Skip to content

Releases: gorilla/websocket

Minor new features and maintenance update

Choose a tag to compare

Minor new features and maintenance update



Choose a tag to compare

v1.4.2 is a minor maintenance release, with minor fixes to examples, documentation, and internals.

Note: We are still looking for proactive maintainer(s) and issue triagers. Thanks to all who contributed to this release with either PRs or reviews - especially @srybacki for the ongoing efforts here.



Choose a tag to compare

Notable Changes

⚠️ This release fixes a potential denial-of-service (DoS) vector in gorilla/websocket, and we recommend that all users upgrade to this version (v1.4.1) or later

The vulnerability could allow an attacker to consume excessive amounts of memory on the server by bypassing read limits, and potentially cause the server to go out-of-memory (OOM).

See the published security advisory for more details.

Credit to Max Justicz ( for discovering and reporting this, as well as providing a robust PoC and review.


c3e18be Create release-drafter.yml (#538)
5b740c2 Read Limit Fix (#537)
7e9819d fix typos (#532)
ae1634f Create CircleCI config.yml (#519)
80c2d40 fix autobahn test suite link (#503)
6a67f44 remove redundant err!=nil check in conn.go Close method (#505)
0ec3d1b Fix typo
856ca61 Add buffer commentary
7c8e298 Add support for go-module
8ab6030 Add JoinMessages
95ba29e Updated autobahn test suite URL
483fb8d Add "in bytes" to sizes in documentation
76e4896 Fix formatting problem in the docs. (#435)
a51a35a Improve header parsing code
3130e8d Return write buffer to pool on write error (#427)
cdd40f5 Add comprehensive host test (#429)


Choose a tag to compare

Note: This release drops support for Go versions prior to v1.7.

This release adds a new DialContext function, which supports cancellation via the context.Context.


66b9c49 Move context to first parameter in DialContext
a9dd6e8 miscellaneous cleanup
ceae452 Add context in the Dialer
b378cae Add write buffer pooling
5fb9417 drop Go versions prior to 1.7 in CI


Choose a tag to compare

Note: This will be the last release that supports Go 1.6 and earlier. Go 1.6 was released in February 2016. Features may be backported upon request, but we recommend users build their applications with the latest versions of Go wherever possible.


3ff3320 Improve server subprotocol documentation
5ed622c Update LICENSE file to reflect Google employee contributions.
c17c80c Merge pull request #385 from dottyjones/master
badcf87 Improve names in handshake deadline test
f90b62c Add test for handshake deadline
21ab95f Modify headers to match case used in RFC examples
cd94665 Minor fixes in comments
eb92580 Use net.Buffers to write multiple slices to connection
4835f71 Improve client default timeout code
8c40c0b Bump default handshake timetout to 45 seconds
196b8d0 Add a default handshake timeout of 5 seconds
e426f23 Sec-WebSocket-Protocol is capitalize instead of canonical
6656ddc add newline and remove extra space
0647012 Modify http status code to variable
f37d158 Travis config: add Go 1.10.x, revert 1.4.x to 1.4
2967b10 Use latest patch releases of Go
8fbc40b Simplify echo example client (#349)
4ac9097 Improve control message handler doc
91f589d Improve check origin documentation
292fd08 Replace "frame" with "message" in documentation
58729a2 Don't log 1006 error in chat example
d965e9a Handle no status in FormatCloseMessage
cdedf21 examples/chat/client.go: avoid allocating []byte{} for PingMessage (#312)
c55883f Add parseExtensions test case (#310)
b89020e Add SOCKS5 support
8c6cfd4 Improve bad handshake error text
2b58522 update
b648f20 Use ASCII case folding in same origin test
23059f2 Update with gofmt on tip
447c2df Compare request header tokens with ASCII case folding
aa5ed01 Improve control message handling documentation
7ca4275 More consistent error handling in doc
3da6ca0 Simplify and fix spelling errors in test files
71fa72d Replace parseURL() with net/url.Parse() (#290)
f918560 Improve NextWriter documentation
c908dc8 Typo fix
4201258 Merge pull request #286 from alaingilbert/patch-1
5755884 Add missing html tag in example/echo
6f34763 Add Go 1.9 to Travis config
a69d9f6 Merge branch 'updoc'
92f772e Misc cleanup
f4f69d2 implementing (some of) @garyburd's suggestions
462d5c5 Merge pull request #261 from kybin/master
1d375d5 distinguish Upgrader.Upgrade from Upgrade
7a8dacf doc: use ":=" when check error for conn.WriteMessage


Choose a tag to compare

v1.2.0 addresses client compression bugs, improves error messages surrounding HTTP Upgrade requests, and improves the safety around how bytes were masked.


ea4d1f6 Reduce memory used in chat example
a91eba7 Merge pull request #230 from FZambia/fix_client_compression
8dc1cf9 enable client compression based on response header
b258b4f Use bufio.Writer returned from hijack in upgrade
4873052 Fix formatting.
286b5c9 Use bufio.Reader returned from hijack in upgrade
3f3e394 Update cloneTLSConfig to use Go 1.8 Config.Clone method
9acaa68 Add Go 1.8 to Travis config
5ade364 Improve examples
804cb60 Prepared Messages (#211)
9bc973a Change text/template to html/template in the examples
c36f2fe Merge pull request #210 from nobuf/nobuf/update-doc-about-compression
1025138 Add code snippet for EnableCompression in doc.go, change EnableWriteCompression()'s parameter to false since enableWriteCompression is true by default.
4e4c8d0 Merge pull request #208 from FZambia/flate_write_pool_fix
ac61189 remove test as HuffmanOnly compression level not defined in Go < 1.7
eb45753 fix flate write pool size to work with best compression
0674c7c Improve upgrade error messages
2257eda Fix compile error on Go < 1.6
522f286 Fix to compile on Go < 1.6
b0dc455 Change default and add API for compression level
bb547c6 Improve SetXHandler documentation
561ac01 Merge pull request #205 from FZambia/compression_benchmarks
34e0535 benchmarks for write with compression enabled/disabled
1763434 Update compression documentation
adf16b3 Add safe maskBytes
5ddbd28 Merge branch 'compress'
6c51b25 Compression improvements
404e6b1 Merge pull request #199 from AndrienkoAleksandr/master
0e7877a Fix up for command example.
2db2f66 pool flate readers


Choose a tag to compare


First release

Choose a tag to compare
Handle invalid close frames

Send protocol error if close code or payload are invalid.

Fixes Autobahn tests 7.5.1, 7.9.*.