diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 6164c657c..1f3c63cbb 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,3 +1,3 @@
 # These are supported funding model platforms
 
-github: [robjtede]
+github: [robjtede, JohnTitor]
diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
index fd6bc6d73..011a49934 100644
--- a/.github/workflows/bench.yml
+++ b/.github/workflows/bench.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust
         run: |
diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml
index c6cb676c5..18721b500 100644
--- a/.github/workflows/ci-post-merge.yml
+++ b/.github/workflows/ci-post-merge.yml
@@ -28,11 +28,11 @@ jobs:
     runs-on: ${{ matrix.target.os }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install nasm
         if: matrix.target.os == 'windows-latest'
-        uses: ilammy/setup-nasm@v1.5.2
+        uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # v1.5.2
 
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
@@ -44,12 +44,12 @@ jobs:
           echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
 
       - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@v2.56.13
+        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
         with:
           tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean
 
@@ -71,19 +71,19 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Free Disk Space
         run: ./scripts/free-disk-space.sh
 
       - name: Setup mold linker
-        uses: rui314/setup-mold@v1
+        uses: rui314/setup-mold@7344740a9418dcdcb481c7df83d9fbd1d5072d7d # v1
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
 
       - name: Install just, cargo-hack
-        uses: taiki-e/install-action@v2.56.13
+        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
         with:
           tool: just,cargo-hack
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a33b59169..5c9015fbd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   read_msrv:
     name: Read MSRV
-    uses: actions-rust-lang/msrv/.github/workflows/msrv.yml@v0.1.0
+    uses: actions-rust-lang/msrv/.github/workflows/msrv.yml@8b553824444060021f2843d7b4d803f3624d15e5 # v0.1.0
 
   build_and_test:
     needs: read_msrv
@@ -39,11 +39,11 @@ jobs:
     runs-on: ${{ matrix.target.os }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install nasm
         if: matrix.target.os == 'windows-latest'
-        uses: ilammy/setup-nasm@v1.5.2
+        uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # v1.5.2
 
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
@@ -56,15 +56,15 @@ jobs:
 
       - name: Setup mold linker
         if: matrix.target.os == 'ubuntu-latest'
-        uses: rui314/setup-mold@v1
+        uses: rui314/setup-mold@7344740a9418dcdcb481c7df83d9fbd1d5072d7d # v1
 
       - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@v2.56.13
+        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
         with:
           tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean
 
@@ -89,10 +89,10 @@ jobs:
     name: io-uring tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: nightly
 
@@ -105,15 +105,15 @@ jobs:
     name: doc tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: nightly
 
       - name: Install just
-        uses: taiki-e/install-action@v2.56.13
+        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
         with:
           tool: just
 
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 9a286d2f8..17a9fc7be 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -15,16 +15,16 @@ jobs:
   coverage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: nightly
           components: llvm-tools
 
       - name: Install just, cargo-llvm-cov, cargo-nextest
-        uses: taiki-e/install-action@v2.56.13
+        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
         with:
           tool: just,cargo-llvm-cov,cargo-nextest
 
@@ -32,7 +32,7 @@ jobs:
         run: just test-coverage-codecov
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5.4.3
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
         with:
           files: codecov.json
           fail_ci_if_error: true
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 67e67397c..167b54231 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -15,10 +15,10 @@ jobs:
   fmt:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: nightly
           components: rustfmt
@@ -33,15 +33,15 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           components: clippy
 
       - name: Check with Clippy
-        uses: giraffate/clippy-action@v1.0.1
+        uses: giraffate/clippy-action@13b9d32482f25d29ead141b79e7e04e7900281e0 # v1.0.1
         with:
           reporter: github-pr-check
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -52,10 +52,10 @@ jobs:
   lint-docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: nightly
           components: rust-docs
@@ -69,20 +69,20 @@ jobs:
     if: false # rustdoc mismatch currently
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Rust (${{ vars.RUST_VERSION_EXTERNAL_TYPES }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.13.0
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
         with:
           toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }}
 
       - name: Install just
-        uses: taiki-e/install-action@v2.56.13
+        uses: taiki-e/install-action@ad95d4e02e061d4390c4b66ef5ed56c7fee3d2ce # v2.58.17
         with:
           tool: just
 
       - name: Install cargo-check-external-types
-        uses: taiki-e/cache-cargo-install-action@v2.2.0
+        uses: taiki-e/cache-cargo-install-action@b33c63d3b3c85540f4eba8a4f71a5cc0ce030855 # v2.3.0
         with:
           tool: cargo-check-external-types
 
diff --git a/Cargo.lock b/Cargo.lock
index 6abe8dc09..31cf9e4bf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -9,7 +9,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "de7fa236829ba0841304542f7614c42b80fca007455315c45c785ccfa873a85b"
 dependencies = [
  "actix-rt",
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "bytes",
  "crossbeam-channel",
  "futures-core",
@@ -31,7 +31,7 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f7b0a21988c1bf877cf4759ef5ddaac04c1c9fe808c9142ecb78ba97d97a28a"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "bytes",
  "futures-core",
  "futures-sink",
@@ -53,7 +53,7 @@ dependencies = [
  "actix-test",
  "actix-utils",
  "actix-web",
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "bytes",
  "derive_more",
  "env_logger",
@@ -83,7 +83,7 @@ dependencies = [
  "actix-web",
  "async-stream",
  "base64 0.22.1",
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "brotli",
  "bytes",
  "bytestring",
@@ -109,7 +109,7 @@ dependencies = [
  "openssl",
  "percent-encoding",
  "pin-project-lite",
- "rand 0.9.1",
+ "rand 0.9.2",
  "rcgen",
  "regex",
  "rustls 0.23.27",
@@ -185,7 +185,7 @@ dependencies = [
  "memchr",
  "mime",
  "multer",
- "rand 0.9.1",
+ "rand 0.9.2",
  "serde",
  "serde_json",
  "serde_plain",
@@ -383,7 +383,7 @@ dependencies = [
  "once_cell",
  "openssl",
  "pin-project-lite",
- "rand 0.9.1",
+ "rand 0.9.2",
  "rcgen",
  "regex",
  "regex-lite",
@@ -651,7 +651,7 @@ dependencies = [
  "openssl",
  "percent-encoding",
  "pin-project-lite",
- "rand 0.9.1",
+ "rand 0.9.2",
  "rcgen",
  "rustls 0.20.9",
  "rustls 0.21.12",
@@ -723,7 +723,7 @@ version = "0.69.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "cexpr",
  "clang-sys",
  "itertools 0.12.1",
@@ -748,9 +748,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
 [[package]]
 name = "bitflags"
-version = "2.9.1"
+version = "2.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"
+checksum = "6a65b545ab31d687cff52899d4890855fec459eb6afe0da6417b8a18da87aa29"
 
 [[package]]
 name = "block-buffer"
@@ -763,9 +763,9 @@ dependencies = [
 
 [[package]]
 name = "brotli"
-version = "8.0.1"
+version = "8.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9991eea70ea4f293524138648e41ee89b0b2b12ddef3b255effa43c8056e0e0d"
+checksum = "4bd8b9603c7aa97359dbd97ecf258968c95f3adddd6db2f7e7a5bef101c84560"
 dependencies = [
  "alloc-no-stdlib",
  "alloc-stdlib",
@@ -1791,7 +1791,7 @@ version = "0.7.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b86e202f00093dcba4275d4636b93ef9dd75d025ae560d2521b45ea28ab49013"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "cfg-if",
  "libc",
 ]
@@ -2133,7 +2133,7 @@ version = "0.10.72"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "cfg-if",
  "foreign-types",
  "libc",
@@ -2339,9 +2339,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.95"
+version = "1.0.101"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778"
+checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de"
 dependencies = [
  "unicode-ident",
 ]
@@ -2374,9 +2374,9 @@ dependencies = [
 
 [[package]]
 name = "rand"
-version = "0.9.1"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"
+checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
  "rand_chacha 0.9.0",
  "rand_core 0.9.3",
@@ -2459,7 +2459,7 @@ version = "0.5.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "928fca9cf2aa042393a8325b9ead81d2f0df4cb12e1e24cef072922ccd99c5af"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
 ]
 
 [[package]]
@@ -2550,7 +2550,7 @@ version = "0.38.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "errno",
  "libc",
  "linux-raw-sys 0.4.15",
@@ -2563,7 +2563,7 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c71e83d6afe7ff64890ec6b71d6a69bb8a610ab78ce364b3352876bb4c801266"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "errno",
  "libc",
  "linux-raw-sys 0.9.4",
@@ -2689,9 +2689,9 @@ dependencies = [
 
 [[package]]
 name = "rustversion"
-version = "1.0.21"
+version = "1.0.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d"
+checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
 
 [[package]]
 name = "rustversion-msrv"
@@ -2745,7 +2745,7 @@ version = "2.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
  "core-foundation",
  "core-foundation-sys",
  "libc",
@@ -2784,9 +2784,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.140"
+version = "1.0.142"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
+checksum = "030fedb782600dcbd6f02d479bf0d817ac3bb40d644745b769d6a96bc3afc5a7"
 dependencies = [
  "itoa",
  "memchr",
@@ -2863,9 +2863,9 @@ dependencies = [
 
 [[package]]
 name = "slab"
-version = "0.4.10"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04dc19736151f35336d325007ac991178d504a119863a2fcb3758cdb5e52c50d"
+checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"
 
 [[package]]
 name = "smallvec"
@@ -3087,9 +3087,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.46.1"
+version = "1.47.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0cc3a2344dafbe23a245241fe8b09735b521110d30fcefbbd5feb1797ca35d17"
+checksum = "89e49afdadebb872d3145a5638b59eb0691ea23e46ca484037cfab3b76b95038"
 dependencies = [
  "backtrace",
  "bytes",
@@ -3100,9 +3100,9 @@ dependencies = [
  "pin-project-lite",
  "signal-hook-registry",
  "slab",
- "socket2 0.5.10",
+ "socket2 0.6.0",
  "tokio-macros",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -3197,9 +3197,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-util"
-version = "0.7.15"
+version = "0.7.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "66a539a9ad6d5d281510d5bd368c973d636c02dbf8a67300bfb6b950696ad7df"
+checksum = "14307c986784f72ef81c89db7d9e28d6ac26d16213b109ea501696195e6e3ce5"
 dependencies = [
  "bytes",
  "futures-core",
@@ -3327,9 +3327,9 @@ dependencies = [
 
 [[package]]
 name = "trybuild"
-version = "1.0.106"
+version = "1.0.110"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "65af40ad689f2527aebbd37a0a816aea88ff5f774ceabe99de5be02f2f91dae2"
+checksum = "32e257d7246e7a9fd015fb0b28b330a8d4142151a33f03e6a497754f4b1f6a8e"
 dependencies = [
  "glob",
  "serde",
@@ -3797,7 +3797,7 @@ version = "0.39.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
 dependencies = [
- "bitflags 2.9.1",
+ "bitflags 2.9.2",
 ]
 
 [[package]]
diff --git a/actix-http/CHANGES.md b/actix-http/CHANGES.md
index 715156d5e..9bbddd712 100644
--- a/actix-http/CHANGES.md
+++ b/actix-http/CHANGES.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Update `TestRequest::set_payload` to generate "Content-Length" header
+- Malformed websocket frames are now gracefully rejected.
 
 ## 3.11.0
 
diff --git a/actix-http/src/h1/dispatcher.rs b/actix-http/src/h1/dispatcher.rs
index 00b51360e..3f0b78af4 100644
--- a/actix-http/src/h1/dispatcher.rs
+++ b/actix-http/src/h1/dispatcher.rs
@@ -1182,7 +1182,7 @@ where
                     let state_is_none = inner_p.state.is_none();
 
                     // read half is closed; we do not process any responses
-                    if inner_p.flags.contains(Flags::READ_DISCONNECT) && state_is_none {
+                    if inner_p.flags.contains(Flags::READ_DISCONNECT) {
                         trace!("read half closed; start shutdown");
                         inner_p.flags.insert(Flags::SHUTDOWN);
                     }
@@ -1216,6 +1216,9 @@ where
                         inner_p.shutdown_timer,
                     );
 
+                    if inner_p.flags.contains(Flags::SHUTDOWN) {
+                        cx.waker().wake_by_ref();
+                    }
                     Poll::Pending
                 };
 
diff --git a/actix-http/src/ws/frame.rs b/actix-http/src/ws/frame.rs
index 35b3f8e66..7147cc92a 100644
--- a/actix-http/src/ws/frame.rs
+++ b/actix-http/src/ws/frame.rs
@@ -94,11 +94,21 @@ impl Parser {
             Some(res) => res,
         };
 
+        let frame_len = match idx.checked_add(length) {
+            Some(len) => len,
+            None => return Err(ProtocolError::Overflow),
+        };
+
         // not enough data
-        if src.len() < idx + length {
+        if src.len() < frame_len {
             let min_length = min(length, max_size);
-            if src.capacity() < idx + min_length {
-                src.reserve(idx + min_length - src.capacity());
+            let required_cap = match idx.checked_add(min_length) {
+                Some(cap) => cap,
+                None => return Err(ProtocolError::Overflow),
+            };
+
+            if src.capacity() < required_cap {
+                src.reserve(required_cap - src.capacity());
             }
             return Ok(None);
         }
@@ -402,4 +412,14 @@ mod tests {
         Parser::write_close(&mut buf, None, false);
         assert_eq!(&buf[..], &vec![0x88, 0x00][..]);
     }
+
+    #[test]
+    fn test_parse_length_overflow() {
+        let buf: [u8; 14] = [
+            0x0a, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xeb, 0x0e, 0x8f,
+        ];
+        let mut buf = BytesMut::from(&buf[..]);
+        let result = Parser::parse(&mut buf, true, 65536);
+        assert!(matches!(result, Err(ProtocolError::Overflow)));
+    }
 }
diff --git a/actix-multipart/README.md b/actix-multipart/README.md
index ec2e94bd8..db0e3eae8 100644
--- a/actix-multipart/README.md
+++ b/actix-multipart/README.md
@@ -24,9 +24,10 @@ Due to additional requirements for `multipart/form-data` requests, the higher le
 ## Examples
 
 ```rust
-use actix_web::{post, App, HttpServer, Responder};
-
-use actix_multipart::form::{json::Json as MpJson, tempfile::TempFile, MultipartForm};
+use actix_multipart::form::{
+    json::Json as MpJson, tempfile::TempFile, MultipartForm, MultipartFormConfig,
+};
+use actix_web::{middleware::Logger, post, App, HttpServer, Responder};
 use serde::Deserialize;
 
 #[derive(Debug, Deserialize)]
@@ -36,25 +37,37 @@ struct Metadata {
 
 #[derive(Debug, MultipartForm)]
 struct UploadForm {
+    // Note: the form is also subject to the global limits configured using `MultipartFormConfig`.
     #[multipart(limit = "100MB")]
     file: TempFile,
     json: MpJson<Metadata>,
 }
 
 #[post("/videos")]
-pub async fn post_video(MultipartForm(form): MultipartForm<UploadForm>) -> impl Responder {
+async fn post_video(MultipartForm(form): MultipartForm<UploadForm>) -> impl Responder {
     format!(
-        "Uploaded file {}, with size: {}",
-        form.json.name, form.file.size
+        "Uploaded file {}, with size: {}\ntemporary file ({}) was deleted\n",
+        form.json.name,
+        form.file.size,
+        form.file.file.path().display(),
     )
 }
 
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
-    HttpServer::new(move || App::new().service(post_video))
-        .bind(("127.0.0.1", 8080))?
-        .run()
-        .await
+    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
+
+    HttpServer::new(move || {
+        App::new()
+            .service(post_video)
+            .wrap(Logger::default())
+            // Also increase the global total limit to 100MiB.
+            .app_data(MultipartFormConfig::default().total_limit(100 * 1024 * 1024))
+    })
+    .workers(2)
+    .bind(("127.0.0.1", 8080))?
+    .run()
+    .await
 }
 ```
 
diff --git a/actix-multipart/examples/form.rs b/actix-multipart/examples/form.rs
index a90aeff96..e3fda9a23 100644
--- a/actix-multipart/examples/form.rs
+++ b/actix-multipart/examples/form.rs
@@ -1,4 +1,6 @@
-use actix_multipart::form::{json::Json as MpJson, tempfile::TempFile, MultipartForm};
+use actix_multipart::form::{
+    json::Json as MpJson, tempfile::TempFile, MultipartForm, MultipartFormConfig,
+};
 use actix_web::{middleware::Logger, post, App, HttpServer, Responder};
 use serde::Deserialize;
 
@@ -9,6 +11,7 @@ struct Metadata {
 
 #[derive(Debug, MultipartForm)]
 struct UploadForm {
+    // Note: the form is also subject to the global limits configured using `MultipartFormConfig`.
     #[multipart(limit = "100MB")]
     file: TempFile,
     json: MpJson<Metadata>,
@@ -28,9 +31,15 @@ async fn post_video(MultipartForm(form): MultipartForm<UploadForm>) -> impl Resp
 async fn main() -> std::io::Result<()> {
     env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
 
-    HttpServer::new(move || App::new().service(post_video).wrap(Logger::default()))
-        .workers(2)
-        .bind(("127.0.0.1", 8080))?
-        .run()
-        .await
+    HttpServer::new(move || {
+        App::new()
+            .service(post_video)
+            .wrap(Logger::default())
+            // Also increase the global total limit to 100MiB.
+            .app_data(MultipartFormConfig::default().total_limit(100 * 1024 * 1024))
+    })
+    .workers(2)
+    .bind(("127.0.0.1", 8080))?
+    .run()
+    .await
 }
diff --git a/actix-multipart/src/lib.rs b/actix-multipart/src/lib.rs
index 8eea35f2e..7a9855904 100644
--- a/actix-multipart/src/lib.rs
+++ b/actix-multipart/src/lib.rs
@@ -13,7 +13,7 @@
 //! ```no_run
 //! use actix_web::{post, App, HttpServer, Responder};
 //!
-//! use actix_multipart::form::{json::Json as MpJson, tempfile::TempFile, MultipartForm};
+//! use actix_multipart::form::{json::Json as MpJson, tempfile::TempFile, MultipartForm, MultipartFormConfig};
 //! use serde::Deserialize;
 //!
 //! #[derive(Debug, Deserialize)]
@@ -23,6 +23,7 @@
 //!
 //! #[derive(Debug, MultipartForm)]
 //! struct UploadForm {
+//!     // Note: the form is also subject to the global limits configured using `MultipartFormConfig`.
 //!     #[multipart(limit = "100MB")]
 //!     file: TempFile,
 //!     json: MpJson<Metadata>,
@@ -38,10 +39,15 @@
 //!
 //! #[actix_web::main]
 //! async fn main() -> std::io::Result<()> {
-//!     HttpServer::new(move || App::new().service(post_video))
-//!         .bind(("127.0.0.1", 8080))?
-//!         .run()
-//!         .await
+//!     HttpServer::new(move || {
+//!         App::new()
+//!             .service(post_video)
+//!             // Also increase the global total limit to 100MiB.
+//!             .app_data(MultipartFormConfig::default().total_limit(100 * 1024 * 1024))
+//!     })
+//!     .bind(("127.0.0.1", 8080))?
+//!     .run()
+//!     .await
 //! }
 //! ```
 //!
diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md
index ab40eea98..85b9c6063 100644
--- a/actix-web/CHANGES.md
+++ b/actix-web/CHANGES.md
@@ -2,6 +2,9 @@
 
 ## Unreleased
 
+- `actix_web::response::builder::HttpResponseBuilder::streaming()` now sets `Content-Type` to `application/octet-stream` if `Content-Type` does not exist.
+- `actix_web::response::builder::HttpResponseBuilder::streaming()` now calls `actix_web::response::builder::HttpResponseBuilder::no_chunking()` if `Content-Length` is set by user.
+
 ## 4.11.0
 
 - Add `Logger::log_level()` method.
diff --git a/actix-web/src/response/builder.rs b/actix-web/src/response/builder.rs
index c23de8e36..b81ce3568 100644
--- a/actix-web/src/response/builder.rs
+++ b/actix-web/src/response/builder.rs
@@ -318,12 +318,33 @@ impl HttpResponseBuilder {
     /// Set a streaming body and build the `HttpResponse`.
     ///
     /// `HttpResponseBuilder` can not be used after this call.
+    ///
+    /// If `Content-Type` is not set, then it is automatically set to `application/octet-stream`.
+    ///
+    /// If `Content-Length` is set, then [`no_chunking()`](Self::no_chunking) is automatically called.
     #[inline]
     pub fn streaming<S, E>(&mut self, stream: S) -> HttpResponse
     where
         S: Stream<Item = Result<Bytes, E>> + 'static,
         E: Into<BoxError> + 'static,
     {
+        // Set mime type to application/octet-stream if it is not set
+        if let Some(parts) = self.inner() {
+            if !parts.headers.contains_key(header::CONTENT_TYPE) {
+                self.insert_header((header::CONTENT_TYPE, mime::APPLICATION_OCTET_STREAM));
+            }
+        }
+
+        if let Some(parts) = self.inner() {
+            if let Some(length) = parts.headers.get(header::CONTENT_LENGTH) {
+                if let Ok(length) = length.to_str() {
+                    if let Ok(length) = length.parse::<u64>() {
+                        self.no_chunking(length);
+                    }
+                }
+            }
+        }
+
         self.body(BodyStream::new(stream))
     }
 
diff --git a/actix-web/src/web.rs b/actix-web/src/web.rs
index 3a4c46730..92d05eb74 100644
--- a/actix-web/src/web.rs
+++ b/actix-web/src/web.rs
@@ -38,7 +38,7 @@ use crate::{
 ///
 /// A dynamic segment is specified in the form `{identifier}`, where the identifier can be used
 /// later in a request handler to access the matched value for that segment. This is done by looking
-/// up the identifier in the `Path` object returned by [`HttpRequest.match_info()`] method.
+/// up the identifier in the `Path` object returned by [`HttpRequest::match_info()`](crate::HttpRequest::match_info) method.
 ///
 /// By default, each segment matches the regular expression `[^{}/]+`.
 ///
diff --git a/actix-web/tests/test_streaming_response.rs b/actix-web/tests/test_streaming_response.rs
new file mode 100644
index 000000000..1c22da38b
--- /dev/null
+++ b/actix-web/tests/test_streaming_response.rs
@@ -0,0 +1,115 @@
+use std::{
+    pin::Pin,
+    task::{Context, Poll},
+};
+
+use actix_web::{
+    http::header::{self, HeaderValue},
+    HttpResponse,
+};
+use bytes::Bytes;
+use futures_core::Stream;
+
+struct FixedSizeStream {
+    data: Vec<u8>,
+    yielded: bool,
+}
+
+impl FixedSizeStream {
+    fn new(size: usize) -> Self {
+        Self {
+            data: vec![0u8; size],
+            yielded: false,
+        }
+    }
+}
+
+impl Stream for FixedSizeStream {
+    type Item = Result<Bytes, std::io::Error>;
+
+    fn poll_next(mut self: Pin<&mut Self>, _: &mut Context<'_>) -> Poll<Option<Self::Item>> {
+        if self.yielded {
+            Poll::Ready(None)
+        } else {
+            self.yielded = true;
+            let data = std::mem::take(&mut self.data);
+            Poll::Ready(Some(Ok(Bytes::from(data))))
+        }
+    }
+}
+
+#[actix_rt::test]
+async fn test_streaming_response_with_content_length() {
+    let stream = FixedSizeStream::new(100);
+
+    let resp = HttpResponse::Ok()
+        .append_header((header::CONTENT_LENGTH, "100"))
+        .streaming(stream);
+
+    assert_eq!(
+        resp.headers().get(header::CONTENT_LENGTH),
+        Some(&HeaderValue::from_static("100")),
+        "Content-Length should be preserved when explicitly set"
+    );
+
+    let has_chunked = resp
+        .headers()
+        .get(header::TRANSFER_ENCODING)
+        .map(|v| v.to_str().unwrap_or(""))
+        .unwrap_or("")
+        .contains("chunked");
+
+    assert!(
+        !has_chunked,
+        "chunked should not be used when Content-Length is provided"
+    );
+
+    assert_eq!(
+        resp.headers().get(header::CONTENT_TYPE),
+        Some(&HeaderValue::from_static("application/octet-stream")),
+        "Content-Type should default to application/octet-stream"
+    );
+}
+
+#[actix_rt::test]
+async fn test_streaming_response_default_content_type() {
+    let stream = FixedSizeStream::new(50);
+
+    let resp = HttpResponse::Ok().streaming(stream);
+
+    assert_eq!(
+        resp.headers().get(header::CONTENT_TYPE),
+        Some(&HeaderValue::from_static("application/octet-stream")),
+        "Content-Type should default to application/octet-stream"
+    );
+}
+
+#[actix_rt::test]
+async fn test_streaming_response_user_defined_content_type() {
+    let stream = FixedSizeStream::new(25);
+
+    let resp = HttpResponse::Ok()
+        .insert_header((header::CONTENT_TYPE, "text/plain"))
+        .streaming(stream);
+
+    assert_eq!(
+        resp.headers().get(header::CONTENT_TYPE),
+        Some(&HeaderValue::from_static("text/plain")),
+        "User-defined Content-Type should be preserved"
+    );
+}
+
+#[actix_rt::test]
+async fn test_streaming_response_empty_stream() {
+    let stream = FixedSizeStream::new(0);
+
+    let resp = HttpResponse::Ok()
+        .append_header((header::CONTENT_LENGTH, "0"))
+        .streaming(stream);
+
+    assert_eq!(
+        resp.headers().get(header::CONTENT_LENGTH),
+        Some(&HeaderValue::from_static("0")),
+        "Content-Length 0 should be preserved for empty streams"
+    );
+}