From c1fe6e11bd59d0ec7af7fac6841cd764ef7adcaf Mon Sep 17 00:00:00 2001
From: Kenneth Reitz <me@kennethreitz.org>
Date: Sun, 12 Apr 2026 18:04:33 -0400
Subject: [PATCH] Fix memory leak in rate limiter

Empty bucket keys were never removed after their timestamps expired.
Over time this accumulated an entry for every unique client IP that
ever made a request.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 responder/ext/ratelimit.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/responder/ext/ratelimit.py b/responder/ext/ratelimit.py
index df5d5f4..c846ea1 100644
--- a/responder/ext/ratelimit.py
+++ b/responder/ext/ratelimit.py
@@ -39,6 +39,8 @@ class RateLimiter:
         now = time.time()
         cutoff = now - self.period
         self._buckets[key] = [t for t in self._buckets[key] if t > cutoff]
+        if not self._buckets[key]:
+            del self._buckets[key]
 
     def check(self, req, resp):
         """Check rate limit. Sets 429 status if exceeded."""