- proxy/proxy.go: decrement connection count on dangerous path rejection
(line 724) to prevent connection count leak
- handler/sendfile_linux.go: return *os.File from getSocketFile and let
linuxSendfile close it, fixing EBADF from deferred close in getSocketFd
- proxy/websocket.go: return bufio.Reader from readWebSocketUpgradeResponse
and wrap targetConn with bufferedConn to consume pre-buffered frame data,
preventing first-frame loss
- server/pool.go: use non-blocking send after starting new worker to avoid
deadlock when queue is full
- stream/stream.go: check stopCh on non-timeout UDP read errors to prevent
infinite loop and shutdown deadlock
- middleware/ratelimit: replace select-based close guard with sync.Once in
StopCleanup to prevent double-close panic
xfy
27e00b84a8