2026-01-16 23:29:01 +08:00
# Unreleased Changes
## 🚀 Improvements
2026-01-19 09:56:53 -05:00
* Improve HTML structure in `res.redirect()` responses when HTML format is accepted by adding `<!DOCTYPE html>` , `<title>` , and `<body>` tags for better browser compatibility - by [@Bernice55231 ](https://github.com/Bernice55231 ) in [#5167 ](https://github.com/expressjs/express/pull/5167 )
2026-02-01 08:21:17 +05:30
* When calling `app.render` with options set to null, the locals object is handled correctly, preventing unexpected errors and making the method behave the same as when options is omitted or an empty object is passed - by [AkaHarshit ](https://github.com/AkaHarshit ) in [#6903 ](https://github.com/expressjs/express/pull/6903 )
```js
app.render('index', null, callback); // now works as expected
` ``
2026-01-19 09:56:53 -05:00
## ⚡ Performance
* Avoid duplicate Content-Type header processing in ` res.send()` when sending string responses without an explicit Content-Type header - by [@bjohansebas](https://github.com/bjohansebas) in [#6991](https://github.com/expressjs/express/pull/6991)
2026-01-16 23:29:01 +08:00
2025-12-01 19:35:03 +01:00
5.2.1 / 2025-12-01
=======================
* Revert security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
2025-12-03 16:08:09 -06:00
* The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.
2025-12-01 19:35:03 +01:00
2025-12-01 17:17:31 +01:00
5.2.0 / 2025-12-01
========================
2025-11-26 19:49:57 +05:30
2025-12-01 17:17:31 +01:00
* Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
2025-11-26 19:49:57 +05:30
* deps: ` body-parser@^2.2.1`
2025-12-01 17:17:31 +01:00
* A deprecation warning was added when using ` res.redirect` with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.
2025-11-26 19:49:57 +05:30
2025-03-27 20:13:27 -05:00
5.1.0 / 2025-03-31
2024-10-22 20:22:26 +02:00
========================
2025-03-27 20:13:27 -05:00
* Add support for ` Uint8Array` in ` res.send()`
* Add support for ETag option in ` res.sendFile()`
* Add support for multiple links with the same rel in ` res.links()`
* Add funding field to package.json
2024-11-20 14:40:39 -05:00
* perf: use loop for acceptParams
2024-12-21 22:58:33 +01:00
* refactor: prefix built-in node module imports
2025-03-27 20:13:27 -05:00
* deps: remove ` setprototypeof`
* deps: remove ` safe-buffer`
* deps: remove ` utils-merge`
* deps: remove ` methods`
* deps: remove ` depd`
* deps: ` debug@^4.4.0`
* deps: ` body-parser@^2.2.0`
* deps: ` router@^2.2.0`
* deps: ` content-type@^1.0.5`
* deps: ` finalhandler@^2.1.0`
* deps: ` qs@^6.14.0`
* deps: ` server-static@2 .2.0`
* deps: ` type-is@2 .0.1`
2024-11-15 17:23:42 +01:00
2024-10-08 21:31:10 +02:00
5.0.1 / 2024-10-08
2024-10-08 10:10:56 +00:00
==========
2024-10-08 21:31:10 +02:00
* Update ` cookie` semver lock to address [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
2024-10-08 10:10:56 +00:00
2024-09-09 23:35:36 -05:00
5.0.0 / 2024-09-10
2024-07-30 17:49:13 -04:00
=========================
2024-09-09 18:03:32 -04:00
* remove:
2024-08-17 17:21:29 +02:00
- ` path-is-absolute` dependency - use ` path.isAbsolute` instead
2024-07-30 17:49:13 -04:00
* breaking:
* ` res.status()` accepts only integers, and input must be greater than 99 and less than 1000
* will throw a ` RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range
* will throw a ` TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs
2024-08-09 09:59:53 -07:00
* deps: send@1.0.0
2024-09-09 20:28:55 -07:00
* ` res.redirect('back')` and ` res.location('back')` is no longer a supported magic string, explicitly use ` req.get('Referrer') || '/'`.
2024-08-02 16:26:45 -04:00
* change:
- ` res.clearCookie` will ignore user provided ` maxAge` and ` expires` options
2024-08-24 05:17:12 +06:00
* deps: cookie-signature@^1.2.1
2024-08-17 17:20:25 +02:00
* deps: debug@4.3.6
2024-08-23 22:37:27 +02:00
* deps: merge-descriptors@^2.0.0
2024-09-09 23:32:19 -05:00
* deps: serve-static@^2.1.0
2024-08-23 23:10:16 +02:00
* deps: qs@6.13.0
2024-08-31 10:55:04 -05:00
* deps: accepts@^2.0.0
2024-08-31 11:06:25 -05:00
* deps: mime-types@^3.0.0
- ` application/javascript` => ` text/javascript`
2024-08-31 12:31:31 -05:00
* deps: type-is@^2.0.0
2024-08-31 13:09:21 -05:00
* deps: content-disposition@^1.0.0
2024-09-02 13:36:21 -05:00
* deps: finalhandler@^2.0.0
2024-09-09 18:03:32 -04:00
* deps: fresh@^2.0.0
2024-09-09 22:32:07 -05:00
* deps: body-parser@^2.0.1
2024-09-09 23:34:03 -05:00
* deps: send@^1.1.0
2024-07-30 17:49:13 -04:00
2024-03-25 09:41:30 -05:00
5.0.0-beta.3 / 2024-03-25
=========================
This incorporates all changes after 4.19.1 up to 4.19.2.
2024-03-20 22:00:19 -05:00
5.0.0-beta.2 / 2024-03-20
=========================
2022-02-17 00:27:11 -05:00
2024-03-25 09:41:30 -05:00
This incorporates all changes after 4.17.2 up to 4.19.1.
2022-02-17 00:27:11 -05:00
2022-02-14 19:13:14 -05:00
5.0.0-beta.1 / 2022-02-14
=========================
2021-12-16 23:01:28 -05:00
2022-02-14 19:13:14 -05:00
This is the first Express 5.0 beta release, based off 4.17.2 and includes
changes from 5.0.0-alpha.8.
2021-12-16 23:01:28 -05:00
2018-04-15 10:29:03 +02:00
* change:
2022-02-08 18:55:09 -05:00
- Default "query parser" setting to ` 'simple'`
2022-02-08 09:48:54 -05:00
- Requires Node.js 4+
2022-02-06 10:26:18 -05:00
- Use ` mime-types` for file to content type mapping
2022-02-01 21:51:28 -05:00
* deps: array-flatten@3.0.0
2021-12-17 23:02:38 -05:00
* deps: body-parser@2.0.0-beta.1
- ` req.body` is no longer always initialized to ` {}`
- ` urlencoded` parser now defaults ` extended` to ` false`
- Use ` on-finished` to determine when body read
2021-12-15 21:35:34 -05:00
* deps: router@2.0.0-beta.1
- Add new ` ?`, ` *`, and ` +` parameter modifiers
- Internalize private ` router.process_params` method
- Matching group expressions are only RegExp syntax
- Named matching groups no longer available by position in ` req.params`
- Regular expressions can only be used in a matching group
- Remove ` debug` dependency
- Special ` *` path segment behavior removed
- deps: array-flatten@3.0.0
- deps: parseurl@~1.3.3
- deps: path-to-regexp@3.2.0
- deps: setprototypeof@1.2.0
2022-02-08 09:57:29 -05:00
* deps: send@1.0.0-beta.1
- Change ` dotfiles` option default to ` 'ignore'`
- Remove ` hidden` option; use ` dotfiles` option instead
- Use ` mime-types` for file to content type mapping
- deps: debug@3.1.0
2022-02-08 09:55:19 -05:00
* deps: serve-static@2.0.0-beta.1
- Change ` dotfiles` option default to ` 'ignore'`
- Remove ` hidden` option; use ` dotfiles` option instead
- Use ` mime-types` for file to content type mapping
2025-02-12 09:38:10 -06:00
- Remove ` express.static.mime` export; use ` mime-types` package instead
2022-02-08 09:55:19 -05:00
- deps: send@1.0.0-beta.1
2021-12-15 21:35:34 -05:00
2020-03-25 20:14:47 -04:00
5.0.0-alpha.8 / 2020-03-25
==========================
2019-06-08 19:43:21 -04:00
2020-06-27 00:42:49 +03:00
This is the eighth Express 5.0 alpha release, based off 4.17.1 and includes
2020-03-25 20:14:47 -04:00
changes from 5.0.0-alpha.7.
2019-06-08 19:43:21 -04:00
2018-10-26 22:29:15 -04:00
5.0.0-alpha.7 / 2018-10-26
==========================
This is the seventh Express 5.0 alpha release, based off 4.16.4 and includes
changes from 5.0.0-alpha.6.
2017-10-13 22:12:14 -04:00
2018-10-26 22:29:15 -04:00
The major change with this alpha is the basic support for returned, rejected
Promises in the router.
2017-10-13 22:27:30 -04:00
2017-10-13 22:12:14 -04:00
* remove:
- ` path-to-regexp` dependency
2017-10-13 22:57:58 -04:00
* deps: debug@3.1.0
- Add ` DEBUG_HIDE_DATE` environment variable
- Change timer to per-namespace instead of global
- Change non-TTY date format
- Remove ` DEBUG_FD` environment variable support
- Support 256 namespace colors
2018-10-23 21:02:44 -04:00
* deps: router@2.0.0-alpha.1
- Add basic support for returned, rejected Promises
- Fix JSDoc for ` Router` constructor
- deps: debug@3.1.0
2017-10-13 22:59:21 -04:00
- deps: parseurl@~1.3.2
- deps: setprototypeof@1.1.0
- deps: utils-merge@1.0.1
2017-10-13 22:12:14 -04:00
2017-09-25 01:28:00 -04:00
5.0.0-alpha.6 / 2017-09-24
==========================
2017-08-07 17:49:33 -04:00
2017-09-25 01:28:00 -04:00
This is the sixth Express 5.0 alpha release, based off 4.15.5 and includes
changes from 5.0.0-alpha.5.
2017-08-07 17:49:33 -04:00
2016-03-14 12:32:35 +00:00
* remove:
2016-03-14 12:10:13 +00:00
- ` res.redirect(url, status)` signature - use ` res.redirect(status, url)`
2016-03-14 12:32:35 +00:00
- ` res.send(status, body)` signature - use ` res.status(status).send(body)`
2017-08-07 17:49:33 -04:00
* deps: router@~1.3.1
- deps: debug@2.6.8
2017-03-06 08:43:58 -05:00
5.0.0-alpha.5 / 2017-03-06
==========================
2017-03-06 08:40:02 -05:00
2017-03-06 08:43:58 -05:00
This is the fifth Express 5.0 alpha release, based off 4.15.2 and includes
changes from 5.0.0-alpha.4.
2017-03-06 08:40:02 -05:00
2017-03-01 18:51:29 -05:00
5.0.0-alpha.4 / 2017-03-01
==========================
2017-03-01 18:11:44 -05:00
2017-03-01 18:51:29 -05:00
This is the fourth Express 5.0 alpha release, based off 4.15.0 and includes
changes from 5.0.0-alpha.3.
2017-03-01 18:11:44 -05:00
2017-02-20 18:34:45 -06:00
* remove:
- Remove Express 3.x middleware error stubs
2017-03-01 18:11:44 -05:00
* deps: router@~1.3.0
- Add ` next("router")` to exit from router
- Fix case where ` router.use` skipped requests routes did not
- Skip routing when ` req.url` is not set
- Use ` %o` in path debug to tell types apart
- deps: debug@2.6.1
- deps: setprototypeof@1.0.3
- perf: add fast match path for ` *` route
2017-01-28 22:21:29 -05:00
5.0.0-alpha.3 / 2017-01-28
==========================
2016-06-20 00:37:34 -04:00
2017-01-28 22:21:29 -05:00
This is the third Express 5.0 alpha release, based off 4.14.1 and includes
changes from 5.0.0-alpha.2.
2016-06-20 00:37:34 -04:00
2016-03-14 13:11:00 +00:00
* remove:
2016-03-14 11:47:38 +00:00
- ` res.json(status, obj)` signature - use ` res.status(status).json(obj)`
2016-03-14 12:01:21 +00:00
- ` res.jsonp(status, obj)` signature - use ` res.status(status).jsonp(obj)`
2016-03-14 13:11:00 +00:00
- ` res.vary()` (no arguments) -- provide a field name as an argument
2017-01-28 21:55:32 -05:00
* deps: array-flatten@2.1.1
2017-01-28 21:56:53 -05:00
* deps: path-is-absolute@1.0.1
2017-01-28 21:54:42 -05:00
* deps: router@~1.1.5
- deps: array-flatten@2.0.1
- deps: methods@~1.1.2
- deps: parseurl@~1.3.1
- deps: setprototypeof@1.0.2
2016-03-14 13:11:00 +00:00
2015-07-07 01:33:55 -04:00
5.0.0-alpha.2 / 2015-07-06
==========================
2015-01-21 03:58:41 -05:00
2015-07-07 01:33:55 -04:00
This is the second Express 5.0 alpha release, based off 4.13.1 and includes
changes from 5.0.0-alpha.1.
2015-01-21 03:58:41 -05:00
2015-07-06 16:45:09 -04:00
* remove:
- ` app.param(fn)`
2015-07-06 21:15:16 -04:00
- ` req.param()` -- use ` req.params`, ` req.body`, or ` req.query` instead
2015-07-06 16:31:51 -04:00
* change:
2015-07-07 01:02:13 -04:00
- ` res.render` callback is always async, even for sync view engines
2015-07-06 16:31:51 -04:00
- The leading ` :` character in ` name` for ` app.param(name, fn)` is no longer removed
2015-07-06 23:46:00 -04:00
- Use ` router` module for routing
2015-04-17 12:41:27 -04:00
- Use ` path-is-absolute` module for absolute path detection
2015-07-06 16:31:51 -04:00
2014-11-06 21:52:29 -05:00
5.0.0-alpha.1 / 2014-11-06
==========================
2014-07-09 23:03:44 -04:00
2015-01-21 04:01:41 -05:00
This is the first Express 5.0 alpha release, based off 4.10.1.
2014-07-09 23:18:23 -04:00
* remove:
2014-11-06 20:41:42 -05:00
- ` app.del` - use ` app.delete`
2014-11-06 20:52:14 -05:00
- ` req.acceptsCharset` - use ` req.acceptsCharsets`
2014-11-06 20:53:17 -05:00
- ` req.acceptsEncoding` - use ` req.acceptsEncodings`
2014-11-06 20:54:29 -05:00
- ` req.acceptsLanguage` - use ` req.acceptsLanguages`
2014-07-09 23:20:49 -04:00
- ` res.json(obj, status)` signature - use ` res.json(status, obj)`
2014-07-09 23:22:03 -04:00
- ` res.jsonp(obj, status)` signature - use ` res.jsonp(status, obj)`
2014-07-09 23:18:23 -04:00
- ` res.send(body, status)` signature - use ` res.send(status, body)`
2014-11-06 21:20:46 -05:00
- ` res.send(status)` signature - use ` res.sendStatus(status)`
2014-11-06 21:03:04 -05:00
- ` res.sendfile` - use ` res.sendFile` instead
2014-07-13 23:56:37 -04:00
- ` express.query` middleware
2014-07-09 23:03:44 -04:00
* change:
- ` req.host` now returns host (` hostname:port`) - use ` req.hostname` for only hostname
2014-07-13 23:56:37 -04:00
- ` req.query` is now a getter instead of a plain property
2014-07-14 00:27:25 -04:00
* add:
- ` app.router` is a reference to the base router
2014-07-09 23:03:44 -04:00
2024-09-10 03:32:10 +02:00
4.20.0 / 2024-09-10
2024-05-04 13:53:09 -07:00
==========
2024-09-10 03:24:32 +02:00
* deps: serve-static@0.16.0
* Remove link renderization in html while redirecting
2024-09-10 02:46:25 +02:00
* deps: send@0.19.0
* Remove link renderization in html while redirecting
2024-09-10 01:36:30 +02:00
* deps: body-parser@0.6.0
* add ` depth` option to customize the depth level in the parser
* IMPORTANT: The default ` depth` level for parsing URL-encoded data is now ` 32` (previously was ` Infinity`)
* Remove link renderization in html while using ` res.redirect`
2024-09-09 14:02:06 -07:00
* deps: path-to-regexp@0.1.10
2024-08-21 20:15:02 -07:00
- Adds support for named matching groups in the routes using a regex
2024-09-09 14:02:06 -07:00
- Adds backtracking protection to parameters without regexes defined
2024-05-04 13:53:09 -07:00
* deps: encodeurl@~2.0.0
- Removes encoding of ` \`, `|` , and `^` to align better with URL spec
2024-06-07 19:48:48 -04:00
* Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
2024-05-04 13:53:09 -07:00
2024-03-25 09:26:03 -05:00
4.19.2 / 2024-03-25
2024-03-21 12:13:56 -05:00
==========
* Improved fix for open redirect allow list bypass
2024-03-20 17:17:59 -05:00
4.19.1 / 2024-03-20
2024-03-20 16:39:46 -05:00
==========
* Allow passing non-strings to res.location with new encoding handling checks
2024-03-20 16:39:46 -05:00
4.19.0 / 2024-03-20
2024-01-11 11:36:11 +00:00
==========
2024-03-20 10:09:10 -05:00
* Prevent open redirect allow list bypass due to encodeurl
2024-01-11 11:36:11 +00:00
* deps: cookie@0 .6.0
2024-03-10 20:04:02 +01:00
4.18.3 / 2024-02-29
2023-02-23 00:24:20 -05:00
==========
2023-02-23 17:23:22 -05:00
* Fix routing requests without method
2023-02-23 00:24:20 -05:00
* deps: body-parser@1 .20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2 .5.2
2024-01-11 11:36:11 +00:00
* deps: cookie@0 .6.0
- Add `partitioned` option
2023-02-23 00:24:20 -05:00
2022-10-08 16:11:42 -04:00
4.18.2 / 2022-10-08
===================
2022-05-20 09:37:20 -04:00
* Fix regression routing a large stack in a single route
2022-10-06 10:26:18 -04:00
* deps: body-parser@1 .20.1
- deps: qs@6 .11.0
- perf: remove unnecessary object clone
2022-10-06 10:27:01 -04:00
* deps: qs@6 .11.0
2022-05-20 09:37:20 -04:00
2022-04-29 15:32:26 -04:00
4.18.1 / 2022-04-29
===================
2022-04-29 13:34:47 -04:00
* Fix hanging on large stack of sync routes
2022-04-25 14:53:28 -04:00
4.18.0 / 2022-04-25
===================
2021-05-20 11:23:33 +07:00
2022-03-11 10:02:43 +01:00
* Add "root" option to `res.download`
2022-03-25 18:13:42 -04:00
* Allow `options` without `filename` in `res.download`
2020-03-21 05:04:16 -04:00
* Deprecate string and non-integer arguments to `res.status`
2019-04-18 09:12:33 -04:00
* Fix behavior of `null` /`undefined` as `maxAge` in `res.cookie`
2022-04-13 23:29:25 -04:00
* Fix handling very large stacks of sync middleware
2022-02-02 19:13:54 -06:00
* Ignore `Object.prototype` values in settings through `app.set` /`app.get`
2018-03-13 08:14:06 +02:00
* Invoke `default` with same arguments as types in `res.format`
2021-05-20 11:23:33 +07:00
* Support proper 205 responses using `res.send`
2022-03-27 23:41:31 -04:00
* Use `http-errors` for `res.format` error
2022-04-02 21:51:31 -04:00
* deps: body-parser@1 .20.0
- Fix error message for json parse whitespace in `strict`
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2 .0.0
- deps: http-errors@2 .0.0
- deps: on-finished@2 .4.1
- deps: qs@6 .10.3
- deps: raw-body@2 .5.1
2022-04-11 22:51:13 -04:00
* deps: cookie@0 .5.0
- Add `priority` option
- Fix `expires` option to reject invalid dates
2020-02-05 17:56:51 +01:00
* deps: depd@2 .0.0
- Replace internal `eval` usage with `Function` constructor
- Use instance methods on `process` to check for listeners
2022-03-25 01:46:32 -04:00
* deps: finalhandler@1 .2.0
- Remove set content headers that break response
- deps: on-finished@2 .4.1
- deps: statuses@2 .0.1
2022-04-03 01:15:37 -04:00
* deps: on-finished@2 .4.1
- Prevent loss of async hooks context
2022-04-02 21:56:41 -04:00
* deps: qs@6 .10.3
2022-03-25 01:43:45 -04:00
* deps: send@0 .18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2 .0.0
- deps: destroy@1 .2.0
- deps: http-errors@2 .0.0
- deps: on-finished@2 .4.1
- deps: statuses@2 .0.1
2022-03-25 01:44:51 -04:00
* deps: serve-static@1 .15.0
- deps: send@0 .18.0
2020-07-03 05:38:59 +02:00
* deps: statuses@2 .0.1
- Remove code 306
- Rename `425 Unordered Collection` to standard `425 Too Early`
2021-05-20 11:23:33 +07:00
2022-02-16 21:03:42 -05:00
4.17.3 / 2022-02-16
===================
2022-02-04 16:21:11 -05:00
* deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0 .6.3
2022-02-15 23:43:41 -05:00
* deps: body-parser@1 .19.2
- deps: bytes@3 .1.2
- deps: qs@6 .9.7
- deps: raw-body@2 .4.3
2022-02-04 16:35:50 -05:00
* deps: cookie@0 .4.2
2022-02-16 00:03:16 -05:00
* deps: qs@6 .9.7
* Fix handling of `__proto__` keys
2022-02-04 16:34:56 -05:00
* pref: remove unnecessary regexp for trust proxy
2022-02-04 16:21:11 -05:00
2021-12-16 22:40:49 -05:00
4.17.2 / 2021-12-16
===================
2020-07-03 07:56:39 +02:00
2021-11-16 23:58:17 -05:00
* Fix handling of `undefined` in `res.jsonp`
2021-11-03 10:58:25 +00:00
* Fix handling of `undefined` when `"json escape"` is enabled
2020-03-05 12:00:08 +01:00
* Fix incorrect middleware execution with unanchored `RegExp` s
2020-01-08 10:56:45 +09:00
* Fix `res.jsonp(obj, status)` deprecation message
2020-02-20 07:34:41 +01:00
* Fix typo in `res.is` JSDoc
2021-12-11 03:45:46 -05:00
* deps: body-parser@1 .19.1
- deps: bytes@3 .1.1
- deps: http-errors@1 .8.1
- deps: qs@6 .9.6
- deps: raw-body@2 .4.2
- deps: safe-buffer@5 .2.1
- deps: type-is@~1.6.18
2021-12-10 17:58:03 -05:00
* deps: content-disposition@0 .5.4
- deps: safe-buffer@5 .2.1
2020-07-03 05:56:52 +02:00
* deps: cookie@0 .4.1
- Fix `maxAge` option to reject invalid values
2021-11-17 16:16:04 -05:00
* deps: proxy-addr@~2.0.7
- Use `req.socket` over deprecated `req.connection`
- deps: forwarded@0 .2.0
2020-07-03 07:56:39 +02:00
- deps: ipaddr.js@1 .9.1
2021-12-15 20:48:00 -05:00
* deps: qs@6 .9.6
2021-12-10 17:56:56 -05:00
* deps: safe-buffer@5 .2.1
2021-12-11 20:19:38 -05:00
* deps: send@0 .17.2
- deps: http-errors@1 .8.1
- deps: ms@2 .1.3
- pref: ignore empty http tokens
2021-12-16 12:54:18 -05:00
* deps: serve-static@1 .14.2
- deps: send@0 .17.2
2019-07-17 22:09:17 -07:00
* deps: setprototypeof@1 .2.0
2020-07-03 07:56:39 +02:00
2019-05-26 00:24:55 -04:00
4.17.1 / 2019-05-25
===================
2019-05-25 18:15:13 -04:00
* Revert "Improve error message for `null` /`undefined` to `res.status` "
2019-05-16 21:25:42 -04:00
4.17.0 / 2019-05-16
===================
2018-03-04 04:56:32 +04:00
2018-08-08 07:42:00 +03:00
* Add `express.raw` to parse bodies into `Buffer`
2017-10-23 18:00:19 +03:00
* Add `express.text` to parse bodies into string
2018-03-04 04:56:32 +04:00
* Improve error message for non-strings to `res.sendFile`
2015-11-12 13:33:06 -05:00
* Improve error message for `null` /`undefined` to `res.status`
2017-12-03 19:52:46 +01:00
* Support multiple hosts in `X-Forwarded-Host`
2019-04-30 22:24:35 -04:00
* deps: accepts@~1.3.7
2019-04-30 23:31:32 -04:00
* deps: body-parser@1 .19.0
- Add encoding MIK
- Add petabyte (`pb` ) support
- Fix parsing array brackets after index
- deps: bytes@3 .1.0
- deps: http-errors@1 .7.2
- deps: iconv-lite@0 .4.24
- deps: qs@6 .7.0
- deps: raw-body@2 .4.0
- deps: type-is@~1.6.17
2019-04-17 16:00:02 -04:00
* deps: content-disposition@0 .5.3
2019-05-16 09:55:26 -04:00
* deps: cookie@0 .4.0
- Add `SameSite=None` support
2019-05-09 22:09:56 -04:00
* deps: finalhandler@~1.1.2
- Set stricter `Content-Security-Policy` header
- deps: parseurl@~1.3.3
- deps: statuses@~1.5.0
2019-04-17 16:06:35 -04:00
* deps: parseurl@~1.3.3
2019-04-17 16:05:17 -04:00
* deps: proxy-addr@~2.0.5
- deps: ipaddr.js@1 .9.0
2019-04-30 23:06:50 -04:00
* deps: qs@6 .7.0
- Fix parsing array brackets after index
2019-05-12 22:01:06 -04:00
* deps: range-parser@~1.2.1
2019-05-10 23:49:13 -04:00
* deps: send@0 .17.1
- Set stricter CSP header in redirect & error responses
2019-05-07 23:05:37 -04:00
- deps: http-errors@~1.7.2
- deps: mime@1 .6.0
- deps: ms@2 .1.1
2019-05-10 23:49:13 -04:00
- deps: range-parser@~1.2.1
2019-05-07 23:05:37 -04:00
- deps: statuses@~1.5.0
- perf: remove redundant `path.normalize` call
2019-05-11 19:29:33 -04:00
* deps: serve-static@1 .14.1
- Set stricter CSP header in redirect response
2019-05-07 23:42:36 -04:00
- deps: parseurl@~1.3.3
2019-05-11 19:29:33 -04:00
- deps: send@0 .17.1
2019-04-22 13:40:23 -04:00
* deps: setprototypeof@1 .1.1
2019-04-30 22:17:03 -04:00
* deps: statuses@~1.5.0
- Add `103 Early Hints`
2019-04-30 22:48:56 -04:00
* deps: type-is@~1.6.18
- deps: mime-types@~2.1.24
- perf: prevent internal `throw` on invalid type
2018-03-04 04:56:32 +04:00
2018-10-10 23:50:45 -04:00
4.16.4 / 2018-10-10
===================
2018-05-26 21:58:15 +02:00
2018-09-19 23:25:16 -04:00
* Fix issue where `"Request aborted"` may be logged in `res.sendfile`
2018-05-26 21:58:15 +02:00
* Fix JSDoc for `Router` constructor
2018-05-15 23:45:17 +02:00
* deps: body-parser@1 .18.3
- Fix deprecation warnings on Node.js 10+
- Fix stack trace for strict json parse error
- deps: depd@~1.1.2
- deps: http-errors@~1.6.3
- deps: iconv-lite@0 .4.23
- deps: qs@6 .5.2
- deps: raw-body@2 .3.3
- deps: type-is@~1.6.16
2018-09-19 12:40:40 -04:00
* deps: proxy-addr@~2.0.4
- deps: ipaddr.js@1 .8.0
2018-09-18 21:56:31 -04:00
* deps: qs@6 .5.2
2018-09-19 14:47:48 -04:00
* deps: safe-buffer@5 .1.2
2018-05-26 21:58:15 +02:00
2018-03-12 13:38:44 -04:00
4.16.3 / 2018-03-12
===================
2018-01-16 23:46:11 -05:00
2018-02-28 23:44:00 -05:00
* deps: accepts@~1.3.5
- deps: mime-types@~2.1.18
2018-01-16 23:46:11 -05:00
* deps: depd@~1.1.2
- perf: remove argument reassignment
2018-01-16 23:50:41 -05:00
* deps: encodeurl@~1.0.2
- Fix encoding `%` as last character
2018-03-12 11:20:19 -04:00
* deps: finalhandler@1 .1.1
- Fix 404 output for bad / missing pathnames
- deps: encodeurl@~1.0.2
- deps: statuses@~1.4.0
2018-02-26 23:18:07 -05:00
* deps: proxy-addr@~2.0.3
- deps: ipaddr.js@1 .6.0
2018-02-09 13:09:25 -05:00
* deps: send@0 .16.2
- Fix incorrect end tag in default error & redirects
- deps: depd@~1.1.2
- deps: encodeurl@~1.0.2
- deps: statuses@~1.4.0
2018-02-09 13:20:09 -05:00
* deps: serve-static@1 .13.2
- Fix incorrect end tag in redirects
- deps: encodeurl@~1.0.2
- deps: send@0 .16.2
2018-01-17 00:00:22 -05:00
* deps: statuses@~1.4.0
2018-02-28 19:55:34 -05:00
* deps: type-is@~1.6.16
- deps: mime-types@~2.1.18
2018-01-16 23:46:11 -05:00
2017-10-09 22:55:18 -04:00
4.16.2 / 2017-10-09
===================
2017-10-09 14:41:06 -05:00
* Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
2017-10-09 22:43:23 -04:00
* perf: skip parsing of entire `X-Forwarded-Proto` header
2017-10-09 14:41:06 -05:00
2017-09-29 16:23:23 -04:00
4.16.1 / 2017-09-29
===================
2017-09-29 15:56:55 -04:00
* deps: send@0 .16.1
2017-09-29 16:12:06 -04:00
* deps: serve-static@1 .13.1
- Fix regression when `root` is incorrectly set to a file
- deps: send@0 .16.1
2017-09-29 15:56:55 -04:00
2017-09-28 13:57:23 -04:00
4.16.0 / 2017-09-28
===================
2017-09-25 21:11:33 -04:00
2017-04-05 17:42:09 -04:00
* Add `"json escape"` setting for `res.json` and `res.jsonp`
2017-09-28 13:22:36 -04:00
* Add `express.json` and `express.urlencoded` to parse bodies
2017-10-04 23:09:22 -04:00
* Add `options` argument to `res.download`
2017-09-25 21:11:33 -04:00
* Improve error message when autoloading invalid view engine
2017-09-26 16:00:53 +02:00
* Improve error messages when non-function provided as middleware
2017-09-25 21:12:47 -04:00
* Skip `Buffer` encoding when not generating ETag for small response
2017-09-28 08:26:39 -04:00
* Use `safe-buffer` for improved Buffer API
2017-09-27 21:28:25 -04:00
* deps: accepts@~1.3.4
- deps: mime-types@~2.1.16
2017-09-27 21:30:08 -04:00
* deps: content-type@~1.0.4
- perf: remove argument reassignment
- perf: skip parameter parsing when no parameters
2017-09-27 21:30:43 -04:00
* deps: etag@~1.8.1
- perf: replace regular expression with substring
2017-09-28 00:42:05 -04:00
* deps: finalhandler@1 .1.0
- Use `res.headersSent` when available
2017-09-28 00:04:47 -04:00
* deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the "fast-path" `RegExp`
2017-09-28 01:18:04 -04:00
* deps: proxy-addr@~2.0.2
- Fix trimming leading / trailing OWS in `X-Forwarded-For`
- deps: forwarded@~0.1.2
- deps: ipaddr.js@1 .5.2
- perf: reduce overhead when no `X-Forwarded-For` header
2017-09-27 21:31:39 -04:00
* deps: qs@6 .5.1
- Fix parsing & compacting very deep objects
2017-09-28 11:25:52 +02:00
* deps: send@0 .16.0
- Add 70 new types for file extensions
- Add `immutable` option
- Fix missing `</html>` in default error & redirects
- Set charset as "UTF-8" for .js and .json
- Use instance methods on steam to check for listeners
- deps: mime@1 .4.1
- perf: improve path validation speed
2017-09-28 13:08:38 -04:00
* deps: serve-static@1 .13.0
- Add 70 new types for file extensions
- Add `immutable` option
- Set charset as "UTF-8" for .js and .json
- deps: send@0 .16.0
2017-09-25 21:14:00 -04:00
* deps: setprototypeof@1 .1.0
2017-09-28 00:19:30 -04:00
* deps: utils-merge@1 .0.1
2017-09-28 12:25:27 +08:00
* deps: vary@~1.1.2
- perf: improve header token parsing speed
2017-05-18 11:04:27 -07:00
* perf: re-use options object when generating ETags
2017-09-28 10:30:10 -04:00
* perf: remove dead `.charset` set in `res.jsonp`
2017-09-25 21:11:33 -04:00
2017-09-25 01:04:38 -04:00
4.15.5 / 2017-09-24
===================
2017-09-21 20:45:32 -04:00
2017-09-22 20:25:18 -04:00
* deps: debug@2 .6.9
2017-09-22 20:26:30 -04:00
* deps: finalhandler@~1.0.6
- deps: debug@2 .6.9
- deps: parseurl@~1.3.2
2017-09-21 20:45:32 -04:00
* deps: fresh@0 .5.2
- Fix handling of modified headers with invalid dates
- perf: improve ETag match loop
- perf: improve `If-None-Match` token parsing
2017-09-22 20:27:37 -04:00
* deps: send@0 .15.6
2017-09-21 20:46:42 -04:00
- Fix handling of modified headers with invalid dates
2017-09-22 20:27:37 -04:00
- deps: debug@2 .6.9
2017-09-21 20:46:42 -04:00
- deps: etag@~1.8.1
- deps: fresh@0 .5.2
2017-09-22 20:27:37 -04:00
- perf: improve `If-Match` token parsing
2017-09-22 20:28:52 -04:00
* deps: serve-static@1 .12.6
2017-09-21 20:48:23 -04:00
- deps: parseurl@~1.3.2
2017-09-22 20:28:52 -04:00
- deps: send@0 .15.6
- perf: improve slash collapsing
2017-09-21 20:45:32 -04:00
2017-08-06 22:03:53 -04:00
4.15.4 / 2017-08-06
===================
2017-06-30 23:47:12 -04:00
2017-06-30 23:51:18 -04:00
* deps: debug@2 .6.8
2017-08-02 23:30:47 -04:00
* deps: depd@~1.1.1
- Remove unnecessary `Buffer` loading
2017-08-04 00:25:59 -04:00
* deps: finalhandler@~1.0.4
- deps: debug@2 .6.8
2017-07-26 13:09:46 -04:00
* deps: proxy-addr@~1.1.5
- Fix array argument being altered
- deps: ipaddr.js@1 .4.0
2017-06-30 23:47:12 -04:00
* deps: qs@6 .5.0
2017-08-06 02:37:10 -04:00
* deps: send@0 .15.4
- deps: debug@2 .6.8
- deps: depd@~1.1.1
- deps: http-errors@~1.6.2
2017-08-06 02:38:02 -04:00
* deps: serve-static@1 .12.4
- deps: send@0 .15.4
2017-06-30 23:47:12 -04:00
2017-05-17 02:14:11 -04:00
4.15.3 / 2017-05-16
===================
2017-03-14 23:53:19 -04:00
2017-05-10 16:23:55 -04:00
* Fix error when `res.set` cannot add charset to `Content-Type`
2017-05-17 02:08:50 -04:00
* deps: debug@2 .6.7
- Fix `DEBUG_MAX_ARRAY_LENGTH`
- deps: ms@2 .0.0
2017-05-17 01:56:36 -04:00
* deps: finalhandler@~1.0.3
2017-03-22 02:12:06 -04:00
- Fix missing `</html>` in HTML document
2017-05-17 01:56:36 -04:00
- deps: debug@2 .6.7
2017-03-28 22:56:32 -04:00
* deps: proxy-addr@~1.1.4
- deps: ipaddr.js@1 .3.0
2017-05-17 01:46:34 -04:00
* deps: send@0 .15.3
- deps: debug@2 .6.7
- deps: ms@2 .0.0
2017-05-17 01:47:17 -04:00
* deps: serve-static@1 .12.3
- deps: send@0 .15.3
2017-04-26 23:49:41 -04:00
* deps: type-is@~1.6.15
- deps: mime-types@~2.1.15
2017-03-22 02:10:43 -04:00
* deps: vary@~1.1.1
- perf: hoist regular expression
2017-03-14 23:53:19 -04:00
2017-03-06 08:34:38 -05:00
4.15.2 / 2017-03-06
===================
2017-03-06 08:32:13 -05:00
* deps: qs@6 .4.0
- Fix regression parsing keys starting with `[`
2017-03-05 23:19:32 -05:00
4.15.1 / 2017-03-05
===================
2017-03-05 00:06:59 -05:00
* deps: send@0 .15.1
- Fix issue when `Date.parse` does not return `NaN` on invalid date
- Fix strict violation in broken environments
2017-03-05 00:08:16 -05:00
* deps: serve-static@1 .12.1
- Fix issue when `Date.parse` does not return `NaN` on invalid date
- deps: send@0 .15.1
2017-03-05 00:06:59 -05:00
2017-03-01 17:22:18 -05:00
4.15.0 / 2017-03-01
===================
2016-12-25 19:28:15 +01:00
* Add debug message when loading view engine
2015-11-12 16:17:47 -08:00
* Add `next("router")` to exit from router
2017-02-26 13:59:47 -05:00
* Fix case where `router.use` skipped requests routes did not
2017-02-20 21:39:22 -05:00
* Remove usage of `res._headers` private field
- Improves compatibility with Node.js 8 nightly
2017-02-22 23:42:57 -05:00
* Skip routing when `req.url` is not set
2017-02-26 13:45:35 -05:00
* Use `%o` in path debug to tell types apart
2017-02-23 01:52:49 -05:00
* Use `Object.create` to setup request & response prototypes
2017-02-23 01:56:58 -05:00
* Use `setprototypeof` module to replace `__proto__` setting
2017-02-20 15:32:33 -06:00
* Use `statuses` instead of `http` module for status messages
2017-02-16 01:22:17 -05:00
* deps: debug@2 .6.1
- Allow colors in workers
- Deprecated `DEBUG_FD` environment variable set to `3` or higher
- Fix error when running under React Native
- Use same color for same namespace
- deps: ms@0 .7.2
2017-02-18 22:49:04 -05:00
* deps: etag@~1.8.0
- Use SHA1 instead of MD5 for ETag hashing
- Works with FIPS 140-2 OpenSSL configuration
2017-02-18 22:14:58 -05:00
* deps: finalhandler@~1.0.0
- Fix exception when `err` cannot be converted to a string
- Fully URL-encode the pathname in the 404
- Only include the pathname in the 404 message
- Send complete HTML document
- Set `Content-Security-Policy: default-src 'self'` header
- deps: debug@2 .6.1
2017-02-22 02:11:06 -05:00
* deps: fresh@0 .5.0
- Fix false detection of `no-cache` request directive
- Fix incorrect result when `If-None-Match` has both `*` and ETags
- Fix weak `ETag` matching to match spec
- perf: delay reading header values until needed
- perf: enable strict mode
- perf: hoist regular expressions
- perf: remove duplicate conditional
- perf: remove unnecessary boolean coercions
- perf: skip checking modified time if ETag check failed
- perf: skip parsing `If-None-Match` when no `ETag` header
- perf: use `Date.parse` instead of `new Date`
2017-02-16 01:23:51 -05:00
* deps: qs@6 .3.1
- Fix array parsing from skipping empty values
- Fix compacting nested arrays
2017-02-25 17:53:34 -05:00
* deps: send@0 .15.0
- Fix false detection of `no-cache` request directive
- Fix incorrect result when `If-None-Match` has both `*` and ETags
- Fix weak `ETag` matching to match spec
- Remove usage of `res._headers` private field
- Support `If-Match` and `If-Unmodified-Since` headers
- Use `res.getHeaderNames()` when available
- Use `res.headersSent` when available
- deps: debug@2 .6.1
- deps: etag@~1.8.0
- deps: fresh@0 .5.0
- deps: http-errors@~1.6.1
2017-02-25 19:31:39 -05:00
* deps: serve-static@1 .12.0
- Fix false detection of `no-cache` request directive
- Fix incorrect result when `If-None-Match` has both `*` and ETags
- Fix weak `ETag` matching to match spec
- Remove usage of `res._headers` private field
- Send complete HTML document in redirect response
- Set default CSP header in redirect response
- Support `If-Match` and `If-Unmodified-Since` headers
- Use `res.getHeaderNames()` when available
- Use `res.headersSent` when available
- deps: send@0 .15.0
2017-02-26 13:32:21 -05:00
* perf: add fast match path for `*` route
2015-08-04 00:28:54 +02:00
* perf: improve `req.ips` performance
2016-12-25 19:28:15 +01:00
2017-01-28 17:21:24 -05:00
4.14.1 / 2017-01-28
===================
2017-01-21 00:39:46 -05:00
* deps: content-disposition@0 .5.2
2017-01-21 01:05:17 -05:00
* deps: finalhandler@0 .5.1
- Fix exception when `err.headers` is not an object
- deps: statuses@~1.3.1
- perf: hoist regular expressions
- perf: remove duplicate validation path
2017-01-21 01:00:52 -05:00
* deps: proxy-addr@~1.1.3
- deps: ipaddr.js@1 .2.0
2017-01-23 10:43:11 -05:00
* deps: send@0 .14.2
- deps: http-errors@~1.5.1
- deps: ms@0 .7.2
- deps: statuses@~1.3.1
2017-01-24 07:40:20 -08:00
* deps: serve-static@~1.11.2
- deps: send@0 .14.2
2017-01-26 22:54:05 -05:00
* deps: type-is@~1.6.14
- deps: mime-types@~2.1.13
2017-01-21 00:39:46 -05:00
2016-06-16 11:03:44 -04:00
4.14.0 / 2016-06-16
===================
2016-05-23 23:15:52 -04:00
2016-06-12 22:33:44 -04:00
* Add `acceptRanges` option to `res.sendFile` /`res.sendfile`
* Add `cacheControl` option to `res.sendFile` /`res.sendfile`
2016-06-01 19:13:36 -04:00
* Add `options` argument to `req.range`
- Includes the `combine` option
2016-06-13 23:23:29 -04:00
* Encode URL in `res.location` /`res.redirect` if not already encoded
2016-06-12 22:33:44 -04:00
* Fix some redirect handling in `res.sendFile` /`res.sendfile`
2016-06-01 12:56:27 +08:00
* Fix Windows absolute path check using forward slashes
2016-06-03 00:07:34 -04:00
* Improve error with invalid arguments to `req.get()`
2016-02-22 06:22:35 +08:00
* Improve performance for `res.json` /`res.jsonp` in most cases
2016-06-12 22:33:44 -04:00
* Improve `Range` header handling in `res.sendFile` /`res.sendfile`
2016-05-23 23:15:52 -04:00
* deps: accepts@~1.3.3
- Fix including type extensions in parameters in `Accept` parsing
- Fix parsing `Accept` parameters with quoted equals
- Fix parsing `Accept` parameters with quoted semicolons
2018-11-26 20:00:47 -07:00
- Many performance improvements
2016-05-23 23:15:52 -04:00
- deps: mime-types@~2.1.11
- deps: negotiator@0 .6.1
2016-05-23 23:18:41 -04:00
* deps: content-type@~1.0.2
- perf: enable strict mode
2016-05-31 00:08:16 -04:00
* deps: cookie@0 .3.1
- Add `sameSite` option
- Fix cookie `Max-Age` to never be a floating point number
- Improve error message when `encode` is not a function
- Improve error message when `expires` is not a `Date`
- Throw better error for invalid argument to parse
- Throw on invalid values provided to `serialize`
- perf: enable strict mode
- perf: hoist regular expression
- perf: use for loop in parse
2018-11-26 20:00:47 -07:00
- perf: use string concatenation for serialization
2016-06-15 18:12:19 -04:00
* deps: finalhandler@0 .5.0
- Change invalid or non-numeric status code to 500
- Overwrite status message to match set status code
- Prefer `err.statusCode` if `err.status` is invalid
- Set response headers from `err.headers` object
- Use `statuses` instead of `http` module for status messages
2016-05-31 00:12:54 -04:00
* deps: proxy-addr@~1.1.2
- Fix accepting various invalid netmasks
- Fix IPv6-mapped IPv4 validation edge cases
2018-11-26 20:00:47 -07:00
- IPv4 netmasks must be contiguous
2016-05-31 00:12:54 -04:00
- IPv6 addresses cannot be used as a netmask
- deps: ipaddr.js@1 .1.1
2016-05-31 14:28:20 -04:00
* deps: qs@6 .2.0
- Add `decoder` option in `parse` function
2016-06-01 18:54:11 -04:00
* deps: range-parser@~1.2.0
- Add `combine` option to combine overlapping ranges
- Fix incorrectly returning -1 when there is at least one valid range
- perf: remove internal function
2016-06-12 22:33:44 -04:00
* deps: send@0 .14.1
- Add `acceptRanges` option
- Add `cacheControl` option
- Attempt to combine multiple ranges into single range
- Correctly inherit from `Stream` class
- Fix `Content-Range` header in 416 responses when using `start` /`end` options
- Fix `Content-Range` header missing from default 416 responses
- Fix redirect error when `path` contains raw non-URL characters
- Fix redirect when `path` starts with multiple forward slashes
- Ignore non-byte `Range` headers
- deps: http-errors@~1.5.0
- deps: range-parser@~1.2.0
- deps: statuses@~1.3.0
- perf: remove argument reassignment
2016-06-12 22:38:20 -04:00
* deps: serve-static@~1.11.1
- Add `acceptRanges` option
- Add `cacheControl` option
- Attempt to combine multiple ranges into single range
- Fix redirect error when `req.url` contains raw non-URL characters
- Ignore non-byte `Range` headers
- Use status code 301 for redirects
- deps: send@0 .14.1
2016-05-31 14:25:41 -04:00
* deps: type-is@~1.6.13
- Fix type error when given invalid type to match against
- deps: mime-types@~2.1.11
2016-05-29 14:25:27 -04:00
* deps: vary@~1.1.0
- Only accept valid field names in the `field` argument
2015-08-03 23:21:38 +02:00
* perf: use strict equality when possible
2016-05-23 23:15:52 -04:00
2016-01-21 21:10:45 -05:00
4.13.4 / 2016-01-21
===================
2015-11-13 10:04:40 +03:00
2016-01-17 18:00:59 -05:00
* deps: content-disposition@0 .5.1
- perf: enable strict mode
2015-11-13 10:04:40 +03:00
* deps: cookie@0 .1.5
- Throw on invalid values provided to `serialize`
2016-01-16 23:57:07 -05:00
* deps: depd@~1.1.0
- Support web browser loading
- perf: enable strict mode
2015-12-17 20:51:32 -05:00
* deps: escape-html@~1.0.3
- perf: enable strict mode
- perf: optimize string replacement
- perf: use faster string coercion
2015-12-17 20:56:04 -05:00
* deps: finalhandler@0 .4.1
- deps: escape-html@~1.0.3
2016-01-17 18:51:24 -05:00
* deps: merge-descriptors@1 .0.1
- perf: enable strict mode
2016-01-17 22:17:13 -05:00
* deps: methods@~1.1.2
- perf: enable strict mode
2016-01-20 00:58:09 -05:00
* deps: parseurl@~1.3.1
- perf: enable strict mode
2015-12-17 20:58:41 -05:00
* deps: proxy-addr@~1.0.10
- deps: ipaddr.js@1 .0.5
- perf: enable strict mode
2015-12-17 20:59:12 -05:00
* deps: range-parser@~1.0.3
- perf: enable strict mode
2016-01-16 23:56:09 -05:00
* deps: send@0 .13.1
- deps: depd@~1.1.0
- deps: destroy@~1.0.4
- deps: escape-html@~1.0.3
- deps: range-parser@~1.0.3
2016-01-20 00:56:56 -05:00
* deps: serve-static@~1.10.2
2016-01-16 23:54:41 -05:00
- deps: escape-html@~1.0.3
2016-01-20 00:56:56 -05:00
- deps: parseurl@~1.3.0
2016-01-16 23:54:41 -05:00
- deps: send@0 .13.1
2015-11-13 10:04:40 +03:00
2015-08-03 01:02:22 -04:00
4.13.3 / 2015-08-02
===================
2015-08-03 00:50:48 -04:00
* Fix infinite loop condition using `mergeParams: true`
2015-08-03 01:01:16 -04:00
* Fix inner numeric indices incorrectly altering parent `req.params`
2015-08-03 00:50:48 -04:00
2015-07-31 17:09:15 -04:00
4.13.2 / 2015-07-31
===================
2015-07-28 23:24:00 -04:00
2015-07-31 17:01:35 -04:00
* deps: accepts@~1.2.12
- deps: mime-types@~2.1.4
2015-07-28 23:24:00 -04:00
* deps: array-flatten@1 .1.1
- perf: enable strict mode
2015-07-28 13:15:34 +10:00
* deps: path-to-regexp@0 .1.7
- Fix regression with escaped round brackets and matching groups
2015-07-31 17:02:10 -04:00
* deps: type-is@~1.6.6
- deps: mime-types@~2.1.4
2015-07-28 23:24:00 -04:00
2015-07-06 01:38:44 -04:00
4.13.1 / 2015-07-05
===================
2015-07-06 00:59:27 -04:00
2015-07-06 01:00:12 -04:00
* deps: accepts@~1.2.10
- deps: mime-types@~2.1.2
2015-07-06 01:20:09 -04:00
* deps: qs@4 .0.0
- Fix dropping parameters like `hasOwnProperty`
- Fix various parsing edge cases
2015-07-06 00:59:27 -04:00
* deps: type-is@~1.6.4
- deps: mime-types@~2.1.2
- perf: enable strict mode
- perf: remove argument reassignment
2015-06-21 01:46:44 -04:00
4.13.0 / 2015-06-20
===================
2015-06-18 22:10:21 -04:00
2015-06-20 16:21:12 -04:00
* Add settings to debug output
2015-05-29 17:13:15 -04:00
* Fix `res.format` error when only `default` provided
2015-05-19 22:37:06 +03:00
* Fix issue where `next('route')` in `app.param` would incorrectly skip values
2015-06-20 15:20:35 -04:00
* Fix hiding platform issues with `decodeURIComponent`
- Only `URIError` s are a 400
2015-06-19 22:13:57 +10:00
* Fix using `*` before params in routes
* Fix using capture groups before params in routes
2015-06-20 14:38:30 -04:00
* Simplify `res.cookie` to call `res.append`
2015-04-22 17:36:55 +10:00
* Use `array-flatten` module for flattening arrays
2015-06-18 22:43:51 -04:00
* deps: accepts@~1.2.9
- deps: mime-types@~2.1.1
- perf: avoid argument reassignment & argument slice
- perf: avoid negotiator recursive construction
- perf: enable strict mode
- perf: remove unnecessary bitwise operator
2015-06-18 22:10:21 -04:00
* deps: cookie@0 .1.3
- perf: deduce the scope of try-catch deopt
- perf: remove argument reassignments
* deps: escape-html@1 .0.2
* deps: etag@~1.7.0
- Always include entity length in ETags for hash length extensions
- Generate non-Stats ETags using MD5 only (no longer CRC32)
- Improve stat performance by removing hashing
- Improve support for JXcore
- Remove base64 padding in ETags to shorten
- Support "fake" stats objects in environments without fs
- Use MD5 instead of MD4 in weak ETags over 1KB
2015-06-18 22:39:57 -04:00
* deps: finalhandler@0 .4.0
- Fix a false-positive when unpiping in Node.js 0.8
- Support `statusCode` property on `Error` objects
- Use `unpipe` module for unpiping requests
- deps: escape-html@1 .0.2
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove argument reassignment
2015-06-18 22:10:21 -04:00
* deps: fresh@0 .3.0
- Add weak `ETag` matching support
2015-06-18 22:41:28 -04:00
* deps: on-finished@~2.3.0
- Add defined behavior for HTTP `CONNECT` requests
- Add defined behavior for HTTP `Upgrade` requests
- deps: ee-first@1 .1.1
2015-06-19 22:13:57 +10:00
* deps: path-to-regexp@0 .1.6
2015-06-18 22:10:21 -04:00
* deps: send@0 .13.0
- Allow Node.js HTTP server to set `Date` response header
- Fix incorrectly removing `Content-Location` on 304 response
- Improve the default redirect response headers
- Send appropriate headers on default error response
- Use `http-errors` for standard emitted errors
- Use `statuses` instead of `http` module for status messages
- deps: escape-html@1 .0.2
- deps: etag@~1.7.0
- deps: fresh@0 .3.0
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove unnecessary array allocations
2015-06-18 22:26:48 -04:00
* deps: serve-static@~1.10.0
- Add `fallthrough` option
- Fix reading options from options prototype
- Improve the default redirect response headers
- Malformed URLs now `next()` instead of 400
- deps: escape-html@1 .0.2
- deps: send@0 .13.0
- perf: enable strict mode
- perf: remove argument reassignment
2015-06-18 22:42:19 -04:00
* deps: type-is@~1.6.3
- deps: mime-types@~2.1.1
- perf: reduce try block size
- perf: remove bitwise operations
2015-06-18 23:01:18 -04:00
* perf: enable strict mode
2015-06-20 13:36:40 -04:00
* perf: isolate `app.render` try block
2015-06-20 13:31:03 -04:00
* perf: remove argument reassignments in application
2015-06-20 13:48:58 -04:00
* perf: remove argument reassignments in request prototype
2015-06-20 14:36:48 -04:00
* perf: remove argument reassignments in response prototype
2015-06-20 16:13:59 -04:00
* perf: remove argument reassignments in routing
2015-06-20 13:06:08 -04:00
* perf: remove argument reassignments in `View`
2015-06-20 15:23:35 -04:00
* perf: skip attempting to decode zero length string
2015-03-23 07:31:21 -04:00
* perf: use saved reference to `http.STATUS_CODES`
2015-06-18 22:10:21 -04:00
2015-05-18 00:38:34 -04:00
4.12.4 / 2015-05-17
===================
2015-05-18 00:12:01 -04:00
2015-05-18 00:19:43 -04:00
* deps: accepts@~1.2.7
- deps: mime-types@~2.0.11
- deps: negotiator@0 .5.3
2015-05-18 00:12:01 -04:00
* deps: debug@~2.2.0
- deps: ms@0 .7.1
* deps: depd@~1.0.1
2015-05-18 00:24:03 -04:00
* deps: etag@~1.6.0
- Improve support for JXcore
- Support "fake" stats objects in environments without `fs`
2015-05-18 00:15:11 -04:00
* deps: finalhandler@0 .3.6
- deps: debug@~2.2.0
- deps: on-finished@~2.2.1
2015-05-18 00:18:19 -04:00
* deps: on-finished@~2.2.1
- Fix `isFinished(req)` when data buffered
2015-05-18 00:12:01 -04:00
* deps: proxy-addr@~1.0.8
- deps: ipaddr.js@1 .0.1
2015-05-18 00:17:10 -04:00
* deps: qs@2 .4.2
- Fix allowing parameters like `constructor`
2015-05-18 00:12:01 -04:00
* deps: send@0 .12.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- deps: ms@0 .7.1
- deps: on-finished@~2.2.1
2015-05-18 00:13:48 -04:00
* deps: serve-static@~1.9.3
- deps: send@0 .12.3
2015-05-18 00:16:14 -04:00
* deps: type-is@~1.6.2
- deps: mime-types@~2.0.11
2015-05-18 00:12:01 -04:00
2015-03-17 10:59:48 -04:00
4.12.3 / 2015-03-17
===================
2015-03-17 01:52:23 -04:00
2015-03-17 02:00:03 -04:00
* deps: accepts@~1.2.5
- deps: mime-types@~2.0.10
2015-03-17 01:52:23 -04:00
* deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0 .7.0
2015-03-17 01:58:25 -04:00
* deps: finalhandler@0 .3.4
- deps: debug@~2.1.3
2015-03-17 01:52:23 -04:00
* deps: proxy-addr@~1.0.7
- deps: ipaddr.js@0 .1.9
2015-03-17 02:00:56 -04:00
* deps: qs@2 .4.1
- Fix error when parameter `hasOwnProperty` is present
2015-03-17 01:52:23 -04:00
* deps: send@0 .12.2
- Throw errors early for invalid `extensions` or `index` options
- deps: debug@~2.1.3
2015-03-17 01:57:36 -04:00
* deps: serve-static@~1.9.2
- deps: send@0 .12.2
2015-03-17 01:59:10 -04:00
* deps: type-is@~1.6.1
- deps: mime-types@~2.0.10
2015-03-17 01:52:23 -04:00
2015-03-03 00:06:24 -05:00
4.12.2 / 2015-03-02
===================
2015-03-02 13:11:31 -05:00
* Fix regression where `"Request aborted"` is logged using `res.sendFile`
2015-03-01 19:11:02 -05:00
4.12.1 / 2015-03-01
===================
2015-02-28 23:29:23 -05:00
2015-03-01 16:33:09 -05:00
* Fix constructing application with non-configurable prototype properties
2015-03-01 17:28:48 -05:00
* Fix `ECONNRESET` errors from `res.sendFile` usage
2015-02-28 23:29:23 -05:00
* Fix `req.host` when using "trust proxy" hops count
* Fix `req.protocol` /`req.secure` when using "trust proxy" hops count
2015-03-01 17:27:50 -05:00
* Fix wrong `code` on aborted connections from `res.sendFile`
2015-03-01 16:33:09 -05:00
* deps: merge-descriptors@1 .0.0
2015-02-28 23:29:23 -05:00
2015-02-23 00:56:49 -05:00
4.12.0 / 2015-02-23
===================
2015-02-18 22:33:47 -05:00
* Fix `"trust proxy"` setting to inherit when app is mounted
* Generate `ETag` s for all request responses
- No longer restricted to only responses for `GET` and `HEAD` requests
* Use `content-type` to parse `Content-Type` headers
2015-02-18 22:36:20 -05:00
* deps: accepts@~1.2.4
- Fix preference sorting to be stable for long acceptable lists
- deps: mime-types@~2.0.9
- deps: negotiator@0 .5.1
2015-02-18 22:33:47 -05:00
* deps: cookie-signature@1 .0.6
* deps: send@0 .12.1
- Always read the stat size from the file
- Fix mutating passed-in `options`
- deps: mime@1 .3.4
2015-02-18 22:48:25 -05:00
* deps: serve-static@~1.9.1
- deps: send@0 .12.1
2015-02-18 22:46:34 -05:00
* deps: type-is@~1.6.0
- fix argument reassignment
- fix false-positives in `hasBody` `Transfer-Encoding` check
- support wildcard for both type and subtype (`*/*` )
- deps: mime-types@~2.0.9
2015-02-18 22:33:47 -05:00
2015-02-01 15:39:08 -05:00
4.11.2 / 2015-02-01
===================
2015-01-31 17:26:35 -05:00
2015-01-31 16:23:18 -05:00
* Fix `res.redirect` double-calling `res.end` for `HEAD` requests
2015-02-01 15:26:04 -05:00
* deps: accepts@~1.2.3
- deps: mime-types@~2.0.8
2015-02-01 15:23:53 -05:00
* deps: proxy-addr@~1.0.6
- deps: ipaddr.js@0 .1.8
2015-01-31 17:26:35 -05:00
* deps: type-is@~1.5.6
- deps: mime-types@~2.0.8
2015-01-21 03:31:11 -05:00
4.11.1 / 2015-01-20
===================
2015-01-21 03:24:31 -05:00
* deps: send@0 .11.1
- Fix root path disclosure
2015-01-21 03:25:25 -05:00
* deps: serve-static@~1.8.1
- Fix redirect loop in Node.js 0.11.14
- Fix root path disclosure
- deps: send@0 .11.1
2015-01-21 03:24:31 -05:00
2015-01-13 22:51:55 -05:00
4.11.0 / 2015-01-13
===================
2014-11-23 22:30:58 -05:00
2015-01-13 21:05:43 -05:00
* Add `res.append(field, val)` to append headers
2014-11-23 22:30:58 -05:00
* Deprecate leading `:` in `name` for `app.param(name, fn)`
2015-01-13 19:17:33 -05:00
* Deprecate `req.param()` -- use `req.params` , `req.body` , or `req.query` instead
2015-01-13 19:28:06 -05:00
* Deprecate `app.param(fn)`
2015-01-13 13:26:19 -05:00
* Fix `OPTIONS` responses to include the `HEAD` method properly
2015-01-13 15:01:32 -05:00
* Fix `res.sendFile` not always detecting aborted connection
2014-10-24 01:04:41 -04:00
* Match routes iteratively to prevent stack overflows
2015-01-13 22:16:00 -05:00
* deps: accepts@~1.2.2
- deps: mime-types@~2.0.7
- deps: negotiator@0 .5.0
2015-01-13 22:14:26 -05:00
* deps: send@0 .11.0
- deps: debug@~2.1.1
- deps: etag@~1.5.1
- deps: ms@0 .7.0
- deps: on-finished@~2.2.0
2015-01-13 22:18:02 -05:00
* deps: serve-static@~1.8.0
- deps: send@0 .11.0
2014-11-23 22:30:58 -05:00
2015-01-13 12:38:09 -05:00
4.10.8 / 2015-01-13
===================
2015-01-11 12:09:34 -05:00
2015-01-12 18:00:49 -05:00
* Fix crash from error within `OPTIONS` response handler
2015-01-11 12:09:34 -05:00
* deps: proxy-addr@~1.0.5
- deps: ipaddr.js@0 .1.6
2015-01-04 19:33:31 -05:00
4.10.7 / 2015-01-04
===================
2015-01-04 17:40:22 -05:00
2015-01-04 19:07:21 -05:00
* Fix `Allow` header for `OPTIONS` to not contain duplicate methods
2015-01-04 18:26:15 -05:00
* Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
2015-01-04 17:47:25 -05:00
* deps: debug@~2.1.1
2015-01-04 17:40:22 -05:00
* deps: finalhandler@0 .3.3
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0
2015-01-04 17:42:57 -05:00
* deps: methods@~1.1.1
2015-01-04 17:46:41 -05:00
* deps: on-finished@~2.2.0
2015-01-04 17:49:39 -05:00
* deps: serve-static@~1.7.2
- Fix potential open redirect when mounted at root
2015-01-04 17:50:42 -05:00
* deps: type-is@~1.5.5
- deps: mime-types@~2.0.7
2015-01-04 17:40:22 -05:00
2014-12-12 23:13:34 -05:00
4.10.6 / 2014-12-12
===================
2014-12-12 22:06:21 -05:00
* Fix exception in `req.fresh` /`req.stale` without response headers
2014-12-10 23:53:31 -05:00
4.10.5 / 2014-12-10
===================
2014-12-10 12:25:43 -05:00
* Fix `res.send` double-calling `res.end` for `HEAD` requests
2014-12-10 23:49:34 -05:00
* deps: accepts@~1.1.4
2014-12-10 23:50:58 -05:00
- deps: mime-types@~2.0.4
* deps: type-is@~1.5.4
2014-12-10 23:49:34 -05:00
- deps: mime-types@~2.0.4
2014-12-10 12:25:43 -05:00
2014-11-25 00:17:24 -05:00
4.10.4 / 2014-11-24
===================
2014-11-24 23:28:37 -05:00
* Fix `res.sendfile` logging standard write errors
2014-11-23 18:48:55 -05:00
4.10.3 / 2014-11-23
===================
2014-11-23 15:54:20 -05:00
2014-11-23 16:53:11 -05:00
* Fix `res.sendFile` logging standard write errors
2014-11-23 15:54:20 -05:00
* deps: etag@~1.5.1
* deps: proxy-addr@~1.0.4
- deps: ipaddr.js@0 .1.5
2014-11-23 15:56:59 -05:00
* deps: qs@2 .3.3
- Fix `arrayLimit` behavior
2014-11-23 15:54:20 -05:00
2014-11-09 19:09:24 -05:00
4.10.2 / 2014-11-09
===================
2014-11-09 18:41:01 -05:00
2014-11-09 18:50:00 -05:00
* Correctly invoke async router callback asynchronously
2014-11-09 18:41:01 -05:00
* deps: accepts@~1.1.3
- deps: mime-types@~2.0.3
2014-11-09 18:42:33 -05:00
* deps: type-is@~1.5.3
- deps: mime-types@~2.0.3
2014-11-09 18:41:01 -05:00
2014-10-29 01:15:58 -04:00
4.10.1 / 2014-10-28
===================
2014-10-28 23:39:03 -04:00
* Fix handling of URLs containing `://` in the path
2014-10-29 01:14:44 -04:00
* deps: qs@2 .3.2
- Fix parsing of mixed objects and values
2014-10-28 23:39:03 -04:00
2014-10-23 22:27:45 -04:00
4.10.0 / 2014-10-23
===================
2014-10-17 21:13:06 -04:00
2014-10-23 17:18:26 -04:00
* Add support for `app.set('views', array)`
- Views are looked up in sequence in array of directories
2014-10-23 01:35:16 -04:00
* Fix `res.send(status)` to mention `res.sendStatus(status)`
2014-10-23 21:33:38 -04:00
* Fix handling of invalid empty URLs
2014-10-17 23:45:58 -04:00
* Use `content-disposition` module for `res.attachment` /`res.download`
- Sends standards-compliant `Content-Disposition` header
- Full Unicode support
2014-10-23 15:55:17 -04:00
* Use `path.resolve` in view lookup
2014-10-23 02:05:55 -04:00
* deps: debug@~2.1.0
- Implement `DEBUG_FD` env variable support
* deps: depd@~1.0.0
2014-10-17 21:13:06 -04:00
* deps: etag@~1.5.0
- Improve string performance
- Slightly improve speed for weak ETags over 1KB
2014-10-23 01:37:00 -04:00
* deps: finalhandler@0 .3.2
2014-10-17 21:26:47 -04:00
- Terminate in progress response only on error
- Use `on-finished` to determine request status
- deps: debug@~2.1.0
2014-10-23 01:37:00 -04:00
- deps: on-finished@~2.1.1
2014-10-23 01:45:58 -04:00
* deps: on-finished@~2.1.1
- Fix handling of pipelined requests
2014-10-23 01:38:48 -04:00
* deps: qs@2 .3.0
- Fix parsing of mixed implicit and explicit arrays
2014-10-23 02:05:55 -04:00
* deps: send@0 .10.1
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: etag@~1.5.0
- deps: on-finished@~2.1.1
2014-10-23 01:43:19 -04:00
* deps: serve-static@~1.7.1
- deps: send@0 .10.1
2014-10-17 21:13:06 -04:00
2014-10-17 22:01:51 -04:00
4.9.8 / 2014-10-17
==================
2014-10-16 01:29:00 -04:00
2014-10-18 01:12:47 +00:00
* Fix `res.redirect` body when redirect status specified
2014-10-16 01:29:00 -04:00
* deps: accepts@~1.1.2
- Fix error when media type has invalid parameter
- deps: negotiator@0 .4.9
2014-10-10 16:40:46 -04:00
4.9.7 / 2014-10-10
==================
2014-10-10 16:31:09 -04:00
* Fix using same param name in array of paths
2014-10-08 22:33:13 -04:00
4.9.6 / 2014-10-08
==================
2014-10-08 21:48:27 -04:00
* deps: accepts@~1.1.1
- deps: mime-types@~2.0.2
- deps: negotiator@0 .4.8
2014-10-08 21:50:08 -04:00
* deps: serve-static@~1.6.4
- Fix redirect loop when index file serving disabled
2014-10-08 21:51:10 -04:00
* deps: type-is@~1.5.2
- deps: mime-types@~2.0.2
2014-10-08 21:48:27 -04:00
2014-09-24 20:18:59 -04:00
4.9.5 / 2014-09-24
==================
2014-09-24 20:11:19 -04:00
2014-09-24 20:14:39 -04:00
* deps: etag@~1.4.0
2014-09-24 20:11:19 -04:00
* deps: proxy-addr@~1.0.3
- Use `forwarded` npm module
* deps: send@0 .9.3
- deps: etag@~1.4.0
2014-09-24 20:16:00 -04:00
* deps: serve-static@~1.6.3
- deps: send@0 .9.3
2014-09-24 20:11:19 -04:00
2014-09-19 23:07:58 -07:00
4.9.4 / 2014-09-19
==================
2014-09-19 23:06:31 -07:00
* deps: qs@2 .2.4
- Fix issue with object keys starting with numbers truncated
2014-09-18 10:45:35 -07:00
4.9.3 / 2014-09-18
==================
2014-09-18 10:43:35 -07:00
* deps: proxy-addr@~1.0.2
- Fix a global leak when multiple subnets are trusted
- deps: ipaddr.js@0 .1.3
2014-09-17 20:49:01 -07:00
4.9.2 / 2014-09-17
==================
2014-09-17 12:17:03 -07:00
* Fix regression for empty string `path` in `app.use`
2014-09-17 12:37:56 -07:00
* Fix `router.use` to accept array of middleware without path
2014-09-17 12:28:48 -07:00
* Improve error message for bad `app.use` arguments
2014-09-17 12:17:03 -07:00
2014-09-16 23:31:57 -07:00
4.9.1 / 2014-09-16
==================
2014-09-12 17:46:49 -04:00
* Fix `app.use` to accept array of middleware without path
2014-09-16 23:08:03 -07:00
* deps: depd@0 .4.5
2014-09-16 23:21:45 -07:00
* deps: etag@~1.3.1
2014-09-16 23:08:03 -07:00
* deps: send@0 .9.2
- deps: depd@0 .4.5
- deps: etag@~1.3.1
- deps: range-parser@~1.0.2
2014-09-16 23:23:14 -07:00
* deps: serve-static@~1.6.2
- deps: send@0 .9.2
2014-09-12 17:46:49 -04:00
2014-09-09 00:32:17 -04:00
4.9.0 / 2014-09-08
==================
2014-09-08 23:48:59 -04:00
2014-08-13 09:09:59 -04:00
* Add `res.sendStatus`
2014-08-21 14:43:38 -04:00
* Invoke callback for sendfile when client aborts
- Applies to `res.sendFile` , `res.sendfile` , and `res.download`
- `err` will be populated with request aborted error
2014-09-08 23:48:59 -04:00
* Support IP address host in `req.subdomains`
2014-08-25 01:07:01 -04:00
* Use `etag` to generate `ETag` headers
2014-09-09 00:12:10 -04:00
* deps: accepts@~1.1.0
- update `mime-types`
2014-09-08 23:48:59 -04:00
* deps: cookie-signature@1 .0.5
* deps: debug@~2.0.0
2014-09-09 00:08:07 -04:00
* deps: finalhandler@0 .2.0
- Set `X-Content-Type-Options: nosniff` header
- deps: debug@~2.0.0
2014-09-08 23:48:59 -04:00
* deps: fresh@0 .2.4
* deps: media-typer@0 .3.0
- Throw error when parameter format invalid on parse
2014-09-09 00:04:08 -04:00
* deps: qs@2 .2.3
- Fix issue where first empty value in array is discarded
2014-09-08 23:48:59 -04:00
* deps: range-parser@~1.0.2
* deps: send@0 .9.1
- Add `lastModified` option
- Use `etag` to generate `ETag` header
- deps: debug@~2.0.0
- deps: fresh@0 .2.4
2014-09-09 00:11:04 -04:00
* deps: serve-static@~1.6.1
- Add `lastModified` option
- deps: send@0 .9.1
2014-09-09 00:10:02 -04:00
* deps: type-is@~1.5.1
- fix `hasbody` to be true for `content-length: 0`
- deps: media-typer@0 .3.0
- deps: mime-types@~2.0.1
2014-09-08 23:48:59 -04:00
* deps: vary@~1.0.0
- Accept valid `Vary` header string as `field`
2014-09-05 02:26:12 -04:00
4.8.8 / 2014-09-04
==================
2014-09-05 02:20:02 -04:00
* deps: send@0 .8.5
- Fix a path traversal issue when using `root`
- Fix malicious path detection for empty string path
2014-09-05 02:21:17 -04:00
* deps: serve-static@~1.5.4
- deps: send@0 .8.5
2014-09-05 02:20:02 -04:00
2014-08-30 01:37:52 -04:00
4.8.7 / 2014-08-29
==================
2014-08-30 01:30:56 -04:00
* deps: qs@2 .2.2
- Remove unnecessary cloning
2014-08-27 21:51:37 -04:00
4.8.6 / 2014-08-27
==================
2014-08-27 21:22:41 -04:00
* deps: qs@2 .2.0
- Array parsing fix
- Performance improvements
2014-08-18 23:05:16 -04:00
4.8.5 / 2014-08-18
==================
2014-08-18 22:54:25 -04:00
* deps: send@0 .8.3
- deps: destroy@1 .0.3
- deps: on-finished@2 .1.0
2014-08-18 22:58:47 -04:00
* deps: serve-static@~1.5.3
- deps: send@0 .8.3
2014-08-18 22:54:25 -04:00
2014-08-15 00:26:39 -04:00
4.8.4 / 2014-08-14
==================
2014-08-15 00:14:42 -04:00
2014-08-15 00:16:20 -04:00
* deps: qs@1 .2.2
2014-08-15 00:14:42 -04:00
* deps: send@0 .8.2
- Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
2014-08-15 00:15:28 -04:00
* deps: serve-static@~1.5.2
- deps: send@0 .8.2
2014-08-15 00:14:42 -04:00
2014-08-10 22:30:07 -04:00
4.8.3 / 2014-08-10
==================
2014-08-10 22:26:49 -04:00
* deps: parseurl@~1.3.0
2014-08-10 22:27:42 -04:00
* deps: qs@1 .2.1
2014-08-10 22:29:24 -04:00
* deps: serve-static@~1.5.1
- Fix parsing of weird `req.originalUrl` values
- deps: parseurl@~1.3.0
- deps: utils-merge@1 .0.0
2014-08-10 22:26:49 -04:00
2014-08-07 12:05:02 -04:00
4.8.2 / 2014-08-07
==================
2014-08-07 12:03:53 -04:00
* deps: qs@1 .2.0
- Fix parsing array of objects
2014-08-06 18:21:55 -04:00
4.8.1 / 2014-08-06
==================
2014-08-06 17:48:36 -04:00
* fix incorrect deprecation warnings on `res.download`
2014-08-06 17:50:08 -04:00
* deps: qs@1 .1.0
- Accept urlencoded square brackets
- Accept empty values in implicit array notation
2014-08-06 17:48:36 -04:00
2014-08-06 02:50:59 -04:00
4.8.0 / 2014-08-05
==================
2014-08-06 01:55:45 -04:00
2014-08-06 02:09:25 -04:00
* add `res.sendFile`
- accepts a file system path instead of a URL
- requires an absolute path or `root` option specified
2014-08-06 02:27:16 -04:00
* deprecate `res.sendfile` -- use `res.sendFile` instead
2014-08-02 11:41:35 +02:00
* support mounted app as any argument to `app.use()`
2014-08-06 01:58:32 -04:00
* deps: qs@1 .0.2
- Complete rewrite
- Limits array length to 20
- Limits object depth to 5
- Limits parameters to 1,000
2014-08-06 01:55:45 -04:00
* deps: send@0 .8.1
- Add `extensions` option
2014-08-06 01:57:15 -04:00
* deps: serve-static@~1.5.0
- Add `extensions` option
- deps: send@0 .8.1
2014-08-06 01:55:45 -04:00
2014-08-04 17:36:37 -04:00
4.7.4 / 2014-08-04
==================
2014-08-04 17:14:32 -04:00
2014-08-04 17:35:42 -04:00
* fix `res.sendfile` regression for serving directory index files
* deps: send@0 .7.4
- Fix incorrect 403 on Windows and Node.js 0.11
- Fix serving index files without root dir
2014-08-04 17:14:32 -04:00
* deps: serve-static@~1.4.4
- deps: send@0 .7.4
2014-08-04 16:14:29 -04:00
4.7.3 / 2014-08-04
==================
2014-08-04 16:10:32 -04:00
* deps: send@0 .7.3
- Fix incorrect 403 on Windows and Node.js 0.11
2014-08-04 16:11:52 -04:00
* deps: serve-static@~1.4.3
- Fix incorrect 403 on Windows and Node.js 0.11
- deps: send@0 .7.3
2014-08-04 16:10:32 -04:00
2014-07-27 16:00:54 -04:00
4.7.2 / 2014-07-27
==================
2014-07-27 15:58:45 -04:00
* deps: depd@0 .4.4
- Work-around v8 generating empty stack traces
* deps: send@0 .7.2
- deps: depd@0 .4.4
2014-07-27 15:59:19 -04:00
* deps: serve-static@~1.4.2
2014-07-27 15:58:45 -04:00
2014-07-26 18:53:26 -04:00
4.7.1 / 2014-07-26
==================
2014-07-26 18:01:24 -04:00
* deps: depd@0 .4.3
- Fix exception when global `Error.stackTraceLimit` is too low
* deps: send@0 .7.1
- deps: depd@0 .4.3
2014-07-26 18:08:02 -04:00
* deps: serve-static@~1.4.1
2014-07-26 18:01:24 -04:00
2014-07-25 20:26:11 -04:00
4.7.0 / 2014-07-25
==================
2014-07-12 00:18:38 -04:00
2014-07-18 11:33:16 -04:00
* fix `req.protocol` for proxy-direct connections
2014-07-13 23:15:00 -04:00
* configurable query parser with `app.set('query parser', parser)`
- `app.set('query parser', 'extended')` parse with "qs" module
- `app.set('query parser', 'simple')` parse with "querystring" core module
- `app.set('query parser', false)` disable query string parsing
- `app.set('query parser', true)` enable simple parsing
2014-07-17 22:49:41 -04:00
* deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
* deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
* deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
2014-07-16 20:44:17 -04:00
* deps: debug@1 .0.4
2014-07-22 23:52:44 -04:00
* deps: depd@0 .4.2
- Add `TRACE_DEPRECATION` environment variable
- Remove non-standard grey color from color output
- Support `--no-deprecation` argument
- Support `--trace-deprecation` argument
2014-07-16 20:47:24 -04:00
* deps: finalhandler@0 .1.0
- Respond after request fully read
- deps: debug@1 .0.4
2014-07-22 23:53:50 -04:00
* deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path" `RegExp`
2014-07-22 23:55:17 -04:00
* deps: send@0 .7.0
- Add `dotfiles` option
- Cap `maxAge` value to 1 year
- deps: debug@1 .0.4
- deps: depd@0 .4.2
2014-07-23 14:56:27 -04:00
* deps: serve-static@~1.4.0
- deps: parseurl@~1.2.0
- deps: send@0 .7.0
2014-07-12 00:18:38 -04:00
* perf: prevent multiple `Buffer` creation in `res.send`
2014-07-12 22:11:48 -04:00
4.6.1 / 2014-07-12
==================
2014-07-12 22:07:43 -04:00
* fix `subapp.mountpath` regression for `app.use(subapp)`
2014-07-11 23:31:30 -04:00
4.6.0 / 2014-07-11
==================
2014-07-11 13:52:26 -04:00
2014-07-09 20:04:24 -04:00
* accept multiple callbacks to `app.use()`
2014-07-11 13:52:26 -04:00
* add explicit "Rosetta Flash JSONP abuse" protection
- previous versions are not vulnerable; this is just explicit protection
2014-07-08 01:15:31 -04:00
* catch errors in multiple `req.param(name, fn)` handlers
2014-07-11 13:52:26 -04:00
* deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
* fix `res.send(status, num)` to send `num` as json (not error)
* remove unnecessary escaping when `res.jsonp` returns JSON response
2014-07-05 13:23:07 -04:00
* support non-string `path` in `app.use(path, fn)`
- supports array of paths
- supports `RegExp`
2014-07-07 22:50:05 -04:00
* router: fix optimization on router exit
2014-07-08 01:50:57 -04:00
* router: refactor location of `try` blocks
2014-07-08 00:16:39 -04:00
* router: speed up standard `app.use(fn)`
2014-07-11 13:52:26 -04:00
* deps: debug@1 .0.3
- Add support for multiple wildcards in namespaces
2014-07-11 23:00:09 -04:00
* deps: finalhandler@0 .0.3
- deps: debug@1 .0.3
2014-07-11 13:52:26 -04:00
* deps: methods@1 .1.0
- add `CONNECT`
* deps: parseurl@~1.1.3
- faster parsing of href-only URLs
2014-07-05 13:23:07 -04:00
* deps: path-to-regexp@0 .1.3
2014-07-11 22:48:42 -04:00
* deps: send@0 .6.0
- deps: debug@1 .0.3
2014-07-11 22:49:49 -04:00
* deps: serve-static@~1.3.2
- deps: parseurl@~1.1.3
- deps: send@0 .6.0
2014-07-10 01:02:57 -04:00
* perf: fix arguments reassign deopt in some `res` methods
2014-07-11 13:52:26 -04:00
2014-07-06 19:48:18 -04:00
4.5.1 / 2014-07-06
==================
2014-07-06 19:42:08 -04:00
* fix routing regression when altering `req.method`
2014-07-04 21:03:07 -04:00
4.5.0 / 2014-07-04
==================
2014-06-22 11:42:15 -04:00
2014-06-23 16:17:44 -04:00
* add deprecation message to non-plural `req.accepts*`
2014-06-23 16:26:00 -04:00
* add deprecation message to `res.send(body, status)`
2014-06-23 16:26:28 -04:00
* add deprecation message to `res.vary()`
2014-07-03 12:53:49 -04:00
* add `headers` option to `res.sendfile`
- use to set headers on successful file transfer
2014-07-03 01:06:21 -04:00
* add `mergeParams` option to `Router`
- merges `req.params` from parent routes
2014-07-04 13:59:01 -04:00
* add `req.hostname` -- correct name for what `req.host` returns
2014-06-22 11:42:15 -04:00
* deprecate things with `depd` module
2014-07-04 13:59:01 -04:00
* deprecate `req.host` -- use `req.hostname` instead
2014-06-02 15:43:19 -04:00
* fix behavior when handling request without routes
2014-06-06 22:16:39 -04:00
* fix handling when `route.all` is only route
2014-07-03 16:41:23 -04:00
* invoke `router.param()` only when route matches
2014-06-06 11:54:27 -04:00
* restore `req.params` after invoking router
2014-06-05 23:59:27 -04:00
* use `finalhandler` for final response handling
2014-06-22 11:42:15 -04:00
* use `media-typer` to alter content-type charset
2014-07-04 12:51:44 -04:00
* deps: accepts@~1.0.7
2014-07-03 11:18:35 -04:00
* deps: send@0 .5.0
- Accept string for `maxage` (converted by `ms` )
- Include link in default redirect response
2014-07-03 11:11:18 -04:00
* deps: serve-static@~1.3.0
- Accept string for `maxAge` (converted by `ms` )
- Add `setHeaders` option
- Include HTML link in redirect response
- deps: send@0 .5.0
2014-06-24 21:18:12 -04:00
* deps: type-is@~1.3.2
2014-06-22 11:42:15 -04:00
2014-06-26 20:26:43 -04:00
4.4.5 / 2014-06-26
==================
2014-06-26 20:25:20 -04:00
* deps: cookie-signature@1 .0.4
- fix for timing attacks
2014-06-20 16:56:51 -04:00
4.4.4 / 2014-06-20
==================
2014-06-14 12:57:32 -04:00
2014-06-20 12:37:22 +08:00
* fix `res.attachment` Unicode filenames in Safari
2014-06-14 12:57:32 -04:00
* fix "trim prefix" debug message in `express:router`
2014-06-20 16:44:50 -04:00
* deps: accepts@~1.0.5
2014-06-20 00:35:38 -04:00
* deps: buffer-crc32@0 .2.3
2014-06-14 12:57:32 -04:00
2014-06-12 00:41:24 -04:00
4.4.3 / 2014-06-11
==================
2014-06-11 17:53:56 -04:00
2014-06-11 18:15:09 -04:00
* fix persistence of modified `req.params[name]` from `app.param()`
2014-06-12 00:16:05 -04:00
* deps: accepts@1 .0.3
- deps: negotiator@0 .4.6
2014-06-11 17:53:56 -04:00
* deps: debug@1 .0.2
2014-06-12 00:14:36 -04:00
* deps: send@0 .4.3
2018-11-26 20:00:47 -07:00
- Do not throw uncatchable error on file open race condition
2014-06-12 00:14:36 -04:00
- Use `escape-html` for HTML escaping
- deps: debug@1 .0.2
- deps: finished@1 .2.2
- deps: fresh@0 .2.2
2014-06-12 00:17:28 -04:00
* deps: serve-static@1 .2.3
2018-11-26 20:00:47 -07:00
- Do not throw uncatchable error on file open race condition
2014-06-12 00:17:28 -04:00
- deps: send@0 .4.3
2014-06-11 17:53:56 -04:00
2014-06-09 20:40:39 -04:00
4.4.2 / 2014-06-09
==================
2014-06-03 17:25:20 -04:00
2014-06-09 09:43:51 -04:00
* fix catching errors from top-level handlers
2014-06-05 23:45:31 -04:00
* use `vary` module for `res.vary`
2014-06-09 20:19:09 -04:00
* deps: debug@1 .0.1
2014-06-03 17:25:20 -04:00
* deps: proxy-addr@1 .0.1
2014-06-09 20:22:42 -04:00
* deps: send@0 .4.2
- fix "event emitter leak" warnings
- deps: debug@1 .0.1
- deps: finished@1 .2.1
2014-06-09 20:21:31 -04:00
* deps: serve-static@1 .2.2
- fix "event emitter leak" warnings
- deps: send@0 .4.2
2014-06-05 19:40:27 -04:00
* deps: type-is@1 .2.1
2014-06-03 17:25:20 -04:00
2014-06-02 21:13:50 -04:00
4.4.1 / 2014-06-02
==================
2014-06-02 20:48:18 -04:00
* deps: methods@1 .0.1
2014-06-02 20:49:11 -04:00
* deps: send@0 .4.1
- Send `max-age` in `Cache-Control` in correct format
2014-06-02 20:50:54 -04:00
* deps: serve-static@1 .2.1
- use `escape-html` for escaping
- deps: send@0 .4.1
2014-06-02 20:48:18 -04:00
2014-05-31 00:00:39 -04:00
4.4.0 / 2014-05-30
==================
2014-05-30 22:17:51 -04:00
* custom etag control with `app.set('etag', val)`
- `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
- `app.set('etag', 'weak')` weak tag
- `app.set('etag', 'strong')` strong etag
- `app.set('etag', false)` turn off
- `app.set('etag', true)` standard etag
* mark `res.send` ETag as weak and reduce collisions
2014-05-30 22:48:32 -04:00
* update accepts to 1.0.2
- Fix interpretation when header not in request
2014-05-30 22:17:51 -04:00
* update send to 0.4.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: debug@0 .8.1
2014-05-30 22:53:02 -04:00
* update serve-static to 1.2.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: send@0 .4.0
2014-05-30 22:17:51 -04:00
2014-05-29 00:17:21 -04:00
4.3.2 / 2014-05-28
==================
2014-05-28 22:26:05 -04:00
* fix handling of errors from `router.param()` callbacks
2014-05-23 19:11:28 -04:00
4.3.1 / 2014-05-23
==================
2014-05-23 18:35:20 -04:00
* revert "fix behavior of multiple `app.VERB` for the same path"
- this caused a regression in the order of route execution
2014-05-21 02:13:03 -04:00
4.3.0 / 2014-05-21
==================
2014-05-14 00:25:39 -04:00
2014-05-19 00:39:26 -04:00
* add `req.baseUrl` to access the path stripped from `req.url` in routes
2014-05-15 10:30:52 -04:00
* fix behavior of multiple `app.VERB` for the same path
2014-05-18 15:27:28 -04:00
* fix issue routing requests among sub routers
2014-05-18 16:21:01 -04:00
* invoke `router.param()` only when necessary instead of every match
2014-05-18 11:17:37 -04:00
* proper proxy trust with `app.set('trust proxy', trust)`
- `app.set('trust proxy', 1)` trust first hop
- `app.set('trust proxy', 'loopback')` trust loopback addresses
- `app.set('trust proxy', '10.0.0.1')` trust single IP
- `app.set('trust proxy', '10.0.0.1/16')` trust subnet
- `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
- `app.set('trust proxy', false)` turn off
- `app.set('trust proxy', true)` trust everything
2014-05-21 02:08:04 -04:00
* set proper `charset` in `Content-Type` for `res.send`
2014-05-14 00:25:39 -04:00
* update type-is to 1.2.0
- support suffix matching
2014-05-11 22:00:30 -04:00
4.2.0 / 2014-05-11
==================
2014-05-08 14:48:24 -04:00
2014-05-09 17:33:26 -04:00
* deprecate `app.del()` -- use `app.delete()` instead
* deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
- the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
* deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
- the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
2014-05-09 16:53:15 -04:00
* fix `req.next` when inside router instance
2014-05-08 14:48:24 -04:00
* include `ETag` header in `HEAD` requests
* keep previous `Content-Type` for `res.jsonp`
2014-05-09 17:33:26 -04:00
* support PURGE method
- add `app.purge`
- add `router.purge`
- include PURGE in `app.all`
* update debug to 0.8.0
- add `enable()` method
- change from stderr to stdout
* update methods to 1.0.0
- add PURGE
2014-05-08 14:48:24 -04:00
2014-05-08 14:42:44 -04:00
4.1.2 / 2014-05-08
==================
2014-05-08 14:01:02 -04:00
* fix `req.host` for IPv6 literals
* fix `res.jsonp` error if callback param is object
2014-04-27 19:49:05 -04:00
4.1.1 / 2014-04-27
==================
* fix package.json to reflect supported node version
2014-04-24 18:08:41 -04:00
4.1.0 / 2014-04-24
==================
* pass options from `res.sendfile` to `send`
* preserve casing of headers in `res.header` and `res.set`
* support unicode file names in `res.attachment` and `res.download`
* update accepts to 1.0.1
2014-05-08 14:57:44 -04:00
- deps: negotiator@0 .4.0
2014-04-24 18:08:41 -04:00
* update cookie to 0.1.2
2014-05-08 14:57:44 -04:00
- Fix for maxAge == 0
- made compat with expires field
2014-04-24 18:08:41 -04:00
* update send to 0.3.0
2014-05-08 14:57:44 -04:00
- Accept API options in options object
- Coerce option types
- Control whether to generate etags
- Default directory access to 403 when index disabled
- Fix sending files with dots without root set
- Include file path in etag
- Make "Can't set headers after they are sent." catchable
- Send full entity-body for multi range requests
- Set etags to "weak"
- Support "If-Range" header
- Support multiple index paths
- deps: mime@1 .2.11
2014-04-24 18:08:41 -04:00
* update serve-static to 1.1.0
2014-05-08 14:57:44 -04:00
- Accept options directly to `send` module
- Resolve relative paths at middleware setup
- Use parseurl to parse the URL from request
- deps: send@0 .3.0
2014-04-24 18:08:41 -04:00
* update type-is to 1.1.0
2014-05-08 14:57:44 -04:00
- add non-array values support
- add `multipart` as a shorthand
2014-04-24 18:08:41 -04:00
2014-04-10 16:57:00 -04:00
4.0.0 / 2014-04-09
2014-01-03 02:33:00 -08:00
==================
2014-01-03 02:57:24 -08:00
* remove:
2014-03-05 22:45:36 -08:00
- node 0.8 support
- connect and connect's patches except for charset handling
2014-01-03 02:57:24 -08:00
- express(1) - moved to [express-generator ](https://github.com/expressjs/generator )
2014-01-19 14:05:12 -05:00
- `express.createServer()` - it has been deprecated for a long time. Use `express()`
2014-02-08 11:40:48 -08:00
- `app.configure` - use logic in your own app code
2014-01-25 17:57:25 -05:00
- `app.router` - is removed
2014-03-09 19:45:43 -07:00
- `req.auth` - use `basic-auth` instead
2014-02-08 11:40:48 -08:00
- `req.accepted*` - use `req.accepts*()` instead
- `res.location` - relative URL resolution is removed
2014-03-07 16:33:17 -08:00
- `res.charset` - include the charset in the content type when using `res.set()`
2014-02-15 20:20:12 -05:00
- all bundled middleware except `static`
2014-01-03 02:57:24 -08:00
* change:
2014-02-08 11:40:48 -08:00
- `app.route` -> `app.mountpath` when mounting an express app in another express app
- `json spaces` no longer enabled by default in development
2014-01-03 02:57:24 -08:00
- `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
2014-01-03 03:00:48 -08:00
- `req.params` is now an object instead of an array
2014-01-24 19:49:45 -05:00
- `res.locals` is no longer a function. It is a plain js object. Treat it as such.
2014-02-17 23:36:56 -05:00
- `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
2014-01-03 02:57:24 -08:00
* refactor:
2014-01-03 02:50:09 -08:00
- `req.accepts*` with [accepts ](https://github.com/expressjs/accepts )
- `req.is` with [type-is ](https://github.com/expressjs/type-is )
2014-03-06 14:59:36 -08:00
- [path-to-regexp ](https://github.com/component/path-to-regexp )
2014-01-25 17:57:25 -05:00
* add:
- `app.router()` - returns the app Router instance
- `app.route()` - Proxy to the app's `Router#route()` method to create a new route
- Router & Route - public API
2014-01-03 02:33:00 -08:00
2015-07-31 16:15:06 -04:00
3.21.2 / 2015-07-31
===================
2015-07-27 22:12:39 -04:00
2015-07-31 16:13:09 -04:00
* deps: connect@2 .30.2
- deps: body-parser@~1.13.3
- deps: compression@~1.5.2
- deps: errorhandler@~1.4.2
- deps: method-override@~2.3.5
- deps: serve-index@~1.7.2
- deps: type-is@~1.6.6
- deps: vhost@~3.0.1
2015-07-27 22:12:39 -04:00
* deps: vary@~1.0.1
- Fix setting empty header from empty `field`
- perf: enable strict mode
- perf: remove argument reassignments
2015-07-06 00:53:25 -04:00
3.21.1 / 2015-07-05
===================
2015-07-06 00:38:10 -04:00
2015-07-06 00:39:42 -04:00
* deps: basic-auth@~1.0.3
2015-07-06 00:38:10 -04:00
* deps: connect@2 .30.1
- deps: body-parser@~1.13.2
- deps: compression@~1.5.1
- deps: errorhandler@~1.4.1
- deps: morgan@~1.6.1
- deps: pause@0 .1.0
- deps: qs@4 .0.0
- deps: serve-index@~1.7.1
- deps: type-is@~1.6.4
2015-06-18 21:14:56 -04:00
3.21.0 / 2015-06-18
===================
2015-06-17 01:21:20 -04:00
2015-06-18 20:34:04 -04:00
* deps: basic-auth@1 .0.2
- perf: enable strict mode
- perf: hoist regular expression
- perf: parse with regular expressions
- perf: remove argument reassignment
2015-06-18 20:08:32 -04:00
* deps: connect@2 .30.0
- deps: body-parser@~1.13.1
- deps: bytes@2 .1.0
- deps: compression@~1.5.0
- deps: cookie@0 .1.3
- deps: cookie-parser@~1.3.5
- deps: csurf@~1.8.3
- deps: errorhandler@~1.4.0
- deps: express-session@~1.11.3
- deps: finalhandler@0 .4.0
- deps: fresh@0 .3.0
- deps: morgan@~1.6.0
- deps: serve-favicon@~2.3.0
- deps: serve-index@~1.7.0
- deps: serve-static@~1.10.0
- deps: type-is@~1.6.3
2015-06-18 20:35:56 -04:00
* deps: cookie@0 .1.3
- perf: deduce the scope of try-catch deopt
- perf: remove argument reassignments
2015-06-18 20:36:48 -04:00
* deps: escape-html@1 .0.2
2015-06-18 20:54:26 -04:00
* deps: etag@~1.7.0
- Always include entity length in ETags for hash length extensions
- Generate non-Stats ETags using MD5 only (no longer CRC32)
- Improve stat performance by removing hashing
- Improve support for JXcore
- Remove base64 padding in ETags to shorten
- Support "fake" stats objects in environments without fs
- Use MD5 instead of MD4 in weak ETags over 1KB
2015-06-18 20:56:48 -04:00
* deps: fresh@0 .3.0
- Add weak `ETag` matching support
2015-06-17 01:21:20 -04:00
* deps: mkdirp@0 .5.1
- Work in global strict mode
2015-06-18 20:56:03 -04:00
* deps: send@0 .13.0
- Allow Node.js HTTP server to set `Date` response header
- Fix incorrectly removing `Content-Location` on 304 response
- Improve the default redirect response headers
- Send appropriate headers on default error response
- Use `http-errors` for standard emitted errors
- Use `statuses` instead of `http` module for status messages
- deps: escape-html@1 .0.2
- deps: etag@~1.7.0
- deps: fresh@0 .3.0
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove unnecessary array allocations
2015-06-17 01:21:20 -04:00
2015-05-18 00:04:41 -04:00
3.20.3 / 2015-05-17
===================
2015-05-17 20:56:52 -04:00
* deps: connect@2 .29.2
- deps: body-parser@~1.12.4
- deps: compression@~1.4.4
- deps: connect-timeout@~1.6.2
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: errorhandler@~1.3.6
- deps: finalhandler@0 .3.6
- deps: method-override@~2.3.3
- deps: morgan@~1.5.3
- deps: qs@2 .4.2
- deps: response-time@~2.3.1
- deps: serve-favicon@~2.2.1
- deps: serve-index@~1.6.4
- deps: serve-static@~1.9.3
- deps: type-is@~1.6.2
2015-05-17 23:54:59 -04:00
* deps: debug@~2.2.0
- deps: ms@0 .7.1
2015-05-17 23:38:35 -04:00
* deps: depd@~1.0.1
2015-05-17 21:04:02 -04:00
* deps: proxy-addr@~1.0.8
- deps: ipaddr.js@1 .0.1
2015-05-17 21:07:06 -04:00
* deps: send@0 .12.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- deps: ms@0 .7.1
- deps: on-finished@~2.2.1
2015-05-17 20:56:52 -04:00
2015-03-17 01:03:53 -04:00
3.20.2 / 2015-03-16
===================
2015-03-17 00:17:34 -04:00
* deps: connect@2 .29.1
- deps: body-parser@~1.12.2
- deps: compression@~1.4.3
- deps: connect-timeout@~1.6.1
- deps: debug@~2.1.3
- deps: errorhandler@~1.3.5
- deps: express-session@~1.10.4
- deps: finalhandler@0 .3.4
- deps: method-override@~2.3.2
- deps: morgan@~1.5.2
- deps: qs@2 .4.1
- deps: serve-index@~1.6.3
- deps: serve-static@~1.9.2
- deps: type-is@~1.6.1
2015-03-17 00:25:00 -04:00
* deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0 .7.0
2015-03-17 00:23:23 -04:00
* deps: merge-descriptors@1 .0.0
2015-03-17 00:47:15 -04:00
* deps: proxy-addr@~1.0.7
- deps: ipaddr.js@0 .1.9
2015-03-17 00:21:58 -04:00
* deps: send@0 .12.2
- Throw errors early for invalid `extensions` or `index` options
- deps: debug@~2.1.3
2015-03-17 00:17:34 -04:00
2015-02-28 23:16:27 -05:00
3.20.1 / 2015-02-28
===================
2015-02-28 17:06:37 +00:00
2015-02-28 21:32:51 -05:00
* Fix `req.host` when using "trust proxy" hops count
2015-02-28 17:06:37 +00:00
* Fix `req.protocol` /`req.secure` when using "trust proxy" hops count
2015-02-18 21:25:55 -05:00
3.20.0 / 2015-02-18
===================
2015-02-17 22:32:18 -05:00
2015-02-18 00:59:56 -05:00
* Fix `"trust proxy"` setting to inherit when app is mounted
2015-02-18 00:12:28 -05:00
* Generate `ETag` s for all request responses
- No longer restricted to only responses for `GET` and `HEAD` requests
2015-02-17 22:49:24 -05:00
* Use `content-type` to parse `Content-Type` headers
2015-02-17 22:32:18 -05:00
* deps: connect@2 .29.0
- Use `content-type` to parse `Content-Type` headers
- deps: body-parser@~1.12.0
- deps: compression@~1.4.1
- deps: connect-timeout@~1.6.0
- deps: cookie-parser@~1.3.4
- deps: cookie-signature@1 .0.6
- deps: csurf@~1.7.0
- deps: errorhandler@~1.3.4
- deps: express-session@~1.10.3
- deps: http-errors@~1.3.1
- deps: response-time@~2.3.0
- deps: serve-index@~1.6.2
- deps: serve-static@~1.9.1
- deps: type-is@~1.6.0
2015-02-17 22:40:51 -05:00
* deps: cookie-signature@1 .0.6
2015-02-17 22:42:02 -05:00
* deps: send@0 .12.1
- Always read the stat size from the file
- Fix mutating passed-in `options`
- deps: mime@1 .3.4
2015-02-17 22:32:18 -05:00
2015-02-01 15:15:53 -05:00
3.19.2 / 2015-02-01
===================
2015-02-01 14:54:46 -05:00
* deps: connect@2 .28.3
- deps: compression@~1.3.1
- deps: csurf@~1.6.6
- deps: errorhandler@~1.3.3
- deps: express-session@~1.10.2
- deps: serve-index@~1.6.1
- deps: type-is@~1.5.6
2015-02-01 14:55:42 -05:00
* deps: proxy-addr@~1.0.6
- deps: ipaddr.js@0 .1.8
2015-02-01 14:54:46 -05:00
2015-01-21 03:18:16 -05:00
3.19.1 / 2015-01-20
===================
2015-01-21 02:03:28 -05:00
* deps: connect@2 .28.2
- deps: body-parser@~1.10.2
- deps: serve-static@~1.8.1
2015-01-21 02:05:03 -05:00
* deps: send@0 .11.1
- Fix root path disclosure
2015-01-21 02:03:28 -05:00
2015-01-09 01:07:12 -05:00
3.19.0 / 2015-01-09
===================
2015-01-08 21:18:56 -05:00
2015-01-08 23:30:42 -05:00
* Fix `OPTIONS` responses to include the `HEAD` method property
2015-01-08 22:21:50 -05:00
* Use `readline` for prompt in `express(1)`
2015-01-08 22:23:04 -05:00
* deps: commander@2 .6.0
2015-01-08 21:18:56 -05:00
* deps: connect@2 .28.1
- deps: body-parser@~1.10.1
- deps: compression@~1.3.0
- deps: connect-timeout@~1.5.0
- deps: csurf@~1.6.4
- deps: debug@~2.1.1
- deps: errorhandler@~1.3.2
- deps: express-session@~1.10.1
- deps: finalhandler@0 .3.3
- deps: method-override@~2.3.1
- deps: morgan@~1.5.1
- deps: serve-favicon@~2.2.0
- deps: serve-index@~1.6.0
- deps: serve-static@~1.8.0
- deps: type-is@~1.5.5
2015-01-09 01:05:41 -05:00
* deps: debug@~2.1.1
2015-01-08 21:31:32 -05:00
* deps: methods@~1.1.1
2015-01-08 22:14:46 -05:00
* deps: proxy-addr@~1.0.5
- deps: ipaddr.js@0 .1.6
2015-01-08 22:15:53 -05:00
* deps: send@0 .11.0
- deps: debug@~2.1.1
- deps: etag@~1.5.1
- deps: ms@0 .7.0
- deps: on-finished@~2.2.0
2015-01-08 21:18:56 -05:00
2014-12-12 21:39:47 -05:00
3.18.6 / 2014-12-12
===================
2014-12-11 20:34:26 -08:00
* Fix exception in `req.fresh` /`req.stale` without response headers
2014-12-11 23:10:34 -05:00
3.18.5 / 2014-12-11
===================
2014-12-10 22:55:36 -05:00
* deps: connect@2 .27.6
- deps: compression@~1.2.2
- deps: express-session@~1.9.3
- deps: http-errors@~1.2.8
- deps: serve-index@~1.5.3
- deps: type-is@~1.5.4
2014-11-23 15:42:03 -05:00
3.18.4 / 2014-11-23
===================
2014-11-23 14:53:23 -05:00
* deps: connect@2 .27.4
- deps: body-parser@~1.9.3
- deps: compression@~1.2.1
- deps: errorhandler@~1.2.3
- deps: express-session@~1.9.2
- deps: qs@2 .3.3
- deps: serve-favicon@~2.1.7
- deps: serve-static@~1.5.1
- deps: type-is@~1.5.3
2014-11-23 14:58:22 -05:00
* deps: etag@~1.5.1
2014-11-23 15:34:57 -05:00
* deps: proxy-addr@~1.0.4
- deps: ipaddr.js@0 .1.5
2014-11-23 14:53:23 -05:00
2014-11-09 18:35:34 -05:00
3.18.3 / 2014-11-09
===================
2014-11-09 18:32:43 -05:00
* deps: connect@2 .27.3
- Correctly invoke async callback asynchronously
- deps: csurf@~1.6.3
2014-10-29 01:10:45 -04:00
3.18.2 / 2014-10-28
===================
2014-10-29 01:08:36 -04:00
* deps: connect@2 .27.2
- Fix handling of URLs containing `://` in the path
- deps: body-parser@~1.9.2
- deps: qs@2 .3.2
2014-10-23 01:26:21 -04:00
3.18.1 / 2014-10-22
===================
2014-10-22 15:18:10 -04:00
* Fix internal `utils.merge` deprecation warnings
2014-10-23 01:23:54 -04:00
* deps: connect@2 .27.1
- deps: body-parser@~1.9.1
- deps: express-session@~1.9.1
- deps: finalhandler@0 .3.2
- deps: morgan@~1.4.1
- deps: qs@2 .3.0
- deps: serve-static@~1.7.1
2014-10-23 01:25:07 -04:00
* deps: send@0 .10.1
- deps: on-finished@~2.1.1
2014-10-22 15:18:10 -04:00
2014-10-18 00:57:48 -04:00
3.18.0 / 2014-10-17
===================
2014-10-17 20:42:12 -04:00
2014-10-17 21:08:05 -04:00
* Use `content-disposition` module for `res.attachment` /`res.download`
- Sends standards-compliant `Content-Disposition` header
- Full Unicode support
2014-10-18 00:53:17 -04:00
* Use `etag` module to generate `ETag` headers
2014-10-17 20:42:12 -04:00
* deps: connect@2 .27.0
- Use `http-errors` module for creating errors
- Use `utils-merge` module for merging objects
- deps: body-parser@~1.9.0
- deps: compression@~1.2.0
- deps: connect-timeout@~1.4.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: express-session@~1.9.0
- deps: finalhandler@0 .3.1
- deps: method-override@~2.3.0
- deps: morgan@~1.4.0
- deps: response-time@~2.2.0
- deps: serve-favicon@~2.1.6
- deps: serve-index@~1.5.0
- deps: serve-static@~1.7.0
2014-10-17 20:43:23 -04:00
* deps: debug@~2.1.0
- Implement `DEBUG_FD` env variable support
2014-10-17 20:44:07 -04:00
* deps: depd@~1.0.0
2014-10-17 20:45:09 -04:00
* deps: send@0 .10.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: etag@~1.5.0
2014-10-17 20:42:12 -04:00
2014-10-16 00:29:56 -04:00
3.17.8 / 2014-10-15
===================
2014-10-16 00:24:28 -04:00
* deps: connect@2 .26.6
- deps: compression@~1.1.2
- deps: csurf@~1.6.2
- deps: errorhandler@~1.2.2
2014-10-08 17:00:45 -04:00
3.17.7 / 2014-10-08
===================
2014-10-08 16:43:02 -04:00
* deps: connect@2 .26.5
- Fix accepting non-object arguments to `logger`
- deps: serve-static@~1.6.4
2014-10-02 23:29:40 -04:00
3.17.6 / 2014-10-02
===================
2014-10-02 23:27:41 -04:00
* deps: connect@2 .26.4
- deps: morgan@~1.3.2
- deps: type-is@~1.5.2
2014-09-24 19:38:35 -04:00
3.17.5 / 2014-09-24
===================
2014-09-24 19:12:43 -04:00
* deps: connect@2 .26.3
- deps: body-parser@~1.8.4
- deps: serve-favicon@~2.1.5
- deps: serve-static@~1.6.3
2014-09-24 19:14:33 -04:00
* deps: proxy-addr@~1.0.3
- Use `forwarded` npm module
2014-09-24 19:15:46 -04:00
* deps: send@0 .9.3
- deps: etag@~1.4.0
2014-09-24 19:12:43 -04:00
2014-09-19 22:57:07 -07:00
3.17.4 / 2014-09-19
===================
2014-09-19 22:54:39 -07:00
* deps: connect@2 .26.2
- deps: body-parser@~1.8.3
- deps: qs@2 .2.4
2014-09-18 10:38:31 -07:00
3.17.3 / 2014-09-18
===================
2014-09-18 10:36:21 -07:00
* deps: proxy-addr@~1.0.2
- Fix a global leak when multiple subnets are trusted
- deps: ipaddr.js@0 .1.3
2014-09-16 00:14:41 -07:00
3.17.2 / 2014-09-15
===================
2014-09-15 23:56:36 -07:00
2014-09-16 00:11:08 -07:00
* Use `crc` instead of `buffer-crc32` for speed
2014-09-15 23:56:36 -07:00
* deps: connect@2 .26.1
- deps: body-parser@~1.8.2
- deps: depd@0 .4.5
- deps: express-session@~1.8.2
- deps: morgan@~1.3.1
- deps: serve-favicon@~2.1.3
- deps: serve-static@~1.6.2
2014-09-15 23:57:41 -07:00
* deps: depd@0 .4.5
2014-09-15 23:59:02 -07:00
* deps: send@0 .9.2
- deps: depd@0 .4.5
- deps: etag@~1.3.1
- deps: range-parser@~1.0.2
2014-09-15 23:56:36 -07:00
2014-09-08 23:45:38 -04:00
3.17.1 / 2014-09-08
===================
2014-09-08 23:45:34 -04:00
* Fix error in `req.subdomains` on empty host
2014-09-08 23:07:02 -04:00
3.17.0 / 2014-09-08
===================
2014-09-08 21:09:22 -04:00
2014-09-08 23:48:59 -04:00
* Support `X-Forwarded-Host` in `req.subdomains`
2014-09-08 23:03:48 -04:00
* Support IP address host in `req.subdomains`
2014-09-08 21:09:22 -04:00
* deps: connect@2 .26.0
- deps: body-parser@~1.8.1
- deps: compression@~1.1.0
- deps: connect-timeout@~1.3.0
- deps: cookie-parser@~1.3.3
- deps: cookie-signature@1 .0.5
- deps: csurf@~1.6.1
- deps: debug@~2.0.0
- deps: errorhandler@~1.2.0
- deps: express-session@~1.8.1
- deps: finalhandler@0 .2.0
- deps: fresh@0 .2.4
- deps: media-typer@0 .3.0
- deps: method-override@~2.2.0
- deps: morgan@~1.3.0
- deps: qs@2 .2.3
- deps: serve-favicon@~2.1.3
- deps: serve-index@~1.2.1
- deps: serve-static@~1.6.1
- deps: type-is@~1.5.1
- deps: vhost@~3.0.0
2014-09-08 21:17:03 -04:00
* deps: cookie-signature@1 .0.5
2014-09-08 21:11:41 -04:00
* deps: debug@~2.0.0
2014-09-08 21:14:27 -04:00
* deps: fresh@0 .2.4
2014-09-08 21:10:57 -04:00
* deps: media-typer@0 .3.0
- Throw error when parameter format invalid on parse
2014-09-08 22:47:54 -04:00
* deps: range-parser@~1.0.2
2014-09-08 21:13:20 -04:00
* deps: send@0 .9.1
- Add `lastModified` option
- Use `etag` to generate `ETag` header
- deps: debug@~2.0.0
- deps: fresh@0 .2.4
2014-09-08 21:18:28 -04:00
* deps: vary@~1.0.0
- Accept valid `Vary` header string as `field`
2014-09-08 21:09:22 -04:00
2014-09-05 02:17:55 -04:00
3.16.10 / 2014-09-04
====================
2014-09-05 01:55:24 -04:00
* deps: connect@2 .25.10
- deps: serve-static@~1.5.4
2014-09-05 01:56:27 -04:00
* deps: send@0 .8.5
- Fix a path traversal issue when using `root`
- Fix malicious path detection for empty string path
2014-09-05 01:55:24 -04:00
2014-08-30 01:22:06 -04:00
3.16.9 / 2014-08-29
===================
2014-08-30 01:19:53 -04:00
* deps: connect@2 .25.9
- deps: body-parser@~1.6.7
- deps: qs@2 .2.2
2014-08-27 21:09:18 -04:00
3.16.8 / 2014-08-27
===================
2014-08-27 21:04:41 -04:00
* deps: connect@2 .25.8
- deps: body-parser@~1.6.6
- deps: csurf@~1.4.1
- deps: qs@2 .2.0
2014-08-18 22:45:17 -04:00
3.16.7 / 2014-08-18
===================
2014-08-18 21:41:14 -04:00
* deps: connect@2 .25.7
- deps: body-parser@~1.6.5
- deps: express-session@~1.7.6
- deps: morgan@~1.2.3
- deps: serve-static@~1.5.3
2014-08-18 21:57:29 -04:00
* deps: send@0 .8.3
- deps: destroy@1 .0.3
- deps: on-finished@2 .1.0
2014-08-18 21:41:14 -04:00
2014-08-14 23:53:32 -04:00
3.16.6 / 2014-08-14
===================
2014-08-14 23:49:39 -04:00
* deps: connect@2 .25.6
- deps: body-parser@~1.6.4
- deps: qs@1 .2.2
- deps: serve-static@~1.5.2
2014-08-14 23:50:31 -04:00
* deps: send@0 .8.2
- Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
2014-08-14 23:49:39 -04:00
2014-08-11 22:30:09 -04:00
3.16.5 / 2014-08-11
===================
2014-08-11 22:29:35 -04:00
* deps: connect@2 .25.5
- Fix backwards compatibility in `logger`
2014-08-10 22:22:58 -04:00
3.16.4 / 2014-08-10
===================
2014-08-10 22:18:12 -04:00
2014-08-10 22:20:54 -04:00
* Fix original URL parsing in `res.location`
2014-08-10 22:18:12 -04:00
* deps: connect@2 .25.4
- Fix `query` middleware breaking with argument
- deps: body-parser@~1.6.3
- deps: compression@~1.0.11
- deps: connect-timeout@~1.2.2
- deps: express-session@~1.7.5
- deps: method-override@~2.1.3
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- deps: qs@1 .2.1
- deps: response-time@~2.0.1
- deps: serve-index@~1.1.6
- deps: serve-static@~1.5.1
2014-08-10 22:19:10 -04:00
* deps: parseurl@~1.3.0
2014-08-10 22:18:12 -04:00
2014-08-07 22:32:16 -04:00
3.16.3 / 2014-08-07
===================
2014-08-07 22:31:53 -04:00
* deps: connect@2 .25.3
- deps: multiparty@3 .3.2
2014-08-07 11:59:54 -04:00
3.16.2 / 2014-08-07
===================
2014-08-07 11:53:40 -04:00
* deps: connect@2 .25.2
- deps: body-parser@~1.6.2
- deps: qs@1 .2.0
2014-08-06 18:07:31 -04:00
3.16.1 / 2014-08-06
===================
2014-08-06 18:05:50 -04:00
* deps: connect@2 .25.1
- deps: body-parser@~1.6.1
- deps: qs@1 .1.0
2014-08-06 01:40:46 -04:00
3.16.0 / 2014-08-05
===================
2014-08-06 01:35:00 -04:00
* deps: connect@2 .25.0
- deps: body-parser@~1.6.0
- deps: compression@~1.0.10
- deps: csurf@~1.4.0
- deps: express-session@~1.7.4
- deps: qs@1 .0.2
- deps: serve-static@~1.5.0
2014-08-06 01:37:13 -04:00
* deps: send@0 .8.1
- Add `extensions` option
2014-08-06 01:35:00 -04:00
2014-08-04 17:31:52 -04:00
3.15.3 / 2014-08-04
===================
2014-08-04 17:26:43 -04:00
2014-08-04 17:09:48 -04:00
* fix `res.sendfile` regression for serving directory index files
2014-08-04 17:26:43 -04:00
* deps: connect@2 .24.3
- deps: serve-index@~1.1.5
- deps: serve-static@~1.4.4
2014-08-04 17:09:48 -04:00
* deps: send@0 .7.4
- Fix incorrect 403 on Windows and Node.js 0.11
- Fix serving index files without root dir
2014-08-04 17:26:43 -04:00
2014-07-27 15:53:45 -04:00
3.15.2 / 2014-07-27
===================
2014-07-27 15:40:19 -04:00
* deps: connect@2 .24.2
- deps: body-parser@~1.5.2
- deps: depd@0 .4.4
- deps: express-session@~1.7.2
- deps: morgan@~1.2.2
- deps: serve-static@~1.4.2
2014-07-27 15:41:19 -04:00
* deps: depd@0 .4.4
- Work-around v8 generating empty stack traces
2014-07-27 15:41:54 -04:00
* deps: send@0 .7.2
- deps: depd@0 .4.4
2014-07-27 15:40:19 -04:00
2014-07-26 17:42:18 -04:00
3.15.1 / 2014-07-26
===================
2014-07-26 17:30:13 -04:00
* deps: connect@2 .24.1
2014-07-27 15:40:19 -04:00
- deps: body-parser@~1.5.1
2014-07-26 17:30:13 -04:00
- deps: depd@0 .4.3
- deps: express-session@~1.7.1
- deps: morgan@~1.2.1
- deps: serve-index@~1.1.4
- deps: serve-static@~1.4.1
2014-07-26 17:31:22 -04:00
* deps: depd@0 .4.3
- Fix exception when global `Error.stackTraceLimit` is too low
2014-07-26 17:34:29 -04:00
* deps: send@0 .7.1
- deps: depd@0 .4.3
2014-07-26 17:30:13 -04:00
2014-07-23 00:53:19 -04:00
3.15.0 / 2014-07-22
===================
2014-07-18 14:18:35 -04:00
2014-07-18 11:33:16 -04:00
* Fix `req.protocol` for proxy-direct connections
2014-07-23 00:08:15 -04:00
* Pass options from `res.sendfile` to `send`
2014-07-22 23:50:36 -04:00
* deps: connect@2 .24.0
- deps: body-parser@~1.5.0
- deps: compression@~1.0.9
- deps: connect-timeout@~1.2.1
- deps: debug@1 .0.4
- deps: depd@0 .4.2
- deps: express-session@~1.7.0
- deps: finalhandler@0 .1.0
- deps: method-override@~2.1.2
- deps: morgan@~1.2.0
- deps: multiparty@3 .3.1
- deps: parseurl@~1.2.0
- deps: serve-static@~1.4.0
2014-07-18 14:18:35 -04:00
* deps: debug@1 .0.4
2014-07-22 23:52:44 -04:00
* deps: depd@0 .4.2
- Add `TRACE_DEPRECATION` environment variable
- Remove non-standard grey color from color output
- Support `--no-deprecation` argument
- Support `--trace-deprecation` argument
2014-07-22 23:53:50 -04:00
* deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path" `RegExp`
2014-07-22 23:55:17 -04:00
* deps: send@0 .7.0
- Add `dotfiles` option
- Cap `maxAge` value to 1 year
- deps: debug@1 .0.4
- deps: depd@0 .4.2
2014-07-18 14:18:35 -04:00
2014-07-11 13:11:31 -04:00
3.14.0 / 2014-07-11
===================
2014-07-10 22:56:31 -04:00
2014-07-11 00:05:33 -04:00
* add explicit "Rosetta Flash JSONP abuse" protection
- previous versions are not vulnerable; this is just explicit protection
2014-07-10 01:15:40 -04:00
* deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
2014-07-10 11:44:47 +08:00
* fix `res.send(status, num)` to send `num` as json (not error)
2014-07-11 00:20:11 -04:00
* remove unnecessary escaping when `res.jsonp` returns JSON response
2014-07-10 23:07:45 -04:00
* deps: basic-auth@1 .0.0
- support empty password
- support empty username
2014-07-10 22:56:31 -04:00
* deps: connect@2 .23.0
- deps: debug@1 .0.3
- deps: express-session@~1.6.4
- deps: method-override@~2.1.0
- deps: parseurl@~1.1.3
- deps: serve-static@~1.3.1
2014-07-10 23:02:24 -04:00
* deps: debug@1 .0.3
- Add support for multiple wildcards in namespaces
2014-07-10 23:06:15 -04:00
* deps: methods@1 .1.0
- add `CONNECT`
2014-07-10 23:03:26 -04:00
* deps: parseurl@~1.1.3
- faster parsing of href-only URLs
2014-07-10 22:56:31 -04:00
2014-07-04 00:40:01 -04:00
3.13.0 / 2014-07-03
===================
2014-07-03 11:18:35 -04:00
2014-07-03 14:13:39 -04:00
* add deprecation message to `app.configure`
2014-07-04 00:24:01 -04:00
* add deprecation message to `req.auth`
* use `basic-auth` to parse `Authorization` header
2014-07-03 23:09:44 -04:00
* deps: connect@2 .22.0
- deps: csurf@~1.3.0
- deps: express-session@~1.6.1
- deps: multiparty@3 .3.0
- deps: serve-static@~1.3.0
2014-07-03 11:18:35 -04:00
* deps: send@0 .5.0
- Accept string for `maxage` (converted by `ms` )
- Include link in default redirect response
2014-06-26 18:35:54 -04:00
3.12.1 / 2014-06-26
===================
2014-06-26 18:25:48 -04:00
* deps: connect@2 .21.1
- deps: cookie-parser@1 .3.2
- deps: cookie-signature@1 .0.4
- deps: express-session@~1.5.2
- deps: type-is@~1.3.2
2014-06-26 18:26:34 -04:00
* deps: cookie-signature@1 .0.4
- fix for timing attacks
2014-06-26 18:25:48 -04:00
2014-06-21 21:57:02 -04:00
3.12.0 / 2014-06-21
===================
2014-06-21 17:25:50 -04:00
2014-06-21 19:32:18 -04:00
* use `media-typer` to alter content-type charset
2014-06-21 17:25:50 -04:00
* deps: connect@2 .21.0
- deprecate `connect(middleware)` -- use `app.use(middleware)` instead
- deprecate `connect.createServer()` -- use `connect()` instead
2023-02-23 11:36:40 +05:30
- fix `res.setHeader()` patch to work with get -> append -> set pattern
2014-06-21 17:25:50 -04:00
- deps: compression@~1.0.8
- deps: errorhandler@~1.1.1
- deps: express-session@~1.5.0
- deps: serve-index@~1.1.3
2014-06-19 23:36:00 -04:00
3.11.0 / 2014-06-19
===================
2014-06-19 22:55:21 -04:00
2014-06-19 23:33:56 -04:00
* deprecate things with `depd` module
2014-06-19 22:55:21 -04:00
* deps: buffer-crc32@0 .2.3
2014-06-19 23:24:07 -04:00
* deps: connect@2 .20.2
2014-07-26 17:33:12 -04:00
- deprecate `verify` option to `json` -- use `body-parser` npm module instead
- deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
2014-06-19 23:24:07 -04:00
- deprecate things with `depd` module
- use `finalhandler` for final response handling
- use `media-typer` to parse `content-type` for charset
- deps: body-parser@1 .4.3
- deps: connect-timeout@1 .1.1
- deps: cookie-parser@1 .3.1
- deps: csurf@1 .2.2
- deps: errorhandler@1 .1.0
- deps: express-session@1 .4.0
- deps: multiparty@3 .2.9
- deps: serve-index@1 .1.2
- deps: type-is@1 .3.1
- deps: vhost@2 .0.0
2014-06-19 22:55:21 -04:00
2014-06-12 00:28:08 -04:00
3.10.5 / 2014-06-11
===================
2014-06-12 00:20:30 -04:00
* deps: connect@2 .19.6
- deps: body-parser@1 .3.1
- deps: compression@1 .0.7
- deps: debug@1 .0.2
- deps: serve-index@1 .1.1
- deps: serve-static@1 .2.3
2014-06-12 00:23:15 -04:00
* deps: debug@1 .0.2
2014-06-12 00:24:21 -04:00
* deps: send@0 .4.3
2018-11-26 20:00:47 -07:00
- Do not throw uncatchable error on file open race condition
2014-06-12 00:24:21 -04:00
- Use `escape-html` for HTML escaping
- deps: debug@1 .0.2
- deps: finished@1 .2.2
- deps: fresh@0 .2.2
2014-06-12 00:20:30 -04:00
2014-06-09 18:53:52 -04:00
3.10.4 / 2014-06-09
===================
2014-06-09 18:50:00 -04:00
* deps: connect@2 .19.5
- fix "event emitter leak" warnings
- deps: csurf@1 .2.1
- deps: debug@1 .0.1
- deps: serve-static@1 .2.2
- deps: type-is@1 .2.1
2014-06-09 18:50:36 -04:00
* deps: debug@1 .0.1
2014-06-09 18:51:55 -04:00
* deps: send@0 .4.2
- fix "event emitter leak" warnings
- deps: finished@1 .2.1
- deps: debug@1 .0.1
2014-06-09 18:50:00 -04:00
2014-06-05 23:38:58 -04:00
3.10.3 / 2014-06-05
===================
2014-06-05 16:10:58 -07:00
* use `vary` module for `res.vary`
2014-06-05 23:37:22 -04:00
* deps: connect@2 .19.4
- deps: errorhandler@1 .0.2
- deps: method-override@2 .0.2
- deps: serve-favicon@2 .0.1
2014-06-05 19:34:05 -04:00
* deps: debug@1 .0.0
2014-06-05 16:10:58 -07:00
2014-06-03 21:35:34 -04:00
3.10.2 / 2014-06-03
===================
2014-06-03 21:33:55 -04:00
* deps: connect@2 .19.3
- deps: compression@1 .0.6
2014-06-03 16:45:09 -04:00
3.10.1 / 2014-06-03
===================
2014-06-03 16:42:49 -04:00
2014-06-03 16:44:29 -04:00
* deps: connect@2 .19.2
- deps: compression@1 .0.4
2014-06-03 16:42:49 -04:00
* deps: proxy-addr@1 .0.1
2014-06-03 00:40:27 -04:00
3.10.0 / 2014-06-02
===================
2014-06-02 19:19:56 -04:00
2014-06-03 00:37:57 -04:00
* deps: connect@2 .19.1
2014-07-26 17:33:12 -04:00
- deprecate `methodOverride()` -- use `method-override` npm module instead
2014-06-03 00:37:57 -04:00
- deps: body-parser@1 .3.0
- deps: method-override@2 .0.1
- deps: multiparty@3 .2.8
- deps: response-time@2 .0.0
- deps: serve-static@1 .2.1
2014-06-02 19:19:56 -04:00
* deps: methods@1 .0.1
2014-06-02 20:49:11 -04:00
* deps: send@0 .4.1
- Send `max-age` in `Cache-Control` in correct format
2014-06-02 19:19:56 -04:00
2014-05-30 21:35:12 -04:00
3.9.0 / 2014-05-30
==================
2014-04-28 10:54:51 +01:00
2014-05-30 21:02:21 -04:00
* custom etag control with `app.set('etag', val)`
- `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
- `app.set('etag', 'weak')` weak tag
- `app.set('etag', 'strong')` strong etag
- `app.set('etag', false)` turn off
- `app.set('etag', true)` standard etag
2014-04-28 10:54:51 +01:00
* Include ETag in HEAD requests
2014-05-29 23:10:25 -04:00
* mark `res.send` ETag as weak and reduce collisions
2014-05-29 22:18:38 -04:00
* update connect to 2.18.0
- deps: compression@1 .0.3
- deps: serve-index@1 .1.0
- deps: serve-static@1 .2.0
2014-05-29 22:31:29 -04:00
* update send to 0.4.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: debug@0 .8.1
2014-04-28 10:54:51 +01:00
2014-05-27 23:43:13 -04:00
3.8.1 / 2014-05-27
==================
2014-05-27 23:02:27 -04:00
* update connect to 2.17.3
- deps: body-parser@1 .2.2
- deps: express-session@1 .2.1
- deps: method-override@1 .0.2
2014-05-21 01:52:14 -04:00
3.8.0 / 2014-05-21
==================
2014-05-20 21:20:56 -04:00
2014-05-02 15:33:09 -03:00
* keep previous `Content-Type` for `res.jsonp`
2014-05-08 23:27:21 -04:00
* set proper `charset` in `Content-Type` for `res.send`
2014-05-21 00:55:10 -04:00
* update connect to 2.17.1
- fix `res.charset` appending charset when `content-type` has one
2014-05-20 21:20:56 -04:00
- deps: express-session@1 .2.0
- deps: morgan@1 .1.1
- deps: serve-index@1 .0.3
2014-05-18 10:40:13 -04:00
3.7.0 / 2014-05-18
==================
2014-05-17 14:30:52 -04:00
2014-05-09 00:53:47 -04:00
* proper proxy trust with `app.set('trust proxy', trust)`
- `app.set('trust proxy', 1)` trust first hop
- `app.set('trust proxy', 'loopback')` trust loopback addresses
- `app.set('trust proxy', '10.0.0.1')` trust single IP
- `app.set('trust proxy', '10.0.0.1/16')` trust subnet
- `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
- `app.set('trust proxy', false)` turn off
- `app.set('trust proxy', true)` trust everything
2014-05-18 01:30:44 -04:00
* update connect to 2.16.2
2014-05-17 14:30:52 -04:00
- deprecate `res.headerSent` -- use `res.headersSent`
- deprecate `res.on("header")` -- use on-headers module instead
2014-05-18 01:30:44 -04:00
- fix edge-case in `res.appendHeader` that would append in wrong order
2014-05-17 14:30:52 -04:00
- json: use body-parser
- urlencoded: use body-parser
- dep: bytes@1 .0.0
- dep: cookie-parser@1 .1.0
- dep: csurf@1 .2.0
- dep: express-session@1 .1.0
2014-05-18 01:30:44 -04:00
- dep: method-override@1 .0.1
2014-05-17 14:30:52 -04:00
2014-05-09 17:03:23 -04:00
3.6.0 / 2014-05-09
==================
2014-05-05 00:42:30 -04:00
2014-05-08 19:16:15 -04:00
* deprecate `app.del()` -- use `app.delete()` instead
2014-05-08 20:30:12 -04:00
* deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
- the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
* deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
- the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
2014-05-09 10:19:20 -04:00
* support PURGE method
- add `app.purge`
- add `router.purge`
- include PURGE in `app.all`
2014-05-05 00:42:30 -04:00
* update connect to 2.15.0
* Add `res.appendHeader`
* Call error stack even when response has been sent
* Patch `res.headerSent` to return Boolean
* Patch `res.headersSent` for node.js 0.8
* Prevent default 404 handler after response sent
* dep: compression@1 .0.2
* dep: connect-timeout@1 .1.0
* dep: debug@^0.8.0
* dep: errorhandler@1 .0.1
* dep: express-session@1 .0.4
* dep: morgan@1 .0.1
* dep: serve-favicon@2 .0.0
* dep: serve-index@1 .0.2
* update debug to 0.8.0
* add `enable()` method
* change from stderr to stdout
2014-05-09 10:19:20 -04:00
* update methods to 1.0.0
- add PURGE
2014-05-08 16:25:06 -04:00
* update mkdirp to 0.5.0
2014-05-05 00:42:30 -04:00
2014-05-08 13:51:26 -04:00
3.5.3 / 2014-05-08
==================
2014-05-07 14:07:59 -04:00
* fix `req.host` for IPv6 literals
2014-05-08 13:42:19 -04:00
* fix `res.jsonp` error if callback param is object
2014-05-07 14:07:59 -04:00
2014-04-24 16:36:37 -04:00
3.5.2 / 2014-04-24
2014-01-13 20:50:51 -08:00
==================
2014-04-24 16:36:37 -04:00
* update connect to 2.14.5
* update cookie to 0.1.2
* update mkdirp to 0.4.0
* update send to 0.3.0
3.5.1 / 2014-03-25
==================
* pin less-middleware in generated app
2014-01-13 20:50:51 -08:00
2014-03-06 14:59:36 -08:00
3.5.0 / 2014-03-06
==================
* bump deps
3.4.8 / 2014-01-13
==================
* prevent incorrect automatic OPTIONS responses #1868 @dpatti
* update binary and examples for jade 1.0 #1876 @yossi , #1877 @reqshark , #1892 @matheusazzi
* throw 400 in case of malformed paths @rlidwka
2013-12-10 23:57:39 -08:00
3.4.7 / 2013-12-10
==================
* update connect
2013-12-01 12:21:08 -08:00
3.4.6 / 2013-12-01
==================
* update connect (raw-body)
2013-11-27 15:54:41 -08:00
3.4.5 / 2013-11-27
==================
* update connect
* res.location: remove leading ./ #1802 @kapouer
* res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
* res.send: always send ETag when content-length > 0
* router: add Router.all() method
2013-10-29 10:33:32 -07:00
3.4.4 / 2013-10-29
==================
* update connect
* update supertest
* update methods
* express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
2013-10-25 14:28:24 +02:00
3.4.3 / 2013-10-23
2013-10-29 10:33:32 -07:00
==================
2013-10-23 11:19:48 -07:00
* update connect
2013-10-18 19:02:21 -07:00
3.4.2 / 2013-10-18
==================
2013-10-23 11:19:48 -07:00
2013-10-18 19:02:21 -07:00
* update connect
* downgrade commander
2013-10-15 18:28:49 -07:00
3.4.1 / 2013-10-15
==================
2013-10-23 11:19:48 -07:00
2013-10-15 18:28:49 -07:00
* update connect
* update commander
* jsonp: check if callback is a function
* router: wrap encodeURIComponent in a try/catch #1735 (@lxe )
2015-06-17 01:24:21 -04:00
* res.format: now includes charset @1747 (@sorribas )
2013-10-15 18:28:49 -07:00
* res.links: allow multiple calls @1746 (@sorribas )
2010-07-30 10:16:30 -07:00
2013-10-15 18:28:49 -07:00
3.4.0 / 2013-09-07
2013-09-07 12:25:00 -07:00
==================
* add res.vary(). Closes #1682
* update connect
2013-10-15 18:28:49 -07:00
3.3.8 / 2013-09-02
2013-09-02 08:01:07 -07:00
==================
* update connect
2013-10-15 18:28:49 -07:00
3.3.7 / 2013-08-28
2013-08-28 09:39:31 -07:00
==================
* update connect
2013-10-15 18:28:49 -07:00
3.3.6 / 2013-08-27
2013-08-27 13:49:09 -07:00
==================
* Revert "remove charset from json responses. Closes #1631 " (causes issues in some clients)
* add: req.accepts take an argument list
2013-10-15 18:28:49 -07:00
3.3.4 / 2013-07-08
2013-07-08 14:42:45 -07:00
==================
* update send and connect
2013-10-15 18:28:49 -07:00
3.3.3 / 2013-07-04
2013-07-04 07:37:17 -07:00
==================
* update connect
2013-10-15 18:28:49 -07:00
3.3.2 / 2013-07-03
2013-07-03 11:25:54 -07:00
==================
* update connect
* update send
* remove .version export
2013-10-15 18:28:49 -07:00
3.3.1 / 2013-06-27
2013-06-27 08:32:37 -07:00
==================
* update connect
2013-10-15 18:28:49 -07:00
3.3.0 / 2013-06-26
2013-06-26 10:07:34 -07:00
==================
* update connect
* add support for multiple X-Forwarded-Proto values. Closes #1646
* change: remove charset from json responses. Closes #1631
* change: return actual booleans from req.accept* functions
* fix jsonp callback array throw
2013-10-15 18:28:49 -07:00
3.2.6 / 2013-06-02
2013-06-02 17:15:39 -07:00
==================
* update connect
2013-10-15 18:28:49 -07:00
3.2.5 / 2013-05-21
2013-05-21 21:01:24 -07:00
==================
* update connect
* update node-cookie
* add: throw a meaningful error when there is no default engine
* change generation of ETags with res.send() to GET requests only. Closes #1619
2013-10-15 18:28:49 -07:00
3.2.4 / 2013-05-09
2013-05-09 09:17:48 -07:00
==================
2013-10-15 18:28:49 -07:00
2013-05-09 09:17:48 -07:00
* fix `req.subdomains` when no Host is present
* fix `req.host` when no Host is present, return undefined
2013-10-15 18:28:49 -07:00
3.2.3 / 2013-05-07
2013-05-07 07:55:06 -07:00
==================
* update connect / qs
2013-10-15 18:28:49 -07:00
3.2.2 / 2013-05-03
2013-05-03 12:54:52 -07:00
==================
* update qs
2013-10-15 18:28:49 -07:00
3.2.1 / 2013-04-29
2013-04-29 19:17:08 -07:00
==================
* add app.VERB() paths array deprecation warning
* update connect
* update qs and remove all ~ semver crap
* fix: accept number as value of Signed Cookie
2013-10-15 18:28:49 -07:00
3.2.0 / 2013-04-15
2013-04-15 12:34:41 -07:00
==================
* add "view" constructor setting to override view behaviour
* add req.acceptsEncoding(name)
* add req.acceptedEncodings
* revert cookie signature change causing session race conditions
2013-10-15 18:28:49 -07:00
* fix sorting of Accept values of the same quality
2013-04-15 12:34:41 -07:00
2013-10-15 18:28:49 -07:00
3.1.2 / 2013-04-12
2013-04-12 12:14:02 -07:00
==================
* add support for custom Accept parameters
* update cookie-signature
2013-10-15 18:28:49 -07:00
3.1.1 / 2013-04-01
2013-04-01 11:25:58 -07:00
==================
* add X-Forwarded-Host support to `req.host`
2013-10-15 18:28:49 -07:00
* fix relative redirects
* update mkdirp
2013-04-01 11:25:58 -07:00
* update buffer-crc32
* remove legacy app.configure() method from app template.
2013-01-25 20:28:58 -08:00
3.1.0 / 2013-01-25
==================
* add support for leading "." in "view engine" setting
* add array support to `res.set()`
* add node 0.8.x to travis.yml
* add "subdomain offset" setting for tweaking `req.subdomains`
* add `res.location(url)` implementing `res.redirect()` -like setting of Location
* use app.get() for x-powered-by setting for inheritance
* fix colons in passwords for `req.auth`
2013-01-04 18:52:04 -08:00
3.0.6 / 2013-01-04
==================
* add http verb methods to Router
* update connect
* fix mangling of the `res.cookie()` options object
* fix jsonp whitespace escape. Closes #1132
3.0.5 / 2012-12-19
2012-12-19 13:46:16 -08:00
==================
* add throwing when a non-function is passed to a route
* fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
* revert "add 'etag' option"
2013-01-04 18:52:04 -08:00
3.0.4 / 2012-12-05
2012-12-05 17:10:59 -08:00
==================
* add 'etag' option to disable `res.send()` Etags
* add escaping of urls in text/plain in `res.redirect()`
for old browsers interpreting as html
* change crc32 module for a more liberal license
* update connect
2013-01-04 18:52:04 -08:00
3.0.3 / 2012-11-13
2012-11-13 09:14:13 -08:00
==================
* update connect
* update cookie module
* fix cookie max-age
2013-01-04 18:52:04 -08:00
3.0.2 / 2012-11-08
2012-11-08 09:15:59 -08:00
==================
* add OPTIONS to cors example. Closes #1398
* fix route chaining regression. Closes #1397
2013-01-04 18:52:04 -08:00
3.0.1 / 2012-11-01
2012-11-01 17:27:53 -07:00
==================
* update connect
2013-01-04 18:52:04 -08:00
3.0.0 / 2012-10-23
2012-10-23 15:29:20 -07:00
==================
* add `make clean`
* add "Basic" check to req.auth
* add `req.auth` test coverage
* add cb && cb(payload) to `res.jsonp()` . Closes #1374
* add backwards compat for `res.redirect()` status. Closes #1336
* add support for `res.json()` to retain previously defined Content-Types. Closes #1349
* update connect
* change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
* remove non-primitive string support for `res.send()`
* fix view-locals example. Closes #1370
* fix route-separation example
2013-01-04 18:52:04 -08:00
3.0.0rc5 / 2012-09-18
2012-09-18 11:48:20 -07:00
==================
* update connect
* add redis search example
* add static-files example
* add "x-powered-by" setting (`app.disable('x-powered-by')` )
* add "application/octet-stream" redirect Accept test case. Closes #1317
2013-01-04 18:52:04 -08:00
3.0.0rc4 / 2012-08-30
2012-08-30 22:13:38 -07:00
==================
* add `res.jsonp()` . Closes #1307
* add "verbose errors" option to error-pages example
* add another route example to express(1) so people are not so confused
* add redis online user activity tracking example
* update connect dep
* fix etag quoting. Closes #1310
* fix error-pages 404 status
* fix jsonp callback char restrictions
* remove old OPTIONS default response
2013-01-04 18:52:04 -08:00
3.0.0rc3 / 2012-08-13
2012-08-13 20:23:59 -07:00
==================
* update connect dep
* fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
* fix `res.render()` clobbering of "locals"
2013-01-04 18:52:04 -08:00
3.0.0rc2 / 2012-08-03
2012-08-03 13:32:53 -07:00
==================
* add CORS example
* update connect dep
* deprecate `.createServer()` & remove old stale examples
* fix: escape `res.redirect()` link
* fix vhost example
2013-01-04 18:52:04 -08:00
3.0.0rc1 / 2012-07-24
2012-07-24 13:32:49 -07:00
==================
* add more examples to view-locals
* add scheme-relative redirects (`res.redirect("//foo.com")` ) support
* update cookie dep
* update connect dep
* update send dep
* fix `express(1)` -h flag, use -H for hogan. Closes #1245
* fix `res.sendfile()` socket error handling regression
2013-01-04 18:52:04 -08:00
3.0.0beta7 / 2012-07-16
2012-07-16 09:25:03 -07:00
==================
* update connect dep for `send()` root normalization regression
2013-01-04 18:52:04 -08:00
3.0.0beta6 / 2012-07-13
2012-07-13 09:19:24 -07:00
==================
* add `err.view` property for view errors. Closes #1226
* add "jsonp callback name" setting
* add support for "/foo/:bar*" non-greedy matches
* change `res.sendfile()` to use `send()` module
* change `res.send` to use "response-send" module
* remove `app.locals.use` and `res.locals.use` , use regular middleware
2013-01-04 18:52:04 -08:00
3.0.0beta5 / 2012-07-03
2012-07-03 10:20:19 -07:00
==================
* add "make check" support
* add route-map example
* add `res.json(obj, status)` support back for BC
* add "methods" dep, remove internal methods module
* update connect dep
* update auth example to utilize cores pbkdf2
* updated tests to use "supertest"
2013-01-04 18:52:04 -08:00
3.0.0beta4 / 2012-06-25
2012-06-25 12:08:22 -07:00
==================
* Added `req.auth`
* Added `req.range(size)`
* Added `res.links(obj)`
* Added `res.send(body, status)` support back for backwards compat
* Added `.default()` support to `res.format()`
* Added 2xx / 304 check to `req.fresh`
* Revert "Added + support to the router"
* Fixed `res.send()` freshness check, respect res.statusCode
2013-01-04 18:52:04 -08:00
3.0.0beta3 / 2012-06-15
2012-06-15 11:40:49 -07:00
==================
* Added hogan `--hjs` to express(1) [nullfirm]
* Added another example to content-negotiation
* Added `fresh` dep
* Changed: `res.send()` always checks freshness
2015-06-17 01:24:21 -04:00
* Fixed: expose connects mime module. Closes #1165
2012-06-15 11:40:49 -07:00
2013-01-04 18:52:04 -08:00
3.0.0beta2 / 2012-06-06
2012-06-06 14:46:52 -07:00
==================
* Added `+` support to the router
* Added `req.host`
* Changed `req.param()` to check route first
* Update connect dep
2013-01-04 18:52:04 -08:00
3.0.0beta1 / 2012-06-01
2012-06-01 12:27:19 -07:00
==================
* Added `res.format()` callback to override default 406 behaviour
* Fixed `res.redirect()` 406. Closes #1154
2013-01-04 18:52:04 -08:00
3.0.0alpha5 / 2012-05-30
2012-05-30 16:48:22 -07:00
==================
* Added `req.ip`
* Added `{ signed: true }` option to `res.cookie()`
* Removed `res.signedCookie()`
* Changed: dont reverse `req.ips`
* Fixed "trust proxy" setting check for `req.ips`
2013-01-04 18:52:04 -08:00
3.0.0alpha4 / 2012-05-09
2012-05-09 15:18:21 -07:00
==================
* Added: allow `[]` in jsonp callback. Closes #1128
* Added `PORT` env var support in generated template. Closes #1118 [benatkin]
* Updated: connect 2.2.2
2013-01-04 18:52:04 -08:00
3.0.0alpha3 / 2012-05-04
2012-05-04 17:19:27 -07:00
==================
* Added public `app.routes` . Closes #887
* Added _ view-locals _ example
* Added _ mvc _ example
* Added `res.locals.use()` . Closes #1120
* Added conditional-GET support to `res.send()`
* Added: coerce `res.set()` values to strings
* Changed: moved `static()` in generated apps below router
* Changed: `res.send()` only set ETag when not previously set
* Changed connect 2.2.1 dep
* Changed: `make test` now runs unit / acceptance tests
* Fixed req/res proto inheritance
2013-01-04 18:52:04 -08:00
3.0.0alpha2 / 2012-04-26
2012-04-26 03:10:07 -07:00
==================
* Added `make benchmark` back
* Added `res.send()` support for `String` objects
* Added client-side data exposing example
* Added `res.header()` and `req.header()` aliases for BC
* Added `express.createServer()` for BC
* Perf: memoize parsed urls
* Perf: connect 2.2.0 dep
* Changed: make `expressInit()` middleware self-aware
* Fixed: use app.get() for all core settings
* Fixed redis session example
* Fixed session example. Closes #1105
* Fixed generated express dep. Closes #1078
2013-01-04 18:52:04 -08:00
3.0.0alpha1 / 2012-04-15
2012-04-15 11:40:31 -07:00
==================
* Added `app.locals.use(callback)`
* Added `app.locals` object
* Added `app.locals(obj)`
* Added `res.locals` object
* Added `res.locals(obj)`
* Added `res.format()` for content-negotiation
* Added `app.engine()`
* Added `res.cookie()` JSON cookie support
* Added "trust proxy" setting
* Added `req.subdomains`
* Added `req.protocol`
* Added `req.secure`
* Added `req.path`
* Added `req.ips`
* Added `req.fresh`
* Added `req.stale`
2015-06-17 01:24:21 -04:00
* Added comma-delimited / array support for `req.accepts()`
2012-04-15 11:40:31 -07:00
* Added debug instrumentation
* Added `res.set(obj)`
* Added `res.set(field, value)`
* Added `res.get(field)`
* Added `app.get(setting)` . Closes #842
* Added `req.acceptsLanguage()`
* Added `req.acceptsCharset()`
* Added `req.accepted`
* Added `req.acceptedLanguages`
* Added `req.acceptedCharsets`
* Added "json replacer" setting
* Added "json spaces" setting
* Added X-Forwarded-Proto support to `res.redirect()` . Closes #92
* Added `--less` support to express(1)
* Added `express.response` prototype
* Added `express.request` prototype
* Added `express.application` prototype
* Added `app.path()`
* Added `app.render()`
* Added `res.type()` to replace `res.contentType()`
* Changed: `res.redirect()` to add relative support
* Changed: enable "jsonp callback" by default
* Changed: renamed "case sensitive routes" to "case sensitive routing"
* Rewrite of all tests with mocha
* Removed "root" setting
* Removed `res.redirect('home')` support
* Removed `req.notify()`
* Removed `app.register()`
* Removed `app.redirect()`
* Removed `app.is()`
* Removed `app.helpers()`
* Removed `app.dynamicHelpers()`
* Fixed `res.sendfile()` with non-GET. Closes #723
* Fixed express(1) public dir for windows. Closes #866
2013-01-04 18:52:04 -08:00
2.5.9/ 2012-04-02
2012-04-15 11:24:08 -07:00
==================
* Added support for PURGE request method [pbuyle]
* Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
2013-01-04 18:52:04 -08:00
2.5.8 / 2012-02-08
2012-04-15 11:24:08 -07:00
==================
* Update mkdirp dep. Closes #991
2013-01-04 18:52:04 -08:00
2.5.7 / 2012-02-06
2012-04-15 11:24:08 -07:00
==================
* Fixed `app.all` duplicate DELETE requests [mscdex]
2013-01-04 18:52:04 -08:00
2.5.6 / 2012-01-13
2012-04-15 11:24:08 -07:00
==================
* Updated hamljs dev dep. Closes #953
2013-01-04 18:52:04 -08:00
2.5.5 / 2012-01-08
2012-04-15 11:24:08 -07:00
==================
* Fixed: set `filename` on cached templates [matthewleon]
2013-01-04 18:52:04 -08:00
2.5.4 / 2012-01-02
2012-04-15 11:24:08 -07:00
==================
* Fixed `express(1)` eol on 0.4.x. Closes #947
2013-01-04 18:52:04 -08:00
2.5.3 / 2011-12-30
2012-04-15 11:24:08 -07:00
==================
* Fixed `req.is()` when a charset is present
2013-01-04 18:52:04 -08:00
2.5.2 / 2011-12-10
2012-04-15 11:24:08 -07:00
==================
* Fixed: express(1) LF -> CRLF for windows
2013-01-04 18:52:04 -08:00
2.5.1 / 2011-11-17
2012-04-15 11:24:08 -07:00
==================
* Changed: updated connect to 1.8.x
* Removed sass.js support from express(1)
2013-01-04 18:52:04 -08:00
2.5.0 / 2011-10-24
2012-04-15 11:24:08 -07:00
==================
* Added ./routes dir for generated app by default
* Added npm install reminder to express(1) app gen
* Added 0.5.x support
* Removed `make test-cov` since it wont work with node 0.5.x
* Fixed express(1) public dir for windows. Closes #866
2013-01-04 18:52:04 -08:00
2.4.7 / 2011-10-05
2012-04-15 11:24:08 -07:00
==================
* Added mkdirp to express(1). Closes #795
* Added simple _ json-config _ example
* Added shorthand for the parsed request's pathname via `req.path`
* Changed connect dep to 1.7.x to fix npm issue...
* Fixed `res.redirect()` __HEAD __ support. [reported by xerox]
* Fixed `req.flash()` , only escape args
* Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
2013-01-04 18:52:04 -08:00
2.4.6 / 2011-08-22
2012-04-15 11:24:08 -07:00
==================
* Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
2013-01-04 18:52:04 -08:00
2.4.5 / 2011-08-19
2011-08-19 10:12:38 -07:00
==================
* Added support for routes to handle errors. Closes #809
* Added `app.routes.all()` . Closes #803
2013-01-04 18:52:04 -08:00
* Added "basepath" setting to work in conjunction with reverse proxies etc.
2012-04-15 11:24:08 -07:00
* Refactored `Route` to use a single array of callbacks
2011-08-19 10:12:38 -07:00
* Added support for multiple callbacks for `app.param()` . Closes #801
Closes #805
* Changed: removed .call(self) for route callbacks
* Dependency: `qs >= 0.3.1`
* Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
2013-01-04 18:52:04 -08:00
2.4.4 / 2011-08-05
2011-08-19 10:12:38 -07:00
==================
* Fixed `res.header()` intention of a set, even when `undefined`
* Fixed `*` , value no longer required
* Fixed `res.send(204)` support. Closes #771
2013-01-04 18:52:04 -08:00
2.4.3 / 2011-07-14
2011-07-14 12:58:24 -07:00
==================
* Added docs for `status` option special-case. Closes #739
* Fixed `options.filename` , exposing the view path to template engines
2013-01-04 18:52:04 -08:00
2.4.2. / 2011-07-06
2011-07-06 20:15:44 -07:00
==================
* Revert "removed jsonp stripping" for XSS
2013-01-04 18:52:04 -08:00
2.4.1 / 2011-07-06
2011-07-06 09:57:06 -07:00
==================
* Added `res.json()` JSONP support. Closes #737
* Added _ extending-templates _ example. Closes #730
* Added "strict routing" setting for trailing slashes
* Added support for multiple envs in `app.configure()` calls. Closes #735
* Changed: `res.send()` using `res.json()`
* Changed: when cookie `path === null` don't default it
* Changed; default cookie path to "home" setting. Closes #731
* Removed _ pids/logs _ creation from express(1)
2013-01-04 18:52:04 -08:00
2.4.0 / 2011-06-28
2011-06-28 09:41:21 -07:00
==================
* Added chainable `res.status(code)`
* Added `res.json()` , an explicit version of `res.send(obj)`
* Added simple web-service example
2013-01-04 18:52:04 -08:00
2.3.12 / 2011-06-22
2011-06-22 13:56:13 -07:00
==================
* \#express is now on freenode! come join!
* Added `req.get(field, param)`
* Added links to Japanese documentation, thanks @hideyukisaito !
* Added; the `express(1)` generated app outputs the env
* Added `content-negotiation` example
* Dependency: connect >= 1.5.1 < 2.0.0
* Fixed view layout bug. Closes #720
* Fixed; ignore body on 304. Closes #701
2013-01-04 18:52:04 -08:00
2.3.11 / 2011-06-04
2011-06-04 10:50:10 -07:00
==================
* Added `npm test`
* Removed generation of dummy test file from `express(1)`
* Fixed; `express(1)` adds express as a dep
* Fixed; prune on `prepublish`
2013-01-04 18:52:04 -08:00
2.3.10 / 2011-05-27
2011-05-27 09:20:03 -07:00
==================
* Added `req.route` , exposing the current route
* Added _ package.json _ generation support to `express(1)`
* Fixed call to `app.param()` function for optional params. Closes #682
2013-01-04 18:52:04 -08:00
2.3.9 / 2011-05-25
2011-05-25 10:18:26 -07:00
==================
* Fixed bug-ish with `../' in ` res.partial()` calls
2.3.8 / 2011-05-24
==================
* Fixed `app.options()`
2.3.7 / 2011-05-23
2011-05-23 15:54:17 -07:00
==================
* Added route `Collection` , ex: `app.get('/user/:id').remove();`
* Added support for `app.param(fn)` to define param logic
* Removed `app.param()` support for callback with return value
* Removed module.parent check from express(1) generated app. Closes #670
* Refactored router. Closes #639
2013-01-04 18:52:04 -08:00
2.3.6 / 2011-05-20
2011-05-20 09:42:01 -07:00
==================
* Changed; using devDependencies instead of git submodules
* Fixed redis session example
* Fixed markdown example
* Fixed view caching, should not be enabled in development
2013-01-04 18:52:04 -08:00
2.3.5 / 2011-05-20
2011-05-20 07:32:16 -07:00
==================
* Added export `.view` as alias for `.View`
2013-01-04 18:52:04 -08:00
2.3.4 / 2011-05-08
2011-05-08 10:53:57 -07:00
==================
* Added `./examples/say`
* Fixed `res.sendfile()` bug preventing the transfer of files with spaces
2013-01-04 18:52:04 -08:00
2.3.3 / 2011-05-03
2011-05-03 11:31:16 -07:00
==================
* Added "case sensitive routes" option.
* Changed; split methods supported per rfc [slaskis]
* Fixed route-specific middleware when using the same callback function several times
2013-01-04 18:52:04 -08:00
2.3.2 / 2011-04-27
2011-04-27 09:12:54 -07:00
==================
* Fixed view hints
2013-01-04 18:52:04 -08:00
2.3.1 / 2011-04-26
2011-04-26 15:26:04 -07:00
==================
* Added `app.match()` as `app.match.all()`
* Added `app.lookup()` as `app.lookup.all()`
* Added `app.remove()` for `app.remove.all()`
* Added `app.remove.VERB()`
* Fixed template caching collision issue. Closes #644
* Moved router over from connect and started refactor
2013-01-04 18:52:04 -08:00
2.3.0 / 2011-04-25
2011-04-25 09:49:54 -07:00
==================
* Added options support to `res.clearCookie()`
* Added `res.helpers()` as alias of `res.locals()`
* Added; json defaults to UTF-8 with `res.send()` . Closes #632 . [Daniel * Dependency `connect >= 1.4.0`
* Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
* Renamed "cache views" to "view cache". Closes #628
* Fixed caching of views when using several apps. Closes #637
2013-01-04 18:52:04 -08:00
* Fixed gotcha invoking `app.param()` callbacks once per route middleware.
2011-04-25 09:49:54 -07:00
Closes #638
* Fixed partial lookup precedence. Closes #631
Shaw]
2013-01-04 18:52:04 -08:00
2.2.2 / 2011-04-12
2011-04-12 02:44:47 -07:00
==================
* Added second callback support for `res.download()` connection errors
* Fixed `filename` option passing to template engine
2013-01-04 18:52:04 -08:00
2.2.1 / 2011-04-04
2011-04-04 12:23:37 -07:00
==================
* Added `layout(path)` helper to change the layout within a view. Closes #610
* Fixed `partial()` collection object support.
Previously only anything with `.length` would work.
When `.length` is present one must still be aware of holes,
however now `{ collection: {foo: 'bar'}}` is valid, exposes
`keyInCollection` and `keysInCollection` .
* Performance improved with better view caching
* Removed `request` and `response` locals
* Changed; errorHandler page title is now `Express` instead of `Connect`
2013-01-04 18:52:04 -08:00
2.2.0 / 2011-03-30
2011-03-30 11:40:47 -07:00
==================
* Added `app.lookup.VERB()` , ex `app.lookup.put('/user/:id')` . Closes #606
* Added `app.match.VERB()` , ex `app.match.put('/user/12')` . Closes #606
* Added `app.VERB(path)` as alias of `app.lookup.VERB()` .
2011-03-30 11:58:26 -07:00
* Dependency `connect >= 1.2.0`
2011-03-30 11:40:47 -07:00
2013-01-04 18:52:04 -08:00
2.1.1 / 2011-03-29
2011-03-29 10:40:26 -07:00
==================
* Added; expose `err.view` object when failing to locate a view
* Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
* Fixed; `res.send(undefined)` responds with 204 [aheckmann]
2013-01-04 18:52:04 -08:00
2.1.0 / 2011-03-24
2011-03-18 09:18:29 -07:00
==================
2011-03-24 13:47:38 -07:00
* Added `<root>/_?<name>` partial lookup support. Closes #447
* Added `request` , `response` , and `app` local variables
* Added `settings` local variable, containing the app's settings
* Added `req.flash()` exception if `req.session` is not available
* Added `res.send(bool)` support (json response)
* Fixed stylus example for latest version
* Fixed; wrap try/catch around `res.render()`
2011-03-18 09:18:29 -07:00
2013-01-04 18:52:04 -08:00
2.0.0 / 2011-03-17
2011-03-17 18:06:30 -07:00
==================
* Fixed up index view path alternative.
* Changed; `res.locals()` without object returns the locals
2013-01-04 18:52:04 -08:00
2.0.0rc3 / 2011-03-17
2011-03-17 13:01:59 -07:00
==================
* Added `res.locals(obj)` to compliment `res.local(key, val)`
* Added `res.partial()` callback support
* Fixed recursive error reporting issue in `res.render()`
2013-01-04 18:52:04 -08:00
2.0.0rc2 / 2011-03-17
2011-03-17 11:01:20 -07:00
==================
* Changed; `partial()` "locals" are now optional
* Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
* Fixed .filename view engine option [reported by drudge]
* Fixed blog example
* Fixed `{req,res}.app` reference when mounting [Ben Weaver]
2013-01-04 18:52:04 -08:00
2.0.0rc / 2011-03-14
2011-03-14 15:01:37 -07:00
==================
* Fixed; expose `HTTPSServer` constructor
* Fixed express(1) default test charset. Closes #579 [reported by secoif]
* Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
2013-01-04 18:52:04 -08:00
2.0.0beta3 / 2011-03-09
2011-03-09 15:45:55 -08:00
==================
* Added support for `res.contentType()` literal
The original `res.contentType('.json')` ,
`res.contentType('application/json')` , and `res.contentType('json')`
will work now.
* Added `res.render()` status option support back
* Added charset option for `res.render()`
* Added `.charset` support (via connect 1.0.4)
* Added view resolution hints when in development and a lookup fails
* Added layout lookup support relative to the page view.
For example while rendering `./views/user/index.jade` if you create
`./views/user/layout.jade` it will be used in favour of the root layout.
* Fixed `res.redirect()` . RFC states absolute url [reported by unlink]
* Fixed; default `res.send()` string charset to utf8
* Removed `Partial` constructor (not currently used)
2013-01-04 18:52:04 -08:00
2.0.0beta2 / 2011-03-07
2011-03-07 09:40:39 -08:00
==================
* Added res.render() `.locals` support back to aid in migration process
* Fixed flash example
2013-01-04 18:52:04 -08:00
2.0.0beta / 2011-03-03
2011-03-03 10:00:56 -08:00
==================
* Added HTTPS support
2011-03-03 15:30:43 -08:00
* Added `res.cookie()` maxAge support
2011-03-03 10:00:56 -08:00
* Added `req.header()` _ Referrer _ / _ Referer _ special-case, either works
* Added mount support for `res.redirect()` , now respects the mount-point
* Added `union()` util, taking place of `merge(clone())` combo
* Added stylus support to express(1) generated app
* Added secret to session middleware used in examples and generated app
* Added `res.local(name, val)` for progressive view locals
* Added default param support to `req.param(name, default)`
* Added `app.disabled()` and `app.enabled()`
* Added `app.register()` support for omitting leading ".", either works
* Added `res.partial()` , using the same interface as `partial()` within a view. Closes #539
* Added `app.param()` to map route params to async/sync logic
* Added; aliased `app.helpers()` as `app.locals()` . Closes #481
* Added extname with no leading "." support to `res.contentType()`
* Added `cache views` setting, defaulting to enabled in "production" env
* Added index file partial resolution, eg: partial('user') may try _ views/user/index.jade _ .
* Added `req.accepts()` support for extensions
* Changed; `res.download()` and `res.sendfile()` now utilize Connect's
static file server `connect.static.send()` .
* Changed; replaced `connect.utils.mime()` with npm _ mime _ module
* Changed; allow `req.query` to be pre-defined (via middleware or other parent
* Changed view partial resolution, now relative to parent view
* Changed view engine signature. no longer `engine.render(str, options, callback)` , now `engine.compile(str, options) -> Function` , the returned function accepts `fn(locals)` .
* Fixed `req.param()` bug returning Array.prototype methods. Closes #552
2011-03-03 16:34:05 -08:00
* Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
2011-03-03 10:00:56 -08:00
* Fixed; using _ qs _ module instead of _ querystring _
* Fixed; strip unsafe chars from jsonp callbacks
* Removed "stream threshold" setting
2013-01-04 18:52:04 -08:00
1.0.8 / 2011-03-01
2011-03-03 09:36:38 -08:00
==================
* Allow `req.query` to be pre-defined (via middleware or other parent app)
* "connect": ">= 0.5.0 < 1.0.0". Closes #547
* Removed the long deprecated __EXPRESS_ENV __ support
2013-01-04 18:52:04 -08:00
1.0.7 / 2011-02-07
2011-03-03 09:36:38 -08:00
==================
* Fixed `render()` setting inheritance.
Mounted apps would not inherit "view engine"
2013-01-04 18:52:04 -08:00
1.0.6 / 2011-02-07
2011-03-03 09:36:38 -08:00
==================
* Fixed `view engine` setting bug when period is in dirname
2013-01-04 18:52:04 -08:00
1.0.5 / 2011-02-05
2011-03-03 09:36:38 -08:00
==================
* Added secret to generated app `session()` call
2013-01-04 18:52:04 -08:00
1.0.4 / 2011-02-05
2011-03-03 09:36:38 -08:00
==================
* Added `qs` dependency to _ package.json _
* Fixed namespaced `require()` s for latest connect support
2013-01-04 18:52:04 -08:00
1.0.3 / 2011-01-13
2011-01-20 08:39:29 -08:00
==================
* Remove unsafe characters from JSONP callback names [Ryan Grove]
2013-01-04 18:52:04 -08:00
1.0.2 / 2011-01-10
2011-01-20 08:39:29 -08:00
==================
* Removed nested require, using `connect.router`
2013-01-04 18:52:04 -08:00
1.0.1 / 2010-12-29
2011-01-20 08:39:29 -08:00
==================
* Fixed for middleware stacked via `createServer()`
previously the `foo` middleware passed to `createServer(foo)`
would not have access to Express methods such as `res.send()`
or props like `req.query` etc.
2013-01-04 18:52:04 -08:00
1.0.0 / 2010-11-16
2010-11-16 17:54:58 -08:00
==================
* Added; deduce partial object names from the last segment.
For example by default `partial('forum/post', postObject)` will
give you the _ post _ object, providing a meaningful default.
* Added http status code string representation to `res.redirect()` body
* Added; `res.redirect()` supporting _ text/plain _ and _ text/html _ via __Accept __ .
* Added `req.is()` to aid in content negotiation
* Added partial local inheritance [suggested by masylum]. Closes #102
providing access to parent template locals.
* Added _ -s, --session[s] _ flag to express(1) to add session related middleware
* Added _ --template _ flag to express(1) to specify the
template engine to use.
2013-01-04 18:52:04 -08:00
* Added _ --css _ flag to express(1) to specify the
2010-11-16 17:54:58 -08:00
stylesheet engine to use (or just plain css by default).
* Added `app.all()` support [thanks aheckmann]
* Added partial direct object support.
You may now `partial('user', user)` providing the "user" local,
vs previously `partial('user', { object: user })` .
* Added _ route-separation _ example since many people question ways
to do this with CommonJS modules. Also view the _ blog _ example for
an alternative.
* Performance; caching view path derived partial object names
* Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
* Fixed jsonp support; _ text/javascript _ as per mailinglist discussion
2013-01-04 18:52:04 -08:00
1.0.0rc4 / 2010-10-14
2010-10-14 03:50:10 -07:00
==================
* Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
* Added route-middleware support (very helpful, see the [docs ](http://expressjs.com/guide.html#Route-Middleware ))
* Added _ jsonp callback _ setting to enable/disable jsonp autowrapping [Dav Glass]
* Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
* Added `partial()` support for array-like collections. Closes #434
* Added support for swappable querystring parsers
* Added session usage docs. Closes #443
* Added dynamic helper caching. Closes #439 [suggested by maritz]
* Added authentication example
* Added basic Range support to `res.sendfile()` (and `res.download()` etc)
* Changed; `express(1)` generated app using 2 spaces instead of 4
* Default env to "development" again [aheckmann]
* Removed _ context _ option is no more, use "scope"
* Fixed; exposing _ ./support _ libs to examples so they can run without installs
* Fixed mvc example
2013-01-04 18:52:04 -08:00
1.0.0rc3 / 2010-09-20
2010-09-20 09:50:38 -07:00
==================
* Added confirmation for `express(1)` app generation. Closes #391
* Added extending of flash formatters via `app.flashFormatters`
* Added flash formatter support. Closes #411
* Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
* Added _ stream threshold _ setting for `res.sendfile()`
* Added `res.send()` __HEAD __ support
* Added `res.clearCookie()`
* Added `res.cookie()`
* Added `res.render()` headers option
* Added `res.redirect()` response bodies
* Added `res.render()` status option support. Closes #425 [thanks aheckmann]
* Fixed `res.sendfile()` responding with 403 on malicious path
* Fixed `res.download()` bug; when an error occurs remove _ Content-Disposition _
* Fixed; mounted apps settings now inherit from parent app [aheckmann]
* Fixed; stripping Content-Length / Content-Type when 204
* Fixed `res.send()` 204. Closes #419
* Fixed multiple _ Set-Cookie _ headers via `res.header()` . Closes #402
* Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()` . [thanks guillermo]
2013-01-04 18:52:04 -08:00
1.0.0rc2 / 2010-08-17
2010-08-17 13:09:17 -07:00
==================
* Added `app.register()` for template engine mapping. Closes #390
* Added `res.render()` callback support as second argument (no options)
* Added callback support to `res.download()`
* Added callback support for `res.sendfile()`
* Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
* Added "partials" setting to docs
* Added default expresso tests to `express(1)` generated app. Closes #384
* Fixed `res.sendfile()` error handling, defer via `next()`
* Fixed `res.render()` callback when a layout is used [thanks guillermo]
* Fixed; `make install` creating ~/.node_libraries when not present
2013-01-04 18:52:04 -08:00
* Fixed issue preventing error handlers from being defined anywhere. Closes #387
2010-08-17 13:09:17 -07:00
2010-07-30 10:16:30 -07:00
1.0.0rc / 2010-07-28
==================
* Added mounted hook. Closes #369
* Added connect dependency to _ package.json _
* Removed "reload views" setting and support code
development env never caches, production always caches.
* Removed _ param _ in route callbacks, signature is now
simply (req, res, next), previously (req, res, params, next).
Use _ req.params _ for path captures, _ req.query _ for GET params.
* Fixed "home" setting
* Fixed middleware/router precedence issue. Closes #366
* Fixed; _ configure() _ callbacks called immediately. Closes #368
2013-01-04 18:52:04 -08:00
2010-07-23 17:06:47 -07:00
1.0.0beta2 / 2010-07-23
==================
* Added more examples
* Added; exporting `Server` constructor
* Added `Server#helpers()` for view locals
* Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
* Added support for absolute view paths
* Added; _ home _ setting defaults to `Server#route` for mounted apps. Closes #363
* Added Guillermo Rauch to the contributor list
* Added support for "as" for non-collection partials. Closes #341
2010-07-23 17:09:57 -07:00
* Fixed _ install.sh _ , ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
2010-07-23 17:06:47 -07:00
* Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
* Fixed instanceof `Array` checks, now `Array.isArray()`
* Fixed express(1) expansion of public dirs. Closes #348
* Fixed middleware precedence. Closes #345
* Fixed view watcher, now async [thanks aheckmann]
2009-10-01 13:19:18 -07:00
2010-07-15 14:48:55 -07:00
1.0.0beta / 2010-07-15
==================
2010-07-15 16:45:11 -07:00
* Re-write
- much faster
- much lighter
- Check [ExpressJS.com ](http://expressjs.com ) for migration guide and updated docs
2010-07-15 14:48:55 -07:00
2010-06-15 14:22:51 -07:00
0.14.0 / 2010-06-15
==================
* Utilize relative requires
* Added Static bufferSize option [aheckmann]
* Fixed caching of view and partial subdirectories [aheckmann]
* Fixed mime.type() comments now that ".ext" is not supported
* Updated haml submodule
* Updated class submodule
* Removed bin/express
2010-06-01 08:49:04 -07:00
0.13.0 / 2010-06-01
==================
* Added node v0.1.97 compatibility
* Added support for deleting cookies via Request#cookie ('key', null)
* Updated haml submodule
2023-02-23 11:36:40 +05:30
* Fixed not-found page, now using charset utf-8
* Fixed show-exceptions page, now using charset utf-8
2010-06-01 08:49:04 -07:00
* Fixed view support due to fs.readFile Buffers
* Changed; mime.type() no longer accepts ".type" due to node extname() changes
2010-05-22 08:24:22 -07:00
0.12.0 / 2010-05-22
==================
* Added node v0.1.96 compatibility
* Added view `helpers` export which act as additional local variables
* Updated haml submodule
* Changed ETag; removed inode, modified time only
* Fixed LF to CRLF for setting multiple cookies
2018-11-26 20:00:47 -07:00
* Fixed cookie compilation; values are now urlencoded
2010-05-22 08:24:22 -07:00
* Fixed cookies parsing; accepts quoted values and url escaped cookies
2010-05-06 15:41:15 -07:00
0.11.0 / 2010-05-06
==================
* Added support for layouts using different engines
- this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
- this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
- this.render('page.html.haml', { layout: false }) // no layout
* Updated ext submodule
* Updated haml submodule
* Fixed EJS partial support by passing along the context. Issue #307
2010-05-03 08:42:01 -07:00
0.10.1 / 2010-05-03
==================
* Fixed binary uploads.
2010-04-30 10:46:24 -07:00
0.10.0 / 2010-04-30
==================
* Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
2023-02-23 11:36:40 +05:30
encoding is set to 'utf8' or 'utf-8').
2010-04-30 10:46:24 -07:00
* Added "encoding" option to Request#render (). Closes #299
* Added "dump exceptions" setting, which is enabled by default.
* Added simple ejs template engine support
2014-08-21 23:34:19 -04:00
* Added error response support for text/plain, application/json. Closes #297
2010-04-30 10:46:24 -07:00
* Added callback function param to Request#error ()
* Added Request#sendHead ()
* Added Request#stream ()
* Added support for Request#respond (304, null) for empty response bodies
* Added ETag support to Request#sendfile ()
* Added options to Request#sendfile (), passed to fs.createReadStream()
* Added filename arg to Request#download ()
* Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
* Performance enhanced by preventing several calls to toLowerCase() in Router#match ()
* Changed; Request#sendfile () now streams
* Changed; Renamed Request#halt () to Request#respond (). Closes #289
* Changed; Using sys.inspect() instead of JSON.encode() for error output
* Changed; run() returns the http.Server instance. Closes #298
* Changed; Defaulting Server#host to null (INADDR_ANY)
* Changed; Logger "common" format scale of 0.4f
* Removed Logger "request" format
* Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
* Fixed several issues with http client
* Fixed Logger Content-Length output
* Fixed bug preventing Opera from retaining the generated session id. Closes #292
2010-04-14 16:56:13 -07:00
0.9.0 / 2010-04-14
==================
2010-04-14 17:03:57 -07:00
* Added DSL level error() route support
* Added DSL level notFound() route support
* Added Request#error ()
* Added Request#notFound ()
* Added Request#render () callback function. Closes #258
* Added "max upload size" setting
* Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
2010-04-14 16:56:13 -07:00
* Added [haml.js ](http://github.com/visionmedia/haml.js ) submodule; removed haml-js
2010-04-14 17:03:57 -07:00
* Added callback function support to Request#halt () as 3rd/4th arg
* Added preprocessing of route param wildcards using param(). Closes #251
2023-02-23 11:36:40 +05:30
* Added view partial support (with collections etc.)
2010-04-14 16:56:13 -07:00
* Fixed bug preventing falsey params (such as ?page=0). Closes #286
* Fixed setting of multiple cookies. Closes #199
* Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
* Changed; session cookie is now httpOnly
* Changed; Request is no longer global
* Changed; Event is no longer global
* Changed; "sys" module is no longer global
* Changed; moved Request#download to Static plugin where it belongs
2010-04-14 17:03:57 -07:00
* Changed; Request instance created before body parsing. Closes #262
* Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
* Changed; Pre-caching view partials in memory when "cache view partials" is enabled
2010-04-14 16:56:13 -07:00
* Updated support to node --version 0.1.90
* Updated dependencies
* Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
2010-04-14 17:03:57 -07:00
* Removed utils.mixin(); use Object#mergeDeep ()
2013-01-04 18:52:04 -08:00
2010-03-19 16:51:43 -07:00
0.8.0 / 2010-03-19
==================
* Added coffeescript example app. Closes #242
* Changed; cache api now async friendly. Closes #240
* Removed deprecated 'express/static' support. Use 'express/plugins/static'
2010-03-19 08:55:52 -07:00
0.7.6 / 2010-03-19
==================
* Added Request#isXHR . Closes #229
* Added `make install` (for the executable)
* Added `express` executable for setting up simple app templates
* Added "GET /public/*" to Static plugin, defaulting to <root>/public
* Added Static plugin
* Fixed; Request#render () only calls cache.get() once
* Fixed; Namespacing View caches with "view:"
* Fixed; Namespacing Static caches with "static:"
* Fixed; Both example apps now use the Static plugin
* Fixed set("views"). Closes #239
* Fixed missing space for combined log format
* Deprecated Request#sendfile () and 'express/static'
* Removed Server#running
2010-03-16 19:38:21 -07:00
0.7.5 / 2010-03-16
==================
* Added Request#flash () support without args, now returns all flashes
* Updated ext submodule
2010-03-16 16:14:48 -07:00
0.7.4 / 2010-03-16
==================
* Fixed session reaper
* Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
2010-03-16 13:17:41 -07:00
0.7.3 / 2010-03-16
==================
* Added package.json
* Fixed requiring of haml / sass due to kiwi removal
2010-03-16 08:08:17 -07:00
0.7.2 / 2010-03-16
==================
* Fixed GIT submodules (HAH!)
2010-03-16 08:03:06 -07:00
0.7.1 / 2010-03-16
==================
* Changed; Express now using submodules again until a PM is adopted
* Changed; chat example using millisecond conversions from ext
2010-03-15 09:13:18 -07:00
0.7.0 / 2010-03-15
==================
* Added Request#pass () support (finds the next matching route, or the given path)
* Added Logger plugin (default "common" format replaces CommonLogger)
* Removed Profiler plugin
* Removed CommonLogger plugin
2010-03-11 10:57:26 -08:00
0.6.0 / 2010-03-11
==================
* Added seed.yml for kiwi package management support
* Added HTTP client query string support when method is GET. Closes #205
2013-01-04 18:52:04 -08:00
2010-03-11 10:57:26 -08:00
* Added support for arbitrary view engines.
For example "foo.engine.html" will now require('engine'),
the exports from this module are cached after the first require().
2013-01-04 18:52:04 -08:00
2010-03-11 10:57:26 -08:00
* Added async plugin support
2013-01-04 18:52:04 -08:00
2010-03-11 10:57:26 -08:00
* Removed usage of RESTful route funcs as http client
get() etc, use http.get() and friends
2013-01-04 18:52:04 -08:00
2010-03-11 10:57:26 -08:00
* Removed custom exceptions
2010-03-10 13:17:57 -08:00
0.5.0 / 2010-03-10
==================
* Added ext dependency (library of js extensions)
* Removed extname() / basename() utils. Use path module
* Removed toArray() util. Use arguments.values
* Removed escapeRegexp() util. Use RegExp.escape()
* Removed process.mixin() dependency. Use utils.mixin()
* Removed Collection
* Removed ElementCollection
* Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
2010-02-11 17:02:30 -08:00
0.4.0 / 2010-02-11
==================
* Added flash() example to sample upload app
* Added high level restful http client module (express/http)
* Changed; RESTful route functions double as HTTP clients. Closes #69
* Changed; throwing error when routes are added at runtime
* Changed; defaulting render() context to the current Request. Closes #197
* Updated haml submodule
2010-02-11 07:12:08 -08:00
0.3.0 / 2010-02-11
==================
* Updated haml / sass submodules. Closes #200
* Added flash message support. Closes #64
* Added accepts() now allows multiple args. fixes #117
* Added support for plugins to halt. Closes #189
* Added alternate layout support. Closes #119
* Removed Route#run (). Closes #188
* Fixed broken specs due to use(Cookie) missing
2010-02-05 09:03:55 -08:00
0.2.1 / 2010-02-05
==================
* Added "plot" format option for Profiler (for gnuplot processing)
* Added request number to Profiler plugin
2018-11-26 20:00:47 -07:00
* Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
2010-02-05 09:03:55 -08:00
* Fixed issue with routes not firing when not files are present. Closes #184
* Fixed process.Promise -> events.Promise
2010-02-03 19:28:31 -08:00
0.2.0 / 2010-02-03
==================
* Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
* Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
* Added expiration support to cache api with reaper. Closes #133
* Added cache Store.Memory#reap ()
* Added Cache; cache api now uses first class Cache instances
* Added abstract session Store. Closes #172
* Changed; cache Memory.Store#get () utilizing Collection
* Renamed MemoryStore -> Store.Memory
* Fixed use() of the same plugin several time will always use latest options. Closes #176
2010-02-03 15:27:58 -08:00
0.1.0 / 2010-02-03
==================
* Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
* Updated node support to 0.1.27 Closes #169
* Updated dirname(__filename) -> __dirname
* Updated libxmljs support to v0.2.0
* Added session support with memory store / reaping
* Added quick uid() helper
* Added multi-part upload support
* Added Sass.js support / submodule
* Added production env caching view contents and static files
* Added static file caching. Closes #136
* Added cache plugin with memory stores
* Added support to StaticFile so that it works with non-textual files.
* Removed dirname() helper
* Removed several globals (now their modules must be required)
2010-01-10 19:54:44 -08:00
0.0.2 / 2010-01-10
==================
* Added view benchmarks; currently haml vs ejs
* Added Request#attachment () specs. Closes #116
* Added use of node's parseQuery() util. Closes #123
* Added `make init` for submodules
* Updated Haml
* Updated sample chat app to show messages on load
* Updated libxmljs parseString -> parseHtmlString
* Fixed `make init` to work with older versions of git
2018-11-26 20:00:47 -07:00
* Fixed specs can now run independent specs for those who can't build deps. Closes #127
2010-01-10 19:54:44 -08:00
* Fixed issues introduced by the node url module changes. Closes 126.
* Fixed two assertions failing due to Collection#keys () returning strings
* Fixed faulty Collection#toArray () spec due to keys() returning strings
* Fixed `make test` now builds libxmljs.node before testing
2010-01-03 06:47:49 -08:00
0.0.1 / 2010-01-03
2009-10-01 13:19:18 -07:00
==================
* Initial release
