root in labstack/echo#2887

v5.0.1 - 2026-01-28

Commits
  • b1d4430 Merge pull request #2891 from aldas/fix_staticmw
  • 48f25a6 Fix test reporting different size due Windows / Linux line ending inconsisten...
  • 6c16259 Fix directory traversal vulnerability under Windows in Static middleware when...
  • 88d975a Fix directory traversal vulnerability under Windows in Static middleware when...
  • 09ccfba Fill c.Request().Pattern field with route path to help standard library based...
  • 68aaf3a Changelog for version 5.0.2
  • 26ec148 security (static middleware): fix bowser=true listing all file names from giv...
  • ba10490 Merge pull request #2880 from aldas/changelog_501
  • 0954d6e Changelog for v5.0.1 release
  • 8e4c91f Create SECURITY.md
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Go SDK labels Apr 8, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 8, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

Breaking Changes 🛠

  • Update compatibility policy to align with Go, supporting only the last two major Go versions. by giortzisg in #1264
  • Drop support for Go 1.24 by giortzisg in #1264

Internal Changes 🔧

Deps

  • Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by dependabot[bot] in #1253
  • Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest by dependabot in #1272
  • Bump golangci-lint action from 2.1.1 to 2.11.4 by giortzisg in #1265
  • Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by dependabot in #1256
  • Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 in /otel/otlp by dependabot in #1255

Other

  • Add crosstest package by giortzisg in #1269
  • Add sentrytest package by giortzisg in #1267

🤖 This preview updates automatically when you update the PR.

@dependabot dependabot Bot force-pushed the dependabot/go_modules/echo/github.com/labstack/echo/v5-5.0.3 branch 2 times, most recently from c891fd9 to 8b30a6a Compare April 13, 2026 08:56
@dependabot
build(deps): bump github.com/labstack/echo/v5 in /echo
06eebc6 
Bumps [github.com/labstack/echo/v5](https://github.com/labstack/echo) from 5.0.0 to 5.0.3.
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](labstack/echo@v5.0.0...v5.0.3)

---
updated-dependencies:
- dependency-name: github.com/labstack/echo/v5
  dependency-version: 5.0.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/echo/github.com/labstack/echo/v5-5.0.3 branch from 8b30a6a to 06eebc6 Compare April 20, 2026 08:14
@giortzisg giortzisg merged commit 1ecdc28 into master Apr 20, 2026
16 checks passed
@giortzisg giortzisg deleted the dependabot/go_modules/echo/github.com/labstack/echo/v5-5.0.3 branch April 20, 2026 08:20
This was referenced Apr 21, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giortzisg giortzisg giortzisg approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file Go SDK

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@giortzisg