Release notes - UniPDF v4.10.0

This release contains new features, improvements, and bug fixes

• US-1358 High level function for PdfField.GetProperties() to get the form field properties
• US-1423 Capability to access Chapter info from header/footer generator
• US-1438 Text extraction grid mode

• US-1468 Add line height as a property of TextChunk
• US-1416 Make PDF font subset prefix deterministic to ensure reproducible output
• US-1398 Improve benchmark CI to auto-trigger in a release PR

• US-1384 PERF-02: Upgrade PdfObjectDictionary to sync.RWMutex
• US-1405 PERF-04: Use existing buffer pool in parser hot paths
• US-1406 PERF-05: Pool image decode buffers in encoders
• US-1409 PERF-08: Fix O(n²) removeWord in text extractor
• US-1433 PERF-12: Persist font cache across pages in renderer
• US-1463 PERF-15: Eliminate copyObjects() in PdfWriter
• US-1464 PERF-16: Optimize PdfAppender change detection
• US-1465 PERF-17: Streaming filter pipeline in core/encoding.go
• US-1466 PERF-18: Deduplicate streams during merge
• US-1436 PERF-20: Replace pixel loop in Image.Crop() with draw.Draw

• US-1383 PERF-01: PdfObjectDictionary.Remove() Race Condition fix
• US-1395 Fix and extend PDF object comparison methods
• US-1419 Benchmark CI ran every time the PR has new comment fix
• US-1420 Logging could causes huge memory usages fix
• US-1446 Renderer panics with index out of range on a PDF with a subsetted embedded font fix
• US-1453 Undetected regression in text shaping result fix
• US-1484 US-1444 mis-renders embedded TrueType subset fonts whose only cmap subtable is on Unicode platform 0 (PID=0) fix

• Add Garble obfuscation support (#4563): stable binding method IDs, build/Taskfile plumbing (build --obfuscated --garbleargs, generate bindings -obfuscated), and JSON struct tags on every runtime-facing payload (EnvironmentInfo, OSInfo, Screen, Rect, Point, Size, Capabilities) so the wire format survives Garble's exported-field renaming.

🤖 This is an automated nightly release generated from the latest changes on master.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.96

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

• fcf494080fd52c55c498794a0460081cca311ce4 Add DNS provider for Connbyte (#3042)
• 1a66c8c5509875594eb75e61ff410a64fa50fcbb Add DNS provider for Dynadot (#3125)
• bdc22886ff62bc0b9b4f2d091c2621bb763f92cb dnsupdate: fix IPv6 nameserver parsing (#3094)
• f9f9645cf7be7d399c025ec596484263eb9f963a docs: fix templates (#3099)
• a4e8babd2353d0945d597ec3b2582e24d7f0563b docs: fix typos
• 2fdd9d94ff1c5452bee62dcc54c1dc570dd5f379 docs: improve commands reference (#3097)
• 723b0e8d0e1b8a628e1b1cfc3935dfe24f095eb6 docs: improve hooks documentation (#3098)
• 66bfcf673bfdf6bebc284bf5c337f71c5329a5ab docs: improve references and explanations (#3096)
• e8396c2d7489044673050e4778c65d96119b3a2e docs: improve root command description (#3130)
• c36fe678f733ee1011067a27ab6c671d63e44380 feat: use config file for list related commands (#3128)
• 125cd01b001e9a8b6074c9c9cc04e4cab50a316e fix(cfg): server shortcode evaluation (#3124)
• ab3f24830f79992fe9bfc0263ab6fd889f7ee9d0 fix: ignore ARI and random sleep if SANs changed (#3108)
• d2100f40606a598430764d109bcaa9c07421f6de fix: improve env file parsing on Windows (#3126)
• f9debb5be2d4eb13ad6044e524220b12ee3b054c simply: update API client implementation (#3113)
• 2c08955bc660f0ca5c6e23347f2208f02e64ff86 stackpath: provider deprecation (#3116)
• 012a2c1e019005d07b8c9eff7f7996eb44d848f6 timewebcloud: update API client to new API version (#3120)

• Add support for configuring the Regex engine on the router (#4254) Swap the compiler used for regex() route constraints. Assign a drop-in engine such as coregex.MustCompile for faster matching;Fiber reuses the compiled matcher across requests.

  app := fiber.New(fiber.Config{
      RegexHandler: coregex.MustCompile, // default: regexp.MustCompile
  })

  https://docs.gofiber.io/api/fiber#regexhandler
• Host auth middleware (#4199) New hostauthorization middleware that validates the incoming Host header against an allowlist (exact host, .subdomain wildcard, CIDR range) to protect against DNS rebinding attacks.

  app.Use(hostauthorization.New(hostauthorization.Config{
      AllowedHosts: []string{"api.myapp.com", ".myapp.com", "10.0.0.0/8"},
  }))

  https://docs.gofiber.io/middleware/hostauthorization
• Delegate implementation to fasthttp/prefork (#4210) Prefork now delegates to fasthttp's prefork package and adds PreforkRecoverThreshold (max child restarts before the master exits) and PreforkLogger to ListenConfig. https://docs.gofiber.io/api/fiber#preforkrecoverthreshold
• Add support for contextual logs (#4241) Render request-scoped fields in log.WithContext(c) by configuring a template with log.SetContextTemplate, reusing the middleware/logger engine (including ${value:key} for arbitrary context values).

  log.MustSetContextTemplate(log.ContextConfig{Format: log.RequestIDFormat})
  
  app.Get("/", func(c fiber.Ctx) error {
      log.WithContext(c).Info("start") // renders the request id
      return c.SendString("ok")
  })

  https://docs.gofiber.io/api/log#bind-context
• Add storage backed SharedState for prefork applications (#4243) A prefork-safe, storage-backed key/value store via app.SharedState() for data shared across workers/processes, with JSON/MsgPack/CBOR/XML helpers and automatic key namespacing. app.State() stays process-local.

  app := fiber.New(fiber.Config{
      SharedStorage: redis.New(), // any fiber.Storage shared across workers
  })
  app.SharedState().SetJSON("config", cfg, 0)

  https://docs.gofiber.io/api/state#sharedstate-prefork-safe
• Add lightweight SSE middleware (#4239) A Fiber-native middleware/sse for Server-Sent Events: SSE headers, event/comment/retry frames, per-write flushing, heartbeats, Last-Event-ID access, and disconnect detection via stream.Context().

  app.Get("/events", sse.New(sse.Config{
      Handler: func(c fiber.Ctx, stream *sse.Stream) error {
          return stream.Event(sse.Event{Name: "message", Data: fiber.Map{"message": "hello"}})
      },
  }))

  https://docs.gofiber.io/middleware/sse

• Add prefixes to unexported boolean fields (#4300)
• Improve error messages in SaveFileToStorage (#4173)
• Streamline request handler selection and context management for improved performance (#4233)

• Preserve mounted sub-app regex handler during mount prefixing (#4308)
• Trim only one trailing dot in host normalization (#4307)
• Reject oversized unknown-length adaptor request bodies (#4306)
• Fix compress middleware's shouldSkip method to avoid memory growth (#4284)
• Reject malformed host authorities in hostauthorization (#4293)
• Synchronize view reloads with template rendering (#4288)
• Avoid panic for non-struct listeners in TLS config discovery (#4305)
• Clear plaintext cookie when encryption fails (#4303)
• Fix regex route constraint parsing with literal > (#4292)
• Reject empty normalized host before dynamic matching (#4291)
• Preserve idempotency replay protection for oversized responses (#4287)
• Enforce CookieJar domain acceptance and host-only cookie matching (#4282)
• Avoid panic when reading released Fiber context values (#4271)
• Enforce static root for fs-backed directory serving (#4277)
• Prevent negative paginate start overflow (#4272)
• Prevent SharedState namespace key collisions (#4274)
• Copy FullURL string before returning pooled buffer (#4275)
• Enforce paginate sort allowlist when AllowedSorts is unset (#4276)
• Validate and safely apply workflow version updates (#4273)
• Close BodyStream in adaptor FiberHandler streaming path (#4267)
• Prevent panic when MsgPack is not configured (#4268)
• Keep IsFromLocal loopback-only and add unix-socket helper (#4270)
• Prevent panic when CBOR is not explicitly configured (#4269)
• Guard session logger tag against released middleware (#4265)
• Add X-Real-IP protection to Forward and DomainForward variants (#4261)
• Ensure BalancerForward overwrites X-Real-IP header (#4260)
• Add test coverage for multipart BodyLimit error handling (#4237)
• Improve error propagation in Express-style handler (#4250)
• Remove SSE Next and clarify SSE handler docs (#4247)
• BasicAuth verifier for unknown users (#4245)

• Fix invalid RouteChain method chaining example (#4304)
• Harden reverse proxy X-Forwarded-For example (#4266)
• Correct fasthttpctx Done semantics in context guide (#4264)
• Clarify ${bytesSent} behavior in logger middleware (#4251)
• Clarify prefork security model and OS-specific socket behavior (#4240)

📒 Documentation: https://docs.gofiber.io/next/

💬 Discord: https://gofiber.io/discord

Full Changelog: https://github.com/gofiber/fiber/compare/v3.2.0...v3.3.0

Thank you @ReneWerner87, @elton-peixoto-lu, @gaby, @gtoxlili, @lyyvalhalla, @mutantkeyboard, @pageton and @pratikramteke for making this release possible.

• Added missing project structure page

• Docs: Change to a couple of diagrams on architecture page to use sequence diagram for cleaner display
• Docs: Include note about installing D2 as a prerequisite for running

• Fix wails3 generate appimage on the GTK4 default: the bundler now detects the GTK stack from the binary before searching for runtime files, so it picks libwebkitgtkinjectedbundle.so (under webkitgtk-6.0/) for GTK4 builds and libwebkit2gtkinjectedbundle.so (under webkit2gtk-4.1/) for -tags gtk3 builds. The .relr.dyn probe also checks libgtk-4.so.1 so stripping is correctly disabled on modern toolchains regardless of stack. (#5475)
• Fix wails3 generate appimage failing when invoked with a relative -builddir: the bundler now resolves -binary, -icon, -desktopfile, -builddir and -outputdir to absolute paths up-front so the mid-flow s.CD doesn't break the AppRun download goroutine or the post-copy ldd probe.
• Fix wails3 generate appimage failing to move the final AppImage to -outputdir when the desktop Name= field doesn't match the binary basename: the bundler now forces linuxdeploy's appimage plugin (via the OUTPUT env var) to write the AppImage to <binary>-<arch>.AppImage instead of the name derived from the desktop file.
• Fix events.Common.ApplicationStarted, Common.ThemeChanged, Common.SystemWillSleep and Common.SystemDidWake not firing on Linux after the GTK4 + WebKitGTK 6.0 stack was promoted to the default in alpha.93. The new default application_linux.go run() wasn't calling setupCommonEvents() (which forwards Linux.* events to their Common.* counterparts) or monitorPowerEvents(). The DBus power-monitor helper is now shared between the GTK3 and GTK4 build paths via application_linux_dbus.go. (#5474)

🤖 This is an automated nightly release generated from the latest changes on master.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.95

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

• Fix events.Common.ApplicationStarted, Common.ThemeChanged, Common.SystemWillSleep and Common.SystemDidWake not firing on Linux after the GTK4 + WebKitGTK 6.0 stack was promoted to the default in alpha.93. The new default application_linux.go run() wasn't calling setupCommonEvents() (which forwards Linux.* events to their Common.* counterparts) or monitorPowerEvents(). The DBus power-monitor helper is now shared between the GTK3 and GTK4 build paths via application_linux_dbus.go. (#5474)

🤖 This is an automated nightly release generated from the latest changes on master.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.94

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

• fix(consumer): decouple FetchRequest.MaxBytes from MaxResponseSize by @dnwe in https://github.com/IBM/sarama/pull/3538

• feat(consumer): warn on sustained partition retries by @dnwe in https://github.com/IBM/sarama/pull/3535
• feat(producer): add Produce v8 request/response support by @dnwe in https://github.com/IBM/sarama/pull/3540
• feat(consumer): cap partition consumer retries by @dnwe in https://github.com/IBM/sarama/pull/3539
• feat: support FindCoordinator V3 protocol by @hindessm in https://github.com/IBM/sarama/pull/3544
• feat: support describe acls v2 by @hindessm in https://github.com/IBM/sarama/pull/3548
• feat: support create acls v2 by @hindessm in https://github.com/IBM/sarama/pull/3549
• feat: support delete acls v2 by @hindessm in https://github.com/IBM/sarama/pull/3550
• feat: support sasl authenticate v2 by @hindessm in https://github.com/IBM/sarama/pull/3551
• feat: support create partitions v2 by @hindessm in https://github.com/IBM/sarama/pull/3554
• feat: support join group v7 by @hindessm in https://github.com/IBM/sarama/pull/3555

• fix: flexible decoder out-of-bounds panic by @hindessm in https://github.com/IBM/sarama/pull/3543
• fix(consumer): size partial-batch retry correctly by @dnwe in https://github.com/IBM/sarama/pull/3541
• feat(consumer): add OffsetCommit v8 request/response support by @dnwe in https://github.com/IBM/sarama/pull/3545
• fix: decode nullable ACL describe error messages by @dnwe in https://github.com/IBM/sarama/pull/3552
• fix(consumer): lease preferred read replicas by @dnwe in https://github.com/IBM/sarama/pull/3553
• fix(producer): honour Retry.Backoff in idempotent retryBatch by @dnwe in https://github.com/IBM/sarama/pull/3557

• chore: better bounds checking by @hindessm in https://github.com/IBM/sarama/pull/3546
• chore: bump deps in ./examples tree by @dnwe in https://github.com/IBM/sarama/pull/3558
• docs: add AlterPartitionReassignments example and functional test by @dnwe in https://github.com/IBM/sarama/pull/3556

Full Changelog: https://github.com/IBM/sarama/compare/v1.48.2...v1.49.0

This release has quite a number of bug fixes, but it also introduces some substantial new capabilities. Mostly the new support for advanced key reporting, along with backing support in the mouse demo, and enhanced configurability and overrides both for the application and for the user (environment variables).

This also replaces the old WASM terminal with a new version based on the libghostty implementation. This should be much faster, and nicer to work with, with a larger set of full features such as advanced key reporting, better support for resizing, etc.

• fix: possible panic in getConsoleInput if no event returned by @AntoineGS in https://github.com/gdamore/tcell/pull/1068
• Sanitize titles and notifications (fixes #1066) by @gdamore in https://github.com/gdamore/tcell/pull/1069
• feat: Optionally sanitize content before putting to the terminal (fix… by @gdamore in https://github.com/gdamore/tcell/pull/1071
• feat: Add reporting of keyboard protocol (fixes #967) by @gdamore in https://github.com/gdamore/tcell/pull/1073
• C1 handling improvements by @gdamore in https://github.com/gdamore/tcell/pull/1074
• feat(keys): Add support for advanced key reporting by @gdamore in https://github.com/gdamore/tcell/pull/1075
• feat(wasm): Introduce ghostty-wasm as backing WASM terminal (fixes #7… by @gdamore in https://github.com/gdamore/tcell/pull/1076
• fix: close OSC8 hyperlinks (fixes #1078) by @gdamore in https://github.com/gdamore/tcell/pull/1080
• feat: KeyBacktab updates for advanced mode (fixes #1018) by @gdamore in https://github.com/gdamore/tcell/pull/1081
• feat: support pixel-precision mouse reporting (CSI ?1016h) by @ImGajeed76 in https://github.com/gdamore/tcell/pull/1077
• fix(input): accept Unicode modifyOtherKeys codepoints by @ayn2op in https://github.com/gdamore/tcell/pull/1083
• Fix reporting of key releases by @tihirvon in https://github.com/gdamore/tcell/pull/1088
• chore(deps): bump golang.org/x/term from 0.42.0 to 0.43.0 by @dependabot[bot] in https://github.com/gdamore/tcell/pull/1085
• chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 by @dependabot[bot] in https://github.com/gdamore/tcell/pull/1087
• MInor bug fixes by @gdamore in https://github.com/gdamore/tcell/pull/1097
• Preserve orphaned UTF-16 surrogates on Windows by @gdamore in https://github.com/gdamore/tcell/pull/1104
• vt: prune tab stops after resize by @gdamore in https://github.com/gdamore/tcell/pull/1105
• vt: ignore malformed SGR parameters by @gdamore in https://github.com/gdamore/tcell/pull/1106
• Limit inbound control strings by @gdamore in https://github.com/gdamore/tcell/pull/1107
• fix: cells should be marked dirty even if they have no content (fixes… by @gdamore in https://github.com/gdamore/tcell/pull/1108
• fix: lock SetSize screen mutations by @gdamore in https://github.com/gdamore/tcell/pull/1109
• tscreen: prevent terminal mutation after Fini by @gdamore in https://github.com/gdamore/tcell/pull/1110
• Avoid extra keyboard protocols on Windows by @gdamore in https://github.com/gdamore/tcell/pull/1111
• [codex] Fix OSC 8 hyperlink state transitions by @gdamore in https://github.com/gdamore/tcell/pull/1112

• @ImGajeed76 made their first contribution in https://github.com/gdamore/tcell/pull/1077

Full Changelog: https://github.com/gdamore/tcell/compare/v3.3.0...v3.4.0

• Add XDG_SESSION_TYPE to wails3 doctor output on Linux by @leaanthony

• Fix window menu crash on Wayland caused by appmenu-gtk-module accessing unrealized window (#4769) by @leaanthony
• Fix GTK application crash when app name contains invalid characters (spaces, parentheses, etc.) by @leaanthony
• Fix "not enough memory" error when initializing drag and drop on Windows (#4701) by @overlordtm
• Fix race condition in mainthread callback store using incorrect RLock for map deletion (Linux, macOS, iOS) (#4424) by @leaanthony
• Fixed variable handling when passing command-line arguments to tasks. CLI variables specified as KEY=VALUE pairs are now properly initialized and propagated throughout task execution.
• Fix NSWindowZoomButton conflict on macOS: MaximiseButtonState and FullscreenButtonState now apply the more restrictive state at both startup and runtime; neither setter can silently override the other (#5319)
• Fix a cluster of pre-existing bugs in the legacy GTK3 build path (-tags gtk3) surfaced by CodeRabbit on #5463: file-association launches no longer skip startup handlers; getTheme is bounds- and type-safe; appName no longer frees GLib-owned memory; clipboardGet no longer leaks the gchar* returned by GTK; Calloc now uses pointer receivers (and NewCalloc returns *Calloc) so the pool actually tracks allocations; zoomOut uses the reciprocal of zoomInFactor instead of a negative multiplier that clamped to 1.0; execJS reuses the preallocated empty world-name instead of leaking a C.CString("") per call; a development fmt.Println was removed from menuItem.setAccelerator. Resolves #5465.
• Fix the same Calloc value-receiver leak in the default GTK4 build path (linux_cgo.go): pointer receivers + NewCalloc() *Calloc so per-window c.String(...) allocations are actually tracked and freed.

🤖 This is an automated nightly release generated from the latest changes on master.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.93

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

• Modify the Taskfiles to allow control of frontend package manager used via PACKAGE_MANAGER option
• Enrich template data with {{.Opn}} and {{.Cls}} to make writing Taskfile templates more predictable

• Modified a couple of the existing Taskfiles to make use of {{.Opn}} and {{.Cls}}

• Fix concurrent map read and map write runtime fatal in linuxSystemTray when the tray menu is updated while the panel reads it.
• Use log instead of fmt for WebView2 error and stack trace output so messages aren't lost when the app runs without an attached console on Windows.

🤖 This is an automated nightly release generated from the latest changes on master.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.92

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.