diff --git a/internal/http/middleware/entrance.go b/internal/http/middleware/entrance.go
index d8792c3fa6..1344719465 100644
--- a/internal/http/middleware/entrance.go
+++ b/internal/http/middleware/entrance.go
@@ -17,16 +17,19 @@ func Entrance(conf *koanf.Koanf, session *sessions.Manager) func(next http.Handl
 			sess, err := session.GetSession(r)
 			if err != nil {
 				render := chix.NewRender(w)
+				defer render.Release()
 				render.Status(http.StatusInternalServerError)
 				render.JSON(chix.M{
 					"message": err.Error(),
 				})
+				return
 			}
 
 			entrance := conf.String("http.entrance")
 			if strings.TrimSuffix(r.URL.Path, "/") == strings.TrimSuffix(entrance, "/") {
 				sess.Put("verify_entrance", true)
 				render := chix.NewRender(w, r)
+				defer render.Release()
 				render.Redirect("/login")
 				return
 			}
@@ -35,6 +38,7 @@ func Entrance(conf *koanf.Koanf, session *sessions.Manager) func(next http.Handl
 				!cast.ToBool(sess.Get("verify_entrance", false)) &&
 				r.URL.Path != "/robots.txt" {
 				render := chix.NewRender(w)
+				defer render.Release()
 				render.Status(http.StatusTeapot)
 				render.JSON(chix.M{
 					"message": "请通过正确的入口访问",
diff --git a/internal/http/middleware/must_install.go b/internal/http/middleware/must_install.go
index a947fc3dd3..5dc1b83788 100644
--- a/internal/http/middleware/must_install.go
+++ b/internal/http/middleware/must_install.go
@@ -23,6 +23,7 @@ func MustInstall(app biz.AppRepo) func(next http.Handler) http.Handler {
 				pathArr := strings.Split(r.URL.Path, "/")
 				if len(pathArr) < 4 {
 					render := chix.NewRender(w)
+					defer render.Release()
 					render.Status(http.StatusForbidden)
 					render.JSON(chix.M{
 						"message": "应用不存在",
@@ -41,6 +42,7 @@ func MustInstall(app biz.AppRepo) func(next http.Handler) http.Handler {
 			}
 			if !flag && len(slugs) > 0 {
 				render := chix.NewRender(w)
+				defer render.Release()
 				render.Status(http.StatusForbidden)
 				render.JSON(chix.M{
 					"message": fmt.Sprintf("应用 %s 未安装", slugs),
diff --git a/internal/http/middleware/must_login.go b/internal/http/middleware/must_login.go
index 8c02b27681..e279e85ac0 100644
--- a/internal/http/middleware/must_login.go
+++ b/internal/http/middleware/must_login.go
@@ -29,10 +29,12 @@ func MustLogin(session *sessions.Manager) func(next http.Handler) http.Handler {
 			sess, err := session.GetSession(r)
 			if err != nil {
 				render := chix.NewRender(w)
+				defer render.Release()
 				render.Status(http.StatusInternalServerError)
 				render.JSON(chix.M{
 					"message": err.Error(),
 				})
+				return
 			}
 
 			// 对白名单和非 API 请求放行
@@ -43,6 +45,7 @@ func MustLogin(session *sessions.Manager) func(next http.Handler) http.Handler {
 
 			if sess.Missing("user_id") {
 				render := chix.NewRender(w)
+				defer render.Release()
 				render.Status(http.StatusUnauthorized)
 				render.JSON(chix.M{
 					"message": "会话已过期，请重新登录",
@@ -53,6 +56,7 @@ func MustLogin(session *sessions.Manager) func(next http.Handler) http.Handler {
 			userID := cast.ToUint(sess.Get("user_id"))
 			if userID == 0 {
 				render := chix.NewRender(w)
+				defer render.Release()
 				render.Status(http.StatusUnauthorized)
 				render.JSON(chix.M{
 					"message": "会话无效，请重新登录",
@@ -67,6 +71,7 @@ func MustLogin(session *sessions.Manager) func(next http.Handler) http.Handler {
 				clientHash := fmt.Sprintf("%x", sha256.Sum256([]byte(ip)))
 				if safeClientHash != clientHash || safeClientHash == "" {
 					render := chix.NewRender(w)
+					defer render.Release()
 					render.Status(http.StatusUnauthorized)
 					render.JSON(chix.M{
 						"message": "客户端IP/UA变化，请重新登录",
diff --git a/internal/http/middleware/status.go b/internal/http/middleware/status.go
index 1de2221ad3..ce192b405a 100644
--- a/internal/http/middleware/status.go
+++ b/internal/http/middleware/status.go
@@ -14,6 +14,7 @@ func Status(next http.Handler) http.Handler {
 		switch app.Status {
 		case app.StatusUpgrade:
 			render := chix.NewRender(w)
+			defer render.Release()
 			render.Status(http.StatusServiceUnavailable)
 			render.JSON(chix.M{
 				"message": "面板更新中，请稍后刷新",
@@ -21,6 +22,7 @@ func Status(next http.Handler) http.Handler {
 			return
 		case app.StatusMaintain:
 			render := chix.NewRender(w)
+			defer render.Release()
 			render.Status(http.StatusServiceUnavailable)
 			render.JSON(chix.M{
 				"message": "面板正在运行维护任务，请稍后刷新",
@@ -28,6 +30,7 @@ func Status(next http.Handler) http.Handler {
 			return
 		case app.StatusClosed:
 			render := chix.NewRender(w)
+			defer render.Release()
 			render.Status(http.StatusForbidden)
 			render.JSON(chix.M{
 				"message": "面板已关闭",
@@ -35,6 +38,7 @@ func Status(next http.Handler) http.Handler {
 			return
 		case app.StatusFailed:
 			render := chix.NewRender(w)
+			defer render.Release()
 			render.Status(http.StatusInternalServerError)
 			render.JSON(chix.M{
 				"message": "面板运行出错，请检查排除或联系支持",