Download Latest Version v2.52.14 source code.zip (989.5 kB)
Email in envelope

Get an email when there's a new version of Fiber

Home / v3.3.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-05-22 6.6 kB
v3.3.0 source code.tar.gz 2026-05-22 825.1 kB
v3.3.0 source code.zip 2026-05-22 1.0 MB
Totals: 3 Items   1.9 MB 0

πŸš€ New

  • Add support for configuring the Regex engine on the router (#4254) Swap the compiler used for regex() route constraints. Assign a drop-in engine such as coregex.MustCompile for faster matching;Fiber reuses the compiled matcher across requests. go app := fiber.New(fiber.Config{ RegexHandler: coregex.MustCompile, // default: regexp.MustCompile }) https://docs.gofiber.io/api/fiber#regexhandler
  • Host auth middleware (#4199) New hostauthorization middleware that validates the incoming Host header against an allowlist (exact host, .subdomain wildcard, CIDR range) to protect against DNS rebinding attacks. go app.Use(hostauthorization.New(hostauthorization.Config{ AllowedHosts: []string{"api.myapp.com", ".myapp.com", "10.0.0.0/8"}, })) https://docs.gofiber.io/middleware/hostauthorization
  • Delegate implementation to fasthttp/prefork (#4210) Prefork now delegates to fasthttp's prefork package and adds PreforkRecoverThreshold (max child restarts before the master exits) and PreforkLogger to ListenConfig. https://docs.gofiber.io/api/fiber#preforkrecoverthreshold
  • Add support for contextual logs (#4241) Render request-scoped fields in log.WithContext(c) by configuring a template with log.SetContextTemplate, reusing the middleware/logger engine (including ${value:key} for arbitrary context values). ```go log.MustSetContextTemplate(log.ContextConfig{Format: log.RequestIDFormat})

app.Get("/", func(c fiber.Ctx) error { log.WithContext(c).Info("start") // renders the request id return c.SendString("ok") }) ``` https://docs.gofiber.io/api/log#bind-context

  • Add storage backed SharedState for prefork applications (#4243) A prefork-safe, storage-backed key/value store via app.SharedState() for data shared across workers/processes, with JSON/MsgPack/CBOR/XML helpers and automatic key namespacing. app.State() stays process-local. go app := fiber.New(fiber.Config{ SharedStorage: redis.New(), // any fiber.Storage shared across workers }) app.SharedState().SetJSON("config", cfg, 0) https://docs.gofiber.io/api/state#sharedstate-prefork-safe
  • Add lightweight SSE middleware (#4239) A Fiber-native middleware/sse for Server-Sent Events: SSE headers, event/comment/retry frames, per-write flushing, heartbeats, Last-Event-ID access, and disconnect detection via stream.Context(). go app.Get("/events", sse.New(sse.Config{ Handler: func(c fiber.Ctx, stream *sse.Stream) error { return stream.Event(sse.Event{Name: "message", Data: fiber.Map{"message": "hello"}}) }, })) https://docs.gofiber.io/middleware/sse

🧹 Updates

  • Add prefixes to unexported boolean fields (#4300)
  • Improve error messages in SaveFileToStorage (#4173)
  • Streamline request handler selection and context management for improved performance (#4233)

πŸ› Fixes

  • Preserve mounted sub-app regex handler during mount prefixing (#4308)
  • Trim only one trailing dot in host normalization (#4307)
  • Reject oversized unknown-length adaptor request bodies (#4306)
  • Fix compress middleware's shouldSkip method to avoid memory growth (#4284)
  • Reject malformed host authorities in hostauthorization (#4293)
  • Synchronize view reloads with template rendering (#4288)
  • Avoid panic for non-struct listeners in TLS config discovery (#4305)
  • Clear plaintext cookie when encryption fails (#4303)
  • Fix regex route constraint parsing with literal > (#4292)
  • Reject empty normalized host before dynamic matching (#4291)
  • Preserve idempotency replay protection for oversized responses (#4287)
  • Enforce CookieJar domain acceptance and host-only cookie matching (#4282)
  • Avoid panic when reading released Fiber context values (#4271)
  • Enforce static root for fs-backed directory serving (#4277)
  • Prevent negative paginate start overflow (#4272)
  • Prevent SharedState namespace key collisions (#4274)
  • Copy FullURL string before returning pooled buffer (#4275)
  • Enforce paginate sort allowlist when AllowedSorts is unset (#4276)
  • Validate and safely apply workflow version updates (#4273)
  • Close BodyStream in adaptor FiberHandler streaming path (#4267)
  • Prevent panic when MsgPack is not configured (#4268)
  • Keep IsFromLocal loopback-only and add unix-socket helper (#4270)
  • Prevent panic when CBOR is not explicitly configured (#4269)
  • Guard session logger tag against released middleware (#4265)
  • Add X-Real-IP protection to Forward and DomainForward variants (#4261)
  • Ensure BalancerForward overwrites X-Real-IP header (#4260)
  • Add test coverage for multipart BodyLimit error handling (#4237)
  • Improve error propagation in Express-style handler (#4250)
  • Remove SSE Next and clarify SSE handler docs (#4247)
  • BasicAuth verifier for unknown users (#4245)

πŸ› οΈ Maintenance

13 changes - bump github.com/shamaton/msgpack/v3 from 3.1.1 to 3.1.2 (#4296) - bump codecov/codecov-action from 6.0.0 to 6.0.1 (#4294) - bump actions/add-to-project from 1.0.2 to 2.0.0 (#4256) - bump github.com/shamaton/msgpack/v3 from 3.1.0 to 3.1.1 (#4281) - bump the golang-modules group with 3 updates (#4278) - bump golang.org/x/sys from 0.43.0 to 0.44.0 in the golang-modules group (#4262) - bump DavidAnson/markdownlint-cli2-action from 23.1.0 to 23.2.0 (#4259) - bump benchmark-action/github-action-benchmark from 1.22.0 to 1.22.1 (#4258) - bump github.com/valyala/fasthttp from 1.70.0 to 1.71.0 in the fasthttp-modules group (#4255) - bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (#4249) - bump DavidAnson/markdownlint-cli2-action from 23.0.0 to 23.1.0 (#4246) - bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22 (#4242)

πŸ“š Documentation

  • Fix invalid RouteChain method chaining example (#4304)
  • Harden reverse proxy X-Forwarded-For example (#4266)
  • Correct fasthttpctx Done semantics in context guide (#4264)
  • Clarify ${bytesSent} behavior in logger middleware (#4251)
  • Clarify prefork security model and OS-specific socket behavior (#4240)

πŸ“’ Documentation: https://docs.gofiber.io/next/

πŸ’¬ Discord: https://gofiber.io/discord

Full Changelog: https://github.com/gofiber/fiber/compare/v3.2.0...v3.3.0

Thank you @ReneWerner87, @elton-peixoto-lu, @gaby, @gtoxlili, @lyyvalhalla, @mutantkeyboard, @pageton and @pratikramteke for making this release possible.

Source: README.md, updated 2026-05-22