You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

5 jaren geleden
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477
  1. 4.17.1 / 2019-05-25
  2. ===================
  3. * Revert "Improve error message for `null`/`undefined` to `res.status`"
  4. 4.17.0 / 2019-05-16
  5. ===================
  6. * Add `express.raw` to parse bodies into `Buffer`
  7. * Add `express.text` to parse bodies into string
  8. * Improve error message for non-strings to `res.sendFile`
  9. * Improve error message for `null`/`undefined` to `res.status`
  10. * Support multiple hosts in `X-Forwarded-Host`
  11. * deps: accepts@~1.3.7
  12. * deps: body-parser@1.19.0
  13. - Add encoding MIK
  14. - Add petabyte (`pb`) support
  15. - Fix parsing array brackets after index
  16. - deps: bytes@3.1.0
  17. - deps: http-errors@1.7.2
  18. - deps: iconv-lite@0.4.24
  19. - deps: qs@6.7.0
  20. - deps: raw-body@2.4.0
  21. - deps: type-is@~1.6.17
  22. * deps: content-disposition@0.5.3
  23. * deps: cookie@0.4.0
  24. - Add `SameSite=None` support
  25. * deps: finalhandler@~1.1.2
  26. - Set stricter `Content-Security-Policy` header
  27. - deps: parseurl@~1.3.3
  28. - deps: statuses@~1.5.0
  29. * deps: parseurl@~1.3.3
  30. * deps: proxy-addr@~2.0.5
  31. - deps: ipaddr.js@1.9.0
  32. * deps: qs@6.7.0
  33. - Fix parsing array brackets after index
  34. * deps: range-parser@~1.2.1
  35. * deps: send@0.17.1
  36. - Set stricter CSP header in redirect & error responses
  37. - deps: http-errors@~1.7.2
  38. - deps: mime@1.6.0
  39. - deps: ms@2.1.1
  40. - deps: range-parser@~1.2.1
  41. - deps: statuses@~1.5.0
  42. - perf: remove redundant `path.normalize` call
  43. * deps: serve-static@1.14.1
  44. - Set stricter CSP header in redirect response
  45. - deps: parseurl@~1.3.3
  46. - deps: send@0.17.1
  47. * deps: setprototypeof@1.1.1
  48. * deps: statuses@~1.5.0
  49. - Add `103 Early Hints`
  50. * deps: type-is@~1.6.18
  51. - deps: mime-types@~2.1.24
  52. - perf: prevent internal `throw` on invalid type
  53. 4.16.4 / 2018-10-10
  54. ===================
  55. * Fix issue where `"Request aborted"` may be logged in `res.sendfile`
  56. * Fix JSDoc for `Router` constructor
  57. * deps: body-parser@1.18.3
  58. - Fix deprecation warnings on Node.js 10+
  59. - Fix stack trace for strict json parse error
  60. - deps: depd@~1.1.2
  61. - deps: http-errors@~1.6.3
  62. - deps: iconv-lite@0.4.23
  63. - deps: qs@6.5.2
  64. - deps: raw-body@2.3.3
  65. - deps: type-is@~1.6.16
  66. * deps: proxy-addr@~2.0.4
  67. - deps: ipaddr.js@1.8.0
  68. * deps: qs@6.5.2
  69. * deps: safe-buffer@5.1.2
  70. 4.16.3 / 2018-03-12
  71. ===================
  72. * deps: accepts@~1.3.5
  73. - deps: mime-types@~2.1.18
  74. * deps: depd@~1.1.2
  75. - perf: remove argument reassignment
  76. * deps: encodeurl@~1.0.2
  77. - Fix encoding `%` as last character
  78. * deps: finalhandler@1.1.1
  79. - Fix 404 output for bad / missing pathnames
  80. - deps: encodeurl@~1.0.2
  81. - deps: statuses@~1.4.0
  82. * deps: proxy-addr@~2.0.3
  83. - deps: ipaddr.js@1.6.0
  84. * deps: send@0.16.2
  85. - Fix incorrect end tag in default error & redirects
  86. - deps: depd@~1.1.2
  87. - deps: encodeurl@~1.0.2
  88. - deps: statuses@~1.4.0
  89. * deps: serve-static@1.13.2
  90. - Fix incorrect end tag in redirects
  91. - deps: encodeurl@~1.0.2
  92. - deps: send@0.16.2
  93. * deps: statuses@~1.4.0
  94. * deps: type-is@~1.6.16
  95. - deps: mime-types@~2.1.18
  96. 4.16.2 / 2017-10-09
  97. ===================
  98. * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
  99. * perf: skip parsing of entire `X-Forwarded-Proto` header
  100. 4.16.1 / 2017-09-29
  101. ===================
  102. * deps: send@0.16.1
  103. * deps: serve-static@1.13.1
  104. - Fix regression when `root` is incorrectly set to a file
  105. - deps: send@0.16.1
  106. 4.16.0 / 2017-09-28
  107. ===================
  108. * Add `"json escape"` setting for `res.json` and `res.jsonp`
  109. * Add `express.json` and `express.urlencoded` to parse bodies
  110. * Add `options` argument to `res.download`
  111. * Improve error message when autoloading invalid view engine
  112. * Improve error messages when non-function provided as middleware
  113. * Skip `Buffer` encoding when not generating ETag for small response
  114. * Use `safe-buffer` for improved Buffer API
  115. * deps: accepts@~1.3.4
  116. - deps: mime-types@~2.1.16
  117. * deps: content-type@~1.0.4
  118. - perf: remove argument reassignment
  119. - perf: skip parameter parsing when no parameters
  120. * deps: etag@~1.8.1
  121. - perf: replace regular expression with substring
  122. * deps: finalhandler@1.1.0
  123. - Use `res.headersSent` when available
  124. * deps: parseurl@~1.3.2
  125. - perf: reduce overhead for full URLs
  126. - perf: unroll the "fast-path" `RegExp`
  127. * deps: proxy-addr@~2.0.2
  128. - Fix trimming leading / trailing OWS in `X-Forwarded-For`
  129. - deps: forwarded@~0.1.2
  130. - deps: ipaddr.js@1.5.2
  131. - perf: reduce overhead when no `X-Forwarded-For` header
  132. * deps: qs@6.5.1
  133. - Fix parsing & compacting very deep objects
  134. * deps: send@0.16.0
  135. - Add 70 new types for file extensions
  136. - Add `immutable` option
  137. - Fix missing `</html>` in default error & redirects
  138. - Set charset as "UTF-8" for .js and .json
  139. - Use instance methods on steam to check for listeners
  140. - deps: mime@1.4.1
  141. - perf: improve path validation speed
  142. * deps: serve-static@1.13.0
  143. - Add 70 new types for file extensions
  144. - Add `immutable` option
  145. - Set charset as "UTF-8" for .js and .json
  146. - deps: send@0.16.0
  147. * deps: setprototypeof@1.1.0
  148. * deps: utils-merge@1.0.1
  149. * deps: vary@~1.1.2
  150. - perf: improve header token parsing speed
  151. * perf: re-use options object when generating ETags
  152. * perf: remove dead `.charset` set in `res.jsonp`
  153. 4.15.5 / 2017-09-24
  154. ===================
  155. * deps: debug@2.6.9
  156. * deps: finalhandler@~1.0.6
  157. - deps: debug@2.6.9
  158. - deps: parseurl@~1.3.2
  159. * deps: fresh@0.5.2
  160. - Fix handling of modified headers with invalid dates
  161. - perf: improve ETag match loop
  162. - perf: improve `If-None-Match` token parsing
  163. * deps: send@0.15.6
  164. - Fix handling of modified headers with invalid dates
  165. - deps: debug@2.6.9
  166. - deps: etag@~1.8.1
  167. - deps: fresh@0.5.2
  168. - perf: improve `If-Match` token parsing
  169. * deps: serve-static@1.12.6
  170. - deps: parseurl@~1.3.2
  171. - deps: send@0.15.6
  172. - perf: improve slash collapsing
  173. 4.15.4 / 2017-08-06
  174. ===================
  175. * deps: debug@2.6.8
  176. * deps: depd@~1.1.1
  177. - Remove unnecessary `Buffer` loading
  178. * deps: finalhandler@~1.0.4
  179. - deps: debug@2.6.8
  180. * deps: proxy-addr@~1.1.5
  181. - Fix array argument being altered
  182. - deps: ipaddr.js@1.4.0
  183. * deps: qs@6.5.0
  184. * deps: send@0.15.4
  185. - deps: debug@2.6.8
  186. - deps: depd@~1.1.1
  187. - deps: http-errors@~1.6.2
  188. * deps: serve-static@1.12.4
  189. - deps: send@0.15.4
  190. 4.15.3 / 2017-05-16
  191. ===================
  192. * Fix error when `res.set` cannot add charset to `Content-Type`
  193. * deps: debug@2.6.7
  194. - Fix `DEBUG_MAX_ARRAY_LENGTH`
  195. - deps: ms@2.0.0
  196. * deps: finalhandler@~1.0.3
  197. - Fix missing `</html>` in HTML document
  198. - deps: debug@2.6.7
  199. * deps: proxy-addr@~1.1.4
  200. - deps: ipaddr.js@1.3.0
  201. * deps: send@0.15.3
  202. - deps: debug@2.6.7
  203. - deps: ms@2.0.0
  204. * deps: serve-static@1.12.3
  205. - deps: send@0.15.3
  206. * deps: type-is@~1.6.15
  207. - deps: mime-types@~2.1.15
  208. * deps: vary@~1.1.1
  209. - perf: hoist regular expression
  210. 4.15.2 / 2017-03-06
  211. ===================
  212. * deps: qs@6.4.0
  213. - Fix regression parsing keys starting with `[`
  214. 4.15.1 / 2017-03-05
  215. ===================
  216. * deps: send@0.15.1
  217. - Fix issue when `Date.parse` does not return `NaN` on invalid date
  218. - Fix strict violation in broken environments
  219. * deps: serve-static@1.12.1
  220. - Fix issue when `Date.parse` does not return `NaN` on invalid date
  221. - deps: send@0.15.1
  222. 4.15.0 / 2017-03-01
  223. ===================
  224. * Add debug message when loading view engine
  225. * Add `next("router")` to exit from router
  226. * Fix case where `router.use` skipped requests routes did not
  227. * Remove usage of `res._headers` private field
  228. - Improves compatibility with Node.js 8 nightly
  229. * Skip routing when `req.url` is not set
  230. * Use `%o` in path debug to tell types apart
  231. * Use `Object.create` to setup request & response prototypes
  232. * Use `setprototypeof` module to replace `__proto__` setting
  233. * Use `statuses` instead of `http` module for status messages
  234. * deps: debug@2.6.1
  235. - Allow colors in workers
  236. - Deprecated `DEBUG_FD` environment variable set to `3` or higher
  237. - Fix error when running under React Native
  238. - Use same color for same namespace
  239. - deps: ms@0.7.2
  240. * deps: etag@~1.8.0
  241. - Use SHA1 instead of MD5 for ETag hashing
  242. - Works with FIPS 140-2 OpenSSL configuration
  243. * deps: finalhandler@~1.0.0
  244. - Fix exception when `err` cannot be converted to a string
  245. - Fully URL-encode the pathname in the 404
  246. - Only include the pathname in the 404 message
  247. - Send complete HTML document
  248. - Set `Content-Security-Policy: default-src 'self'` header
  249. - deps: debug@2.6.1
  250. * deps: fresh@0.5.0
  251. - Fix false detection of `no-cache` request directive
  252. - Fix incorrect result when `If-None-Match` has both `*` and ETags
  253. - Fix weak `ETag` matching to match spec
  254. - perf: delay reading header values until needed
  255. - perf: enable strict mode
  256. - perf: hoist regular expressions
  257. - perf: remove duplicate conditional
  258. - perf: remove unnecessary boolean coercions
  259. - perf: skip checking modified time if ETag check failed
  260. - perf: skip parsing `If-None-Match` when no `ETag` header
  261. - perf: use `Date.parse` instead of `new Date`
  262. * deps: qs@6.3.1
  263. - Fix array parsing from skipping empty values
  264. - Fix compacting nested arrays
  265. * deps: send@0.15.0
  266. - Fix false detection of `no-cache` request directive
  267. - Fix incorrect result when `If-None-Match` has both `*` and ETags
  268. - Fix weak `ETag` matching to match spec
  269. - Remove usage of `res._headers` private field
  270. - Support `If-Match` and `If-Unmodified-Since` headers
  271. - Use `res.getHeaderNames()` when available
  272. - Use `res.headersSent` when available
  273. - deps: debug@2.6.1
  274. - deps: etag@~1.8.0
  275. - deps: fresh@0.5.0
  276. - deps: http-errors@~1.6.1
  277. * deps: serve-static@1.12.0
  278. - Fix false detection of `no-cache` request directive
  279. - Fix incorrect result when `If-None-Match` has both `*` and ETags
  280. - Fix weak `ETag` matching to match spec
  281. - Remove usage of `res._headers` private field
  282. - Send complete HTML document in redirect response
  283. - Set default CSP header in redirect response
  284. - Support `If-Match` and `If-Unmodified-Since` headers
  285. - Use `res.getHeaderNames()` when available
  286. - Use `res.headersSent` when available
  287. - deps: send@0.15.0
  288. * perf: add fast match path for `*` route
  289. * perf: improve `req.ips` performance
  290. 4.14.1 / 2017-01-28
  291. ===================
  292. * deps: content-disposition@0.5.2
  293. * deps: finalhandler@0.5.1
  294. - Fix exception when `err.headers` is not an object
  295. - deps: statuses@~1.3.1
  296. - perf: hoist regular expressions
  297. - perf: remove duplicate validation path
  298. * deps: proxy-addr@~1.1.3
  299. - deps: ipaddr.js@1.2.0
  300. * deps: send@0.14.2
  301. - deps: http-errors@~1.5.1
  302. - deps: ms@0.7.2
  303. - deps: statuses@~1.3.1
  304. * deps: serve-static@~1.11.2
  305. - deps: send@0.14.2
  306. * deps: type-is@~1.6.14
  307. - deps: mime-types@~2.1.13
  308. 4.14.0 / 2016-06-16
  309. ===================
  310. * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
  311. * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
  312. * Add `options` argument to `req.range`
  313. - Includes the `combine` option
  314. * Encode URL in `res.location`/`res.redirect` if not already encoded
  315. * Fix some redirect handling in `res.sendFile`/`res.sendfile`
  316. * Fix Windows absolute path check using forward slashes
  317. * Improve error with invalid arguments to `req.get()`
  318. * Improve performance for `res.json`/`res.jsonp` in most cases
  319. * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
  320. * deps: accepts@~1.3.3
  321. - Fix including type extensions in parameters in `Accept` parsing
  322. - Fix parsing `Accept` parameters with quoted equals
  323. - Fix parsing `Accept` parameters with quoted semicolons
  324. - Many performance improvements
  325. - deps: mime-types@~2.1.11
  326. - deps: negotiator@0.6.1
  327. * deps: content-type@~1.0.2
  328. - perf: enable strict mode
  329. * deps: cookie@0.3.1
  330. - Add `sameSite` option
  331. - Fix cookie `Max-Age` to never be a floating point number
  332. - Improve error message when `encode` is not a function
  333. - Improve error message when `expires` is not a `Date`
  334. - Throw better error for invalid argument to parse
  335. - Throw on invalid values provided to `serialize`
  336. - perf: enable strict mode
  337. - perf: hoist regular expression
  338. - perf: use for loop in parse
  339. - perf: use string concatenation for serialization
  340. * deps: finalhandler@0.5.0
  341. - Change invalid or non-numeric status code to 500
  342. - Overwrite status message to match set status code
  343. - Prefer `err.statusCode` if `err.status` is invalid
  344. - Set response headers from `err.headers` object
  345. - Use `statuses` instead of `http` module for status messages
  346. * deps: proxy-addr@~1.1.2
  347. - Fix accepting various invalid netmasks
  348. - Fix IPv6-mapped IPv4 validation edge cases
  349. - IPv4 netmasks must be contiguous
  350. - IPv6 addresses cannot be used as a netmask
  351. - deps: ipaddr.js@1.1.1
  352. * deps: qs@6.2.0
  353. - Add `decoder` option in `parse` function
  354. * deps: range-parser@~1.2.0
  355. - Add `combine` option to combine overlapping ranges
  356. - Fix incorrectly returning -1 when there is at least one valid range
  357. - perf: remove internal function
  358. * deps: send@0.14.1
  359. - Add `acceptRanges` option
  360. - Add `cacheControl` option
  361. - Attempt to combine multiple ranges into single range
  362. - Correctly inherit from `Stream` class
  363. - Fix `Content-Range` header in 416 responses when using `start`/`end` options
  364. - Fix `Content-Range` header missing from default 416 responses
  365. - Fix redirect error when `path` contains raw non-URL characters
  366. - Fix redirect when `path` starts with multiple forward slashes
  367. - Ignore non-byte `Range` headers
  368. - deps: http-errors@~1.5.0
  369. - deps: range-parser@~1.2.0
  370. - deps: statuses@~1.3.0
  371. - perf: remove argument reassignment
  372. * deps: serve-static@~1.11.1
  373. - Add `acceptRanges` option
  374. - Add `cacheControl` option
  375. - Attempt to combine multiple ranges into single range
  376. - Fix redirect error when `req.url` contains raw non-URL characters
  377. - Ignore non-byte `Range` headers
  378. - Use status code 301 for redirects
  379. - deps: send@0.14.1
  380. * deps: type-is@~1.6.13
  381. - Fix type error when given invalid type to match against
  382. - deps: mime-types@~2.1.11
  383. * deps: vary@~1.1.0
  384. - Only accept valid field names in the `field` argument
  385. * perf: use strict equality when possible
  386. 4.13.4 / 2016-01-21
  387. ===================
  388. * deps: content-disposition@0.5.1
  389. - perf: enable strict mode
  390. * deps: cookie@0.1.5
  391. - Throw on invalid values provided to `serialize`
  392. * deps: depd@~1.1.0
  393. - Support web browser loading
  394. - perf: enable strict mode
  395. * deps: escape-html@~1.0.3
  396. - perf: enable strict mode
  397. - perf: optimize string replacement
  398. - perf: use faster string coercion
  399. * deps: finalhandler@0.4.1
  400. - deps: escape-html@~1.0.3
  401. * deps: merge-descriptors@1.0.1
  402. - perf: enable strict mode
  403. * deps: methods@~1.1.2
  404. - perf: enable strict mode
  405. * deps: parseurl@~1.3.1
  406. - perf: enable strict mode
  407. * deps: proxy-addr@~1.0.10
  408. - deps: ipaddr.js@1.0.5
  409. - perf: enable strict mode
  410. * deps: range-parser@~1.0.3
  411. - perf: enable strict mode
  412. * deps: send@0.13.1
  413. - deps: depd@~1.1.0
  414. - deps: destroy@~1.0.4
  415. - deps: escape-html@~1.0.3
  416. - deps: range-parser@~1.0.3
  417. * deps: serve-static@~1.10.2
  418. - deps: escape-html@~1.0.3
  419. - deps: parseurl@~1.3.0
  420. - deps: send@0.13.1
  421. 4.13.3 / 2015-08-02
  422. ===================
  423. * Fix infinite loop condition using `mergeParams: true`
  424. * Fix inner numeric indices incorrectly altering parent `req.params`
  425. 4.13.2 / 2015-07-31
  426. ===================
  427. * deps: accepts@~1.2.12
  428. - deps: mime-types@~2.1.4
  429. * deps: array-flatten@1.1.1
  430. - perf: enable strict mode
  431. * deps: path-to-regexp@0.1.7
  432. - Fix regression with escaped round brackets and matching groups
  433. * deps: type-is@~1.6.6
  434. - deps: mime-types@~2.1.4
  435. 4.13.1 / 2015-07-05
  436. ===================
  437. * deps: accepts@~1.2.10
  438. - deps: mime-types@~2.1.2
  439. * deps: qs@4.0.0
  440. - Fix dropping parameters like `hasOwnProperty`
  441. - Fix various parsing edge cases
  442. * deps: type-is@~1.6.4
  443. - deps: mime-types@~2.1.2
  444. - perf: enable strict mode
  445. - perf: remove argument reassignment
  446. 4.13.0 / 2015-06-20
  447. ===================
  448. * Add settings to debug output
  449. * Fix `res.format` error when only `default` provided
  450. * Fix issue where `next('route')` in `app.param` would incorrectly skip values
  451. * Fix hiding platform issues with `decodeURIComponent`
  452. - Only `URIError`s are a 400
  453. * Fix using `*` before params in routes
  454. * Fix using capture groups before params in routes
  455. * Simplify `res.cookie` to call `res.append`
  456. * Use `array-flatten` module for flattening arrays
  457. * deps: accepts@~1.2.9
  458. - deps: mime-types@~2.1.1
  459. - perf: avoid argument reassignment & argument slice
  460. - perf: avoid negotiator recursive construction
  461. - perf: enable strict mode
  462. - perf: remove unnecessary bitwise operator
  463. * deps: cookie@0.1.3
  464. - perf: deduce the scope of try-catch deopt
  465. - perf: remove argument reassignments
  466. * deps: escape-html@1.0.2
  467. * deps: etag@~1.7.0
  468. - Always include entity length in ETags for hash length extensions
  469. - Generate non-Stats ETags using MD5 only (no longer CRC32)
  470. - Improve stat performance by removing hashing
  471. - Improve support for JXcore
  472. - Remove base64 padding in ETags to shorten
  473. - Support "fake" stats objects in environments without fs
  474. - Use MD5 instead of MD4 in weak ETags over 1KB
  475. * deps: finalhandler@0.4.0
  476. - Fix a false-positive when unpiping in Node.js 0.8
  477. - Support `statusCode` property on `Error` objects
  478. - Use `unpipe` module for unpiping requests
  479. - deps: escape-html@1.0.2
  480. - deps: on-finished@~2.3.0
  481. - perf: enable strict mode
  482. - perf: remove argument reassignment
  483. * deps: fresh@0.3.0
  484. - Add weak `ETag` matching support
  485. * deps: on-finished@~2.3.0
  486. - Add defined behavior for HTTP `CONNECT` requests
  487. - Add defined behavior for HTTP `Upgrade` requests
  488. - deps: ee-first@1.1.1
  489. * deps: path-to-regexp@0.1.6
  490. * deps: send@0.13.0
  491. - Allow Node.js HTTP server to set `Date` response header
  492. - Fix incorrectly removing `Content-Location` on 304 response
  493. - Improve the default redirect response headers
  494. - Send appropriate headers on default error response
  495. - Use `http-errors` for standard emitted errors
  496. - Use `statuses` instead of `http` module for status messages
  497. - deps: escape-html@1.0.2
  498. - deps: etag@~1.7.0
  499. - deps: fresh@0.3.0
  500. - deps: on-finished@~2.3.0
  501. - perf: enable strict mode
  502. - perf: remove unnecessary array allocations
  503. * deps: serve-static@~1.10.0
  504. - Add `fallthrough` option
  505. - Fix reading options from options prototype
  506. - Improve the default redirect response headers
  507. - Malformed URLs now `next()` instead of 400
  508. - deps: escape-html@1.0.2
  509. - deps: send@0.13.0
  510. - perf: enable strict mode
  511. - perf: remove argument reassignment
  512. * deps: type-is@~1.6.3
  513. - deps: mime-types@~2.1.1
  514. - perf: reduce try block size
  515. - perf: remove bitwise operations
  516. * perf: enable strict mode
  517. * perf: isolate `app.render` try block
  518. * perf: remove argument reassignments in application
  519. * perf: remove argument reassignments in request prototype
  520. * perf: remove argument reassignments in response prototype
  521. * perf: remove argument reassignments in routing
  522. * perf: remove argument reassignments in `View`
  523. * perf: skip attempting to decode zero length string
  524. * perf: use saved reference to `http.STATUS_CODES`
  525. 4.12.4 / 2015-05-17
  526. ===================
  527. * deps: accepts@~1.2.7
  528. - deps: mime-types@~2.0.11
  529. - deps: negotiator@0.5.3
  530. * deps: debug@~2.2.0
  531. - deps: ms@0.7.1
  532. * deps: depd@~1.0.1
  533. * deps: etag@~1.6.0
  534. - Improve support for JXcore
  535. - Support "fake" stats objects in environments without `fs`
  536. * deps: finalhandler@0.3.6
  537. - deps: debug@~2.2.0
  538. - deps: on-finished@~2.2.1
  539. * deps: on-finished@~2.2.1
  540. - Fix `isFinished(req)` when data buffered
  541. * deps: proxy-addr@~1.0.8
  542. - deps: ipaddr.js@1.0.1
  543. * deps: qs@2.4.2
  544. - Fix allowing parameters like `constructor`
  545. * deps: send@0.12.3
  546. - deps: debug@~2.2.0
  547. - deps: depd@~1.0.1
  548. - deps: etag@~1.6.0
  549. - deps: ms@0.7.1
  550. - deps: on-finished@~2.2.1
  551. * deps: serve-static@~1.9.3
  552. - deps: send@0.12.3
  553. * deps: type-is@~1.6.2
  554. - deps: mime-types@~2.0.11
  555. 4.12.3 / 2015-03-17
  556. ===================
  557. * deps: accepts@~1.2.5
  558. - deps: mime-types@~2.0.10
  559. * deps: debug@~2.1.3
  560. - Fix high intensity foreground color for bold
  561. - deps: ms@0.7.0
  562. * deps: finalhandler@0.3.4
  563. - deps: debug@~2.1.3
  564. * deps: proxy-addr@~1.0.7
  565. - deps: ipaddr.js@0.1.9
  566. * deps: qs@2.4.1
  567. - Fix error when parameter `hasOwnProperty` is present
  568. * deps: send@0.12.2
  569. - Throw errors early for invalid `extensions` or `index` options
  570. - deps: debug@~2.1.3
  571. * deps: serve-static@~1.9.2
  572. - deps: send@0.12.2
  573. * deps: type-is@~1.6.1
  574. - deps: mime-types@~2.0.10
  575. 4.12.2 / 2015-03-02
  576. ===================
  577. * Fix regression where `"Request aborted"` is logged using `res.sendFile`
  578. 4.12.1 / 2015-03-01
  579. ===================
  580. * Fix constructing application with non-configurable prototype properties
  581. * Fix `ECONNRESET` errors from `res.sendFile` usage
  582. * Fix `req.host` when using "trust proxy" hops count
  583. * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
  584. * Fix wrong `code` on aborted connections from `res.sendFile`
  585. * deps: merge-descriptors@1.0.0
  586. 4.12.0 / 2015-02-23
  587. ===================
  588. * Fix `"trust proxy"` setting to inherit when app is mounted
  589. * Generate `ETag`s for all request responses
  590. - No longer restricted to only responses for `GET` and `HEAD` requests
  591. * Use `content-type` to parse `Content-Type` headers
  592. * deps: accepts@~1.2.4
  593. - Fix preference sorting to be stable for long acceptable lists
  594. - deps: mime-types@~2.0.9
  595. - deps: negotiator@0.5.1
  596. * deps: cookie-signature@1.0.6
  597. * deps: send@0.12.1
  598. - Always read the stat size from the file
  599. - Fix mutating passed-in `options`
  600. - deps: mime@1.3.4
  601. * deps: serve-static@~1.9.1
  602. - deps: send@0.12.1
  603. * deps: type-is@~1.6.0
  604. - fix argument reassignment
  605. - fix false-positives in `hasBody` `Transfer-Encoding` check
  606. - support wildcard for both type and subtype (`*/*`)
  607. - deps: mime-types@~2.0.9
  608. 4.11.2 / 2015-02-01
  609. ===================
  610. * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
  611. * deps: accepts@~1.2.3
  612. - deps: mime-types@~2.0.8
  613. * deps: proxy-addr@~1.0.6
  614. - deps: ipaddr.js@0.1.8
  615. * deps: type-is@~1.5.6
  616. - deps: mime-types@~2.0.8
  617. 4.11.1 / 2015-01-20
  618. ===================
  619. * deps: send@0.11.1
  620. - Fix root path disclosure
  621. * deps: serve-static@~1.8.1
  622. - Fix redirect loop in Node.js 0.11.14
  623. - Fix root path disclosure
  624. - deps: send@0.11.1
  625. 4.11.0 / 2015-01-13
  626. ===================
  627. * Add `res.append(field, val)` to append headers
  628. * Deprecate leading `:` in `name` for `app.param(name, fn)`
  629. * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
  630. * Deprecate `app.param(fn)`
  631. * Fix `OPTIONS` responses to include the `HEAD` method properly
  632. * Fix `res.sendFile` not always detecting aborted connection
  633. * Match routes iteratively to prevent stack overflows
  634. * deps: accepts@~1.2.2
  635. - deps: mime-types@~2.0.7
  636. - deps: negotiator@0.5.0
  637. * deps: send@0.11.0
  638. - deps: debug@~2.1.1
  639. - deps: etag@~1.5.1
  640. - deps: ms@0.7.0
  641. - deps: on-finished@~2.2.0
  642. * deps: serve-static@~1.8.0
  643. - deps: send@0.11.0
  644. 4.10.8 / 2015-01-13
  645. ===================
  646. * Fix crash from error within `OPTIONS` response handler
  647. * deps: proxy-addr@~1.0.5
  648. - deps: ipaddr.js@0.1.6
  649. 4.10.7 / 2015-01-04
  650. ===================
  651. * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
  652. * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
  653. * deps: debug@~2.1.1
  654. * deps: finalhandler@0.3.3
  655. - deps: debug@~2.1.1
  656. - deps: on-finished@~2.2.0
  657. * deps: methods@~1.1.1
  658. * deps: on-finished@~2.2.0
  659. * deps: serve-static@~1.7.2
  660. - Fix potential open redirect when mounted at root
  661. * deps: type-is@~1.5.5
  662. - deps: mime-types@~2.0.7
  663. 4.10.6 / 2014-12-12
  664. ===================
  665. * Fix exception in `req.fresh`/`req.stale` without response headers
  666. 4.10.5 / 2014-12-10
  667. ===================
  668. * Fix `res.send` double-calling `res.end` for `HEAD` requests
  669. * deps: accepts@~1.1.4
  670. - deps: mime-types@~2.0.4
  671. * deps: type-is@~1.5.4
  672. - deps: mime-types@~2.0.4
  673. 4.10.4 / 2014-11-24
  674. ===================
  675. * Fix `res.sendfile` logging standard write errors
  676. 4.10.3 / 2014-11-23
  677. ===================
  678. * Fix `res.sendFile` logging standard write errors
  679. * deps: etag@~1.5.1
  680. * deps: proxy-addr@~1.0.4
  681. - deps: ipaddr.js@0.1.5
  682. * deps: qs@2.3.3
  683. - Fix `arrayLimit` behavior
  684. 4.10.2 / 2014-11-09
  685. ===================
  686. * Correctly invoke async router callback asynchronously
  687. * deps: accepts@~1.1.3
  688. - deps: mime-types@~2.0.3
  689. * deps: type-is@~1.5.3
  690. - deps: mime-types@~2.0.3
  691. 4.10.1 / 2014-10-28
  692. ===================
  693. * Fix handling of URLs containing `://` in the path
  694. * deps: qs@2.3.2
  695. - Fix parsing of mixed objects and values
  696. 4.10.0 / 2014-10-23
  697. ===================
  698. * Add support for `app.set('views', array)`
  699. - Views are looked up in sequence in array of directories
  700. * Fix `res.send(status)` to mention `res.sendStatus(status)`
  701. * Fix handling of invalid empty URLs
  702. * Use `content-disposition` module for `res.attachment`/`res.download`
  703. - Sends standards-compliant `Content-Disposition` header
  704. - Full Unicode support
  705. * Use `path.resolve` in view lookup
  706. * deps: debug@~2.1.0
  707. - Implement `DEBUG_FD` env variable support
  708. * deps: depd@~1.0.0
  709. * deps: etag@~1.5.0
  710. - Improve string performance
  711. - Slightly improve speed for weak ETags over 1KB
  712. * deps: finalhandler@0.3.2
  713. - Terminate in progress response only on error
  714. - Use `on-finished` to determine request status
  715. - deps: debug@~2.1.0
  716. - deps: on-finished@~2.1.1
  717. * deps: on-finished@~2.1.1
  718. - Fix handling of pipelined requests
  719. * deps: qs@2.3.0
  720. - Fix parsing of mixed implicit and explicit arrays
  721. * deps: send@0.10.1
  722. - deps: debug@~2.1.0
  723. - deps: depd@~1.0.0
  724. - deps: etag@~1.5.0
  725. - deps: on-finished@~2.1.1
  726. * deps: serve-static@~1.7.1
  727. - deps: send@0.10.1
  728. 4.9.8 / 2014-10-17
  729. ==================
  730. * Fix `res.redirect` body when redirect status specified
  731. * deps: accepts@~1.1.2
  732. - Fix error when media type has invalid parameter
  733. - deps: negotiator@0.4.9
  734. 4.9.7 / 2014-10-10
  735. ==================
  736. * Fix using same param name in array of paths
  737. 4.9.6 / 2014-10-08
  738. ==================
  739. * deps: accepts@~1.1.1
  740. - deps: mime-types@~2.0.2
  741. - deps: negotiator@0.4.8
  742. * deps: serve-static@~1.6.4
  743. - Fix redirect loop when index file serving disabled
  744. * deps: type-is@~1.5.2
  745. - deps: mime-types@~2.0.2
  746. 4.9.5 / 2014-09-24
  747. ==================
  748. * deps: etag@~1.4.0
  749. * deps: proxy-addr@~1.0.3
  750. - Use `forwarded` npm module
  751. * deps: send@0.9.3
  752. - deps: etag@~1.4.0
  753. * deps: serve-static@~1.6.3
  754. - deps: send@0.9.3
  755. 4.9.4 / 2014-09-19
  756. ==================
  757. * deps: qs@2.2.4
  758. - Fix issue with object keys starting with numbers truncated
  759. 4.9.3 / 2014-09-18
  760. ==================
  761. * deps: proxy-addr@~1.0.2
  762. - Fix a global leak when multiple subnets are trusted
  763. - deps: ipaddr.js@0.1.3
  764. 4.9.2 / 2014-09-17
  765. ==================
  766. * Fix regression for empty string `path` in `app.use`
  767. * Fix `router.use` to accept array of middleware without path
  768. * Improve error message for bad `app.use` arguments
  769. 4.9.1 / 2014-09-16
  770. ==================
  771. * Fix `app.use` to accept array of middleware without path
  772. * deps: depd@0.4.5
  773. * deps: etag@~1.3.1
  774. * deps: send@0.9.2
  775. - deps: depd@0.4.5
  776. - deps: etag@~1.3.1
  777. - deps: range-parser@~1.0.2
  778. * deps: serve-static@~1.6.2
  779. - deps: send@0.9.2
  780. 4.9.0 / 2014-09-08
  781. ==================
  782. * Add `res.sendStatus`
  783. * Invoke callback for sendfile when client aborts
  784. - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
  785. - `err` will be populated with request aborted error
  786. * Support IP address host in `req.subdomains`
  787. * Use `etag` to generate `ETag` headers
  788. * deps: accepts@~1.1.0
  789. - update `mime-types`
  790. * deps: cookie-signature@1.0.5
  791. * deps: debug@~2.0.0
  792. * deps: finalhandler@0.2.0
  793. - Set `X-Content-Type-Options: nosniff` header
  794. - deps: debug@~2.0.0
  795. * deps: fresh@0.2.4
  796. * deps: media-typer@0.3.0
  797. - Throw error when parameter format invalid on parse
  798. * deps: qs@2.2.3
  799. - Fix issue where first empty value in array is discarded
  800. * deps: range-parser@~1.0.2
  801. * deps: send@0.9.1
  802. - Add `lastModified` option
  803. - Use `etag` to generate `ETag` header
  804. - deps: debug@~2.0.0
  805. - deps: fresh@0.2.4
  806. * deps: serve-static@~1.6.1
  807. - Add `lastModified` option
  808. - deps: send@0.9.1
  809. * deps: type-is@~1.5.1
  810. - fix `hasbody` to be true for `content-length: 0`
  811. - deps: media-typer@0.3.0
  812. - deps: mime-types@~2.0.1
  813. * deps: vary@~1.0.0
  814. - Accept valid `Vary` header string as `field`
  815. 4.8.8 / 2014-09-04
  816. ==================
  817. * deps: send@0.8.5
  818. - Fix a path traversal issue when using `root`
  819. - Fix malicious path detection for empty string path
  820. * deps: serve-static@~1.5.4
  821. - deps: send@0.8.5
  822. 4.8.7 / 2014-08-29
  823. ==================
  824. * deps: qs@2.2.2
  825. - Remove unnecessary cloning
  826. 4.8.6 / 2014-08-27
  827. ==================
  828. * deps: qs@2.2.0
  829. - Array parsing fix
  830. - Performance improvements
  831. 4.8.5 / 2014-08-18
  832. ==================
  833. * deps: send@0.8.3
  834. - deps: destroy@1.0.3
  835. - deps: on-finished@2.1.0
  836. * deps: serve-static@~1.5.3
  837. - deps: send@0.8.3
  838. 4.8.4 / 2014-08-14
  839. ==================
  840. * deps: qs@1.2.2
  841. * deps: send@0.8.2
  842. - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
  843. * deps: serve-static@~1.5.2
  844. - deps: send@0.8.2
  845. 4.8.3 / 2014-08-10
  846. ==================
  847. * deps: parseurl@~1.3.0
  848. * deps: qs@1.2.1
  849. * deps: serve-static@~1.5.1
  850. - Fix parsing of weird `req.originalUrl` values
  851. - deps: parseurl@~1.3.0
  852. - deps: utils-merge@1.0.0
  853. 4.8.2 / 2014-08-07
  854. ==================
  855. * deps: qs@1.2.0
  856. - Fix parsing array of objects
  857. 4.8.1 / 2014-08-06
  858. ==================
  859. * fix incorrect deprecation warnings on `res.download`
  860. * deps: qs@1.1.0
  861. - Accept urlencoded square brackets
  862. - Accept empty values in implicit array notation
  863. 4.8.0 / 2014-08-05
  864. ==================
  865. * add `res.sendFile`
  866. - accepts a file system path instead of a URL
  867. - requires an absolute path or `root` option specified
  868. * deprecate `res.sendfile` -- use `res.sendFile` instead
  869. * support mounted app as any argument to `app.use()`
  870. * deps: qs@1.0.2
  871. - Complete rewrite
  872. - Limits array length to 20
  873. - Limits object depth to 5
  874. - Limits parameters to 1,000
  875. * deps: send@0.8.1
  876. - Add `extensions` option
  877. * deps: serve-static@~1.5.0
  878. - Add `extensions` option
  879. - deps: send@0.8.1
  880. 4.7.4 / 2014-08-04
  881. ==================
  882. * fix `res.sendfile` regression for serving directory index files
  883. * deps: send@0.7.4
  884. - Fix incorrect 403 on Windows and Node.js 0.11
  885. - Fix serving index files without root dir
  886. * deps: serve-static@~1.4.4
  887. - deps: send@0.7.4
  888. 4.7.3 / 2014-08-04
  889. ==================
  890. * deps: send@0.7.3
  891. - Fix incorrect 403 on Windows and Node.js 0.11
  892. * deps: serve-static@~1.4.3
  893. - Fix incorrect 403 on Windows and Node.js 0.11
  894. - deps: send@0.7.3
  895. 4.7.2 / 2014-07-27
  896. ==================
  897. * deps: depd@0.4.4
  898. - Work-around v8 generating empty stack traces
  899. * deps: send@0.7.2
  900. - deps: depd@0.4.4
  901. * deps: serve-static@~1.4.2
  902. 4.7.1 / 2014-07-26
  903. ==================
  904. * deps: depd@0.4.3
  905. - Fix exception when global `Error.stackTraceLimit` is too low
  906. * deps: send@0.7.1
  907. - deps: depd@0.4.3
  908. * deps: serve-static@~1.4.1
  909. 4.7.0 / 2014-07-25
  910. ==================
  911. * fix `req.protocol` for proxy-direct connections
  912. * configurable query parser with `app.set('query parser', parser)`
  913. - `app.set('query parser', 'extended')` parse with "qs" module
  914. - `app.set('query parser', 'simple')` parse with "querystring" core module
  915. - `app.set('query parser', false)` disable query string parsing
  916. - `app.set('query parser', true)` enable simple parsing
  917. * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
  918. * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
  919. * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
  920. * deps: debug@1.0.4
  921. * deps: depd@0.4.2
  922. - Add `TRACE_DEPRECATION` environment variable
  923. - Remove non-standard grey color from color output
  924. - Support `--no-deprecation` argument
  925. - Support `--trace-deprecation` argument
  926. * deps: finalhandler@0.1.0
  927. - Respond after request fully read
  928. - deps: debug@1.0.4
  929. * deps: parseurl@~1.2.0
  930. - Cache URLs based on original value
  931. - Remove no-longer-needed URL mis-parse work-around
  932. - Simplify the "fast-path" `RegExp`
  933. * deps: send@0.7.0
  934. - Add `dotfiles` option
  935. - Cap `maxAge` value to 1 year
  936. - deps: debug@1.0.4
  937. - deps: depd@0.4.2
  938. * deps: serve-static@~1.4.0
  939. - deps: parseurl@~1.2.0
  940. - deps: send@0.7.0
  941. * perf: prevent multiple `Buffer` creation in `res.send`
  942. 4.6.1 / 2014-07-12
  943. ==================
  944. * fix `subapp.mountpath` regression for `app.use(subapp)`
  945. 4.6.0 / 2014-07-11
  946. ==================
  947. * accept multiple callbacks to `app.use()`
  948. * add explicit "Rosetta Flash JSONP abuse" protection
  949. - previous versions are not vulnerable; this is just explicit protection
  950. * catch errors in multiple `req.param(name, fn)` handlers
  951. * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
  952. * fix `res.send(status, num)` to send `num` as json (not error)
  953. * remove unnecessary escaping when `res.jsonp` returns JSON response
  954. * support non-string `path` in `app.use(path, fn)`
  955. - supports array of paths
  956. - supports `RegExp`
  957. * router: fix optimization on router exit
  958. * router: refactor location of `try` blocks
  959. * router: speed up standard `app.use(fn)`
  960. * deps: debug@1.0.3
  961. - Add support for multiple wildcards in namespaces
  962. * deps: finalhandler@0.0.3
  963. - deps: debug@1.0.3
  964. * deps: methods@1.1.0
  965. - add `CONNECT`
  966. * deps: parseurl@~1.1.3
  967. - faster parsing of href-only URLs
  968. * deps: path-to-regexp@0.1.3
  969. * deps: send@0.6.0
  970. - deps: debug@1.0.3
  971. * deps: serve-static@~1.3.2
  972. - deps: parseurl@~1.1.3
  973. - deps: send@0.6.0
  974. * perf: fix arguments reassign deopt in some `res` methods
  975. 4.5.1 / 2014-07-06
  976. ==================
  977. * fix routing regression when altering `req.method`
  978. 4.5.0 / 2014-07-04
  979. ==================
  980. * add deprecation message to non-plural `req.accepts*`
  981. * add deprecation message to `res.send(body, status)`
  982. * add deprecation message to `res.vary()`
  983. * add `headers` option to `res.sendfile`
  984. - use to set headers on successful file transfer
  985. * add `mergeParams` option to `Router`
  986. - merges `req.params` from parent routes
  987. * add `req.hostname` -- correct name for what `req.host` returns
  988. * deprecate things with `depd` module
  989. * deprecate `req.host` -- use `req.hostname` instead
  990. * fix behavior when handling request without routes
  991. * fix handling when `route.all` is only route
  992. * invoke `router.param()` only when route matches
  993. * restore `req.params` after invoking router
  994. * use `finalhandler` for final response handling
  995. * use `media-typer` to alter content-type charset
  996. * deps: accepts@~1.0.7
  997. * deps: send@0.5.0
  998. - Accept string for `maxage` (converted by `ms`)
  999. - Include link in default redirect response
  1000. * deps: serve-static@~1.3.0
  1001. - Accept string for `maxAge` (converted by `ms`)
  1002. - Add `setHeaders` option
  1003. - Include HTML link in redirect response
  1004. - deps: send@0.5.0
  1005. * deps: type-is@~1.3.2
  1006. 4.4.5 / 2014-06-26
  1007. ==================
  1008. * deps: cookie-signature@1.0.4
  1009. - fix for timing attacks
  1010. 4.4.4 / 2014-06-20
  1011. ==================
  1012. * fix `res.attachment` Unicode filenames in Safari
  1013. * fix "trim prefix" debug message in `express:router`
  1014. * deps: accepts@~1.0.5
  1015. * deps: buffer-crc32@0.2.3
  1016. 4.4.3 / 2014-06-11
  1017. ==================
  1018. * fix persistence of modified `req.params[name]` from `app.param()`
  1019. * deps: accepts@1.0.3
  1020. - deps: negotiator@0.4.6
  1021. * deps: debug@1.0.2
  1022. * deps: send@0.4.3
  1023. - Do not throw uncatchable error on file open race condition
  1024. - Use `escape-html` for HTML escaping
  1025. - deps: debug@1.0.2
  1026. - deps: finished@1.2.2
  1027. - deps: fresh@0.2.2
  1028. * deps: serve-static@1.2.3
  1029. - Do not throw uncatchable error on file open race condition
  1030. - deps: send@0.4.3
  1031. 4.4.2 / 2014-06-09
  1032. ==================
  1033. * fix catching errors from top-level handlers
  1034. * use `vary` module for `res.vary`
  1035. * deps: debug@1.0.1
  1036. * deps: proxy-addr@1.0.1
  1037. * deps: send@0.4.2
  1038. - fix "event emitter leak" warnings
  1039. - deps: debug@1.0.1
  1040. - deps: finished@1.2.1
  1041. * deps: serve-static@1.2.2
  1042. - fix "event emitter leak" warnings
  1043. - deps: send@0.4.2
  1044. * deps: type-is@1.2.1
  1045. 4.4.1 / 2014-06-02
  1046. ==================
  1047. * deps: methods@1.0.1
  1048. * deps: send@0.4.1
  1049. - Send `max-age` in `Cache-Control` in correct format
  1050. * deps: serve-static@1.2.1
  1051. - use `escape-html` for escaping
  1052. - deps: send@0.4.1
  1053. 4.4.0 / 2014-05-30
  1054. ==================
  1055. * custom etag control with `app.set('etag', val)`
  1056. - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
  1057. - `app.set('etag', 'weak')` weak tag
  1058. - `app.set('etag', 'strong')` strong etag
  1059. - `app.set('etag', false)` turn off
  1060. - `app.set('etag', true)` standard etag
  1061. * mark `res.send` ETag as weak and reduce collisions
  1062. * update accepts to 1.0.2
  1063. - Fix interpretation when header not in request
  1064. * update send to 0.4.0
  1065. - Calculate ETag with md5 for reduced collisions
  1066. - Ignore stream errors after request ends
  1067. - deps: debug@0.8.1
  1068. * update serve-static to 1.2.0
  1069. - Calculate ETag with md5 for reduced collisions
  1070. - Ignore stream errors after request ends
  1071. - deps: send@0.4.0
  1072. 4.3.2 / 2014-05-28
  1073. ==================
  1074. * fix handling of errors from `router.param()` callbacks
  1075. 4.3.1 / 2014-05-23
  1076. ==================
  1077. * revert "fix behavior of multiple `app.VERB` for the same path"
  1078. - this caused a regression in the order of route execution
  1079. 4.3.0 / 2014-05-21
  1080. ==================
  1081. * add `req.baseUrl` to access the path stripped from `req.url` in routes
  1082. * fix behavior of multiple `app.VERB` for the same path
  1083. * fix issue routing requests among sub routers
  1084. * invoke `router.param()` only when necessary instead of every match
  1085. * proper proxy trust with `app.set('trust proxy', trust)`
  1086. - `app.set('trust proxy', 1)` trust first hop
  1087. - `app.set('trust proxy', 'loopback')` trust loopback addresses
  1088. - `app.set('trust proxy', '10.0.0.1')` trust single IP
  1089. - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
  1090. - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
  1091. - `app.set('trust proxy', false)` turn off
  1092. - `app.set('trust proxy', true)` trust everything
  1093. * set proper `charset` in `Content-Type` for `res.send`
  1094. * update type-is to 1.2.0
  1095. - support suffix matching
  1096. 4.2.0 / 2014-05-11
  1097. ==================
  1098. * deprecate `app.del()` -- use `app.delete()` instead
  1099. * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
  1100. - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
  1101. * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
  1102. - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
  1103. * fix `req.next` when inside router instance
  1104. * include `ETag` header in `HEAD` requests
  1105. * keep previous `Content-Type` for `res.jsonp`
  1106. * support PURGE method
  1107. - add `app.purge`
  1108. - add `router.purge`
  1109. - include PURGE in `app.all`
  1110. * update debug to 0.8.0
  1111. - add `enable()` method
  1112. - change from stderr to stdout
  1113. * update methods to 1.0.0
  1114. - add PURGE
  1115. 4.1.2 / 2014-05-08
  1116. ==================
  1117. * fix `req.host` for IPv6 literals
  1118. * fix `res.jsonp` error if callback param is object
  1119. 4.1.1 / 2014-04-27
  1120. ==================
  1121. * fix package.json to reflect supported node version
  1122. 4.1.0 / 2014-04-24
  1123. ==================
  1124. * pass options from `res.sendfile` to `send`
  1125. * preserve casing of headers in `res.header` and `res.set`
  1126. * support unicode file names in `res.attachment` and `res.download`
  1127. * update accepts to 1.0.1
  1128. - deps: negotiator@0.4.0
  1129. * update cookie to 0.1.2
  1130. - Fix for maxAge == 0
  1131. - made compat with expires field
  1132. * update send to 0.3.0
  1133. - Accept API options in options object
  1134. - Coerce option types
  1135. - Control whether to generate etags
  1136. - Default directory access to 403 when index disabled
  1137. - Fix sending files with dots without root set
  1138. - Include file path in etag
  1139. - Make "Can't set headers after they are sent." catchable
  1140. - Send full entity-body for multi range requests
  1141. - Set etags to "weak"
  1142. - Support "If-Range" header
  1143. - Support multiple index paths
  1144. - deps: mime@1.2.11
  1145. * update serve-static to 1.1.0
  1146. - Accept options directly to `send` module
  1147. - Resolve relative paths at middleware setup
  1148. - Use parseurl to parse the URL from request
  1149. - deps: send@0.3.0
  1150. * update type-is to 1.1.0
  1151. - add non-array values support
  1152. - add `multipart` as a shorthand
  1153. 4.0.0 / 2014-04-09
  1154. ==================
  1155. * remove:
  1156. - node 0.8 support
  1157. - connect and connect's patches except for charset handling
  1158. - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
  1159. - `express.createServer()` - it has been deprecated for a long time. Use `express()`
  1160. - `app.configure` - use logic in your own app code
  1161. - `app.router` - is removed
  1162. - `req.auth` - use `basic-auth` instead
  1163. - `req.accepted*` - use `req.accepts*()` instead
  1164. - `res.location` - relative URL resolution is removed
  1165. - `res.charset` - include the charset in the content type when using `res.set()`
  1166. - all bundled middleware except `static`
  1167. * change:
  1168. - `app.route` -> `app.mountpath` when mounting an express app in another express app
  1169. - `json spaces` no longer enabled by default in development
  1170. - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
  1171. - `req.params` is now an object instead of an array
  1172. - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
  1173. - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
  1174. * refactor:
  1175. - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
  1176. - `req.is` with [type-is](https://github.com/expressjs/type-is)
  1177. - [path-to-regexp](https://github.com/component/path-to-regexp)
  1178. * add:
  1179. - `app.router()` - returns the app Router instance
  1180. - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
  1181. - Router & Route - public API
  1182. 3.21.2 / 2015-07-31
  1183. ===================
  1184. * deps: connect@2.30.2
  1185. - deps: body-parser@~1.13.3
  1186. - deps: compression@~1.5.2
  1187. - deps: errorhandler@~1.4.2
  1188. - deps: method-override@~2.3.5
  1189. - deps: serve-index@~1.7.2
  1190. - deps: type-is@~1.6.6
  1191. - deps: vhost@~3.0.1
  1192. * deps: vary@~1.0.1
  1193. - Fix setting empty header from empty `field`
  1194. - perf: enable strict mode
  1195. - perf: remove argument reassignments
  1196. 3.21.1 / 2015-07-05
  1197. ===================
  1198. * deps: basic-auth@~1.0.3
  1199. * deps: connect@2.30.1
  1200. - deps: body-parser@~1.13.2
  1201. - deps: compression@~1.5.1
  1202. - deps: errorhandler@~1.4.1
  1203. - deps: morgan@~1.6.1
  1204. - deps: pause@0.1.0
  1205. - deps: qs@4.0.0
  1206. - deps: serve-index@~1.7.1
  1207. - deps: type-is@~1.6.4
  1208. 3.21.0 / 2015-06-18
  1209. ===================
  1210. * deps: basic-auth@1.0.2
  1211. - perf: enable strict mode
  1212. - perf: hoist regular expression
  1213. - perf: parse with regular expressions
  1214. - perf: remove argument reassignment
  1215. * deps: connect@2.30.0
  1216. - deps: body-parser@~1.13.1
  1217. - deps: bytes@2.1.0
  1218. - deps: compression@~1.5.0
  1219. - deps: cookie@0.1.3
  1220. - deps: cookie-parser@~1.3.5
  1221. - deps: csurf@~1.8.3
  1222. - deps: errorhandler@~1.4.0
  1223. - deps: express-session@~1.11.3
  1224. - deps: finalhandler@0.4.0
  1225. - deps: fresh@0.3.0
  1226. - deps: morgan@~1.6.0
  1227. - deps: serve-favicon@~2.3.0
  1228. - deps: serve-index@~1.7.0
  1229. - deps: serve-static@~1.10.0
  1230. - deps: type-is@~1.6.3
  1231. * deps: cookie@0.1.3
  1232. - perf: deduce the scope of try-catch deopt
  1233. - perf: remove argument reassignments
  1234. * deps: escape-html@1.0.2
  1235. * deps: etag@~1.7.0
  1236. - Always include entity length in ETags for hash length extensions
  1237. - Generate non-Stats ETags using MD5 only (no longer CRC32)
  1238. - Improve stat performance by removing hashing
  1239. - Improve support for JXcore
  1240. - Remove base64 padding in ETags to shorten
  1241. - Support "fake" stats objects in environments without fs
  1242. - Use MD5 instead of MD4 in weak ETags over 1KB
  1243. * deps: fresh@0.3.0
  1244. - Add weak `ETag` matching support
  1245. * deps: mkdirp@0.5.1
  1246. - Work in global strict mode
  1247. * deps: send@0.13.0
  1248. - Allow Node.js HTTP server to set `Date` response header
  1249. - Fix incorrectly removing `Content-Location` on 304 response
  1250. - Improve the default redirect response headers
  1251. - Send appropriate headers on default error response
  1252. - Use `http-errors` for standard emitted errors
  1253. - Use `statuses` instead of `http` module for status messages
  1254. - deps: escape-html@1.0.2
  1255. - deps: etag@~1.7.0
  1256. - deps: fresh@0.3.0
  1257. - deps: on-finished@~2.3.0
  1258. - perf: enable strict mode
  1259. - perf: remove unnecessary array allocations
  1260. 3.20.3 / 2015-05-17
  1261. ===================
  1262. * deps: connect@2.29.2
  1263. - deps: body-parser@~1.12.4
  1264. - deps: compression@~1.4.4
  1265. - deps: connect-timeout@~1.6.2
  1266. - deps: debug@~2.2.0
  1267. - deps: depd@~1.0.1
  1268. - deps: errorhandler@~1.3.6
  1269. - deps: finalhandler@0.3.6
  1270. - deps: method-override@~2.3.3
  1271. - deps: morgan@~1.5.3
  1272. - deps: qs@2.4.2
  1273. - deps: response-time@~2.3.1
  1274. - deps: serve-favicon@~2.2.1
  1275. - deps: serve-index@~1.6.4
  1276. - deps: serve-static@~1.9.3
  1277. - deps: type-is@~1.6.2
  1278. * deps: debug@~2.2.0
  1279. - deps: ms@0.7.1
  1280. * deps: depd@~1.0.1
  1281. * deps: proxy-addr@~1.0.8
  1282. - deps: ipaddr.js@1.0.1
  1283. * deps: send@0.12.3
  1284. - deps: debug@~2.2.0
  1285. - deps: depd@~1.0.1
  1286. - deps: etag@~1.6.0
  1287. - deps: ms@0.7.1
  1288. - deps: on-finished@~2.2.1
  1289. 3.20.2 / 2015-03-16
  1290. ===================
  1291. * deps: connect@2.29.1
  1292. - deps: body-parser@~1.12.2
  1293. - deps: compression@~1.4.3
  1294. - deps: connect-timeout@~1.6.1
  1295. - deps: debug@~2.1.3
  1296. - deps: errorhandler@~1.3.5
  1297. - deps: express-session@~1.10.4
  1298. - deps: finalhandler@0.3.4
  1299. - deps: method-override@~2.3.2
  1300. - deps: morgan@~1.5.2
  1301. - deps: qs@2.4.1
  1302. - deps: serve-index@~1.6.3
  1303. - deps: serve-static@~1.9.2
  1304. - deps: type-is@~1.6.1
  1305. * deps: debug@~2.1.3
  1306. - Fix high intensity foreground color for bold
  1307. - deps: ms@0.7.0
  1308. * deps: merge-descriptors@1.0.0
  1309. * deps: proxy-addr@~1.0.7
  1310. - deps: ipaddr.js@0.1.9
  1311. * deps: send@0.12.2
  1312. - Throw errors early for invalid `extensions` or `index` options
  1313. - deps: debug@~2.1.3
  1314. 3.20.1 / 2015-02-28
  1315. ===================
  1316. * Fix `req.host` when using "trust proxy" hops count
  1317. * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
  1318. 3.20.0 / 2015-02-18
  1319. ===================
  1320. * Fix `"trust proxy"` setting to inherit when app is mounted
  1321. * Generate `ETag`s for all request responses
  1322. - No longer restricted to only responses for `GET` and `HEAD` requests
  1323. * Use `content-type` to parse `Content-Type` headers
  1324. * deps: connect@2.29.0
  1325. - Use `content-type` to parse `Content-Type` headers
  1326. - deps: body-parser@~1.12.0
  1327. - deps: compression@~1.4.1
  1328. - deps: connect-timeout@~1.6.0
  1329. - deps: cookie-parser@~1.3.4
  1330. - deps: cookie-signature@1.0.6
  1331. - deps: csurf@~1.7.0
  1332. - deps: errorhandler@~1.3.4
  1333. - deps: express-session@~1.10.3
  1334. - deps: http-errors@~1.3.1
  1335. - deps: response-time@~2.3.0
  1336. - deps: serve-index@~1.6.2
  1337. - deps: serve-static@~1.9.1
  1338. - deps: type-is@~1.6.0
  1339. * deps: cookie-signature@1.0.6
  1340. * deps: send@0.12.1
  1341. - Always read the stat size from the file
  1342. - Fix mutating passed-in `options`
  1343. - deps: mime@1.3.4
  1344. 3.19.2 / 2015-02-01
  1345. ===================
  1346. * deps: connect@2.28.3
  1347. - deps: compression@~1.3.1
  1348. - deps: csurf@~1.6.6
  1349. - deps: errorhandler@~1.3.3
  1350. - deps: express-session@~1.10.2
  1351. - deps: serve-index@~1.6.1
  1352. - deps: type-is@~1.5.6
  1353. * deps: proxy-addr@~1.0.6
  1354. - deps: ipaddr.js@0.1.8
  1355. 3.19.1 / 2015-01-20
  1356. ===================
  1357. * deps: connect@2.28.2
  1358. - deps: body-parser@~1.10.2
  1359. - deps: serve-static@~1.8.1
  1360. * deps: send@0.11.1
  1361. - Fix root path disclosure
  1362. 3.19.0 / 2015-01-09
  1363. ===================
  1364. * Fix `OPTIONS` responses to include the `HEAD` method property
  1365. * Use `readline` for prompt in `express(1)`
  1366. * deps: commander@2.6.0
  1367. * deps: connect@2.28.1
  1368. - deps: body-parser@~1.10.1
  1369. - deps: compression@~1.3.0
  1370. - deps: connect-timeout@~1.5.0
  1371. - deps: csurf@~1.6.4
  1372. - deps: debug@~2.1.1
  1373. - deps: errorhandler@~1.3.2
  1374. - deps: express-session@~1.10.1
  1375. - deps: finalhandler@0.3.3
  1376. - deps: method-override@~2.3.1
  1377. - deps: morgan@~1.5.1
  1378. - deps: serve-favicon@~2.2.0
  1379. - deps: serve-index@~1.6.0
  1380. - deps: serve-static@~1.8.0
  1381. - deps: type-is@~1.5.5
  1382. * deps: debug@~2.1.1
  1383. * deps: methods@~1.1.1
  1384. * deps: proxy-addr@~1.0.5
  1385. - deps: ipaddr.js@0.1.6
  1386. * deps: send@0.11.0
  1387. - deps: debug@~2.1.1
  1388. - deps: etag@~1.5.1
  1389. - deps: ms@0.7.0
  1390. - deps: on-finished@~2.2.0
  1391. 3.18.6 / 2014-12-12
  1392. ===================
  1393. * Fix exception in `req.fresh`/`req.stale` without response headers
  1394. 3.18.5 / 2014-12-11
  1395. ===================
  1396. * deps: connect@2.27.6
  1397. - deps: compression@~1.2.2
  1398. - deps: express-session@~1.9.3
  1399. - deps: http-errors@~1.2.8
  1400. - deps: serve-index@~1.5.3
  1401. - deps: type-is@~1.5.4
  1402. 3.18.4 / 2014-11-23
  1403. ===================
  1404. * deps: connect@2.27.4
  1405. - deps: body-parser@~1.9.3
  1406. - deps: compression@~1.2.1
  1407. - deps: errorhandler@~1.2.3
  1408. - deps: express-session@~1.9.2
  1409. - deps: qs@2.3.3
  1410. - deps: serve-favicon@~2.1.7
  1411. - deps: serve-static@~1.5.1
  1412. - deps: type-is@~1.5.3
  1413. * deps: etag@~1.5.1
  1414. * deps: proxy-addr@~1.0.4
  1415. - deps: ipaddr.js@0.1.5
  1416. 3.18.3 / 2014-11-09
  1417. ===================
  1418. * deps: connect@2.27.3
  1419. - Correctly invoke async callback asynchronously
  1420. - deps: csurf@~1.6.3
  1421. 3.18.2 / 2014-10-28
  1422. ===================
  1423. * deps: connect@2.27.2
  1424. - Fix handling of URLs containing `://` in the path
  1425. - deps: body-parser@~1.9.2
  1426. - deps: qs@2.3.2
  1427. 3.18.1 / 2014-10-22
  1428. ===================
  1429. * Fix internal `utils.merge` deprecation warnings
  1430. * deps: connect@2.27.1
  1431. - deps: body-parser@~1.9.1
  1432. - deps: express-session@~1.9.1
  1433. - deps: finalhandler@0.3.2
  1434. - deps: morgan@~1.4.1
  1435. - deps: qs@2.3.0
  1436. - deps: serve-static@~1.7.1
  1437. * deps: send@0.10.1
  1438. - deps: on-finished@~2.1.1
  1439. 3.18.0 / 2014-10-17
  1440. ===================
  1441. * Use `content-disposition` module for `res.attachment`/`res.download`
  1442. - Sends standards-compliant `Content-Disposition` header
  1443. - Full Unicode support
  1444. * Use `etag` module to generate `ETag` headers
  1445. * deps: connect@2.27.0
  1446. - Use `http-errors` module for creating errors
  1447. - Use `utils-merge` module for merging objects
  1448. - deps: body-parser@~1.9.0
  1449. - deps: compression@~1.2.0
  1450. - deps: connect-timeout@~1.4.0
  1451. - deps: debug@~2.1.0
  1452. - deps: depd@~1.0.0
  1453. - deps: express-session@~1.9.0
  1454. - deps: finalhandler@0.3.1
  1455. - deps: method-override@~2.3.0
  1456. - deps: morgan@~1.4.0
  1457. - deps: response-time@~2.2.0
  1458. - deps: serve-favicon@~2.1.6
  1459. - deps: serve-index@~1.5.0
  1460. - deps: serve-static@~1.7.0
  1461. * deps: debug@~2.1.0
  1462. - Implement `DEBUG_FD` env variable support
  1463. * deps: depd@~1.0.0
  1464. * deps: send@0.10.0
  1465. - deps: debug@~2.1.0
  1466. - deps: depd@~1.0.0
  1467. - deps: etag@~1.5.0
  1468. 3.17.8 / 2014-10-15
  1469. ===================
  1470. * deps: connect@2.26.6
  1471. - deps: compression@~1.1.2
  1472. - deps: csurf@~1.6.2
  1473. - deps: errorhandler@~1.2.2
  1474. 3.17.7 / 2014-10-08
  1475. ===================
  1476. * deps: connect@2.26.5
  1477. - Fix accepting non-object arguments to `logger`
  1478. - deps: serve-static@~1.6.4
  1479. 3.17.6 / 2014-10-02
  1480. ===================
  1481. * deps: connect@2.26.4
  1482. - deps: morgan@~1.3.2
  1483. - deps: type-is@~1.5.2
  1484. 3.17.5 / 2014-09-24
  1485. ===================
  1486. * deps: connect@2.26.3
  1487. - deps: body-parser@~1.8.4
  1488. - deps: serve-favicon@~2.1.5
  1489. - deps: serve-static@~1.6.3
  1490. * deps: proxy-addr@~1.0.3
  1491. - Use `forwarded` npm module
  1492. * deps: send@0.9.3
  1493. - deps: etag@~1.4.0
  1494. 3.17.4 / 2014-09-19
  1495. ===================
  1496. * deps: connect@2.26.2
  1497. - deps: body-parser@~1.8.3
  1498. - deps: qs@2.2.4
  1499. 3.17.3 / 2014-09-18
  1500. ===================
  1501. * deps: proxy-addr@~1.0.2
  1502. - Fix a global leak when multiple subnets are trusted
  1503. - deps: ipaddr.js@0.1.3
  1504. 3.17.2 / 2014-09-15
  1505. ===================
  1506. * Use `crc` instead of `buffer-crc32` for speed
  1507. * deps: connect@2.26.1
  1508. - deps: body-parser@~1.8.2
  1509. - deps: depd@0.4.5
  1510. - deps: express-session@~1.8.2
  1511. - deps: morgan@~1.3.1
  1512. - deps: serve-favicon@~2.1.3
  1513. - deps: serve-static@~1.6.2
  1514. * deps: depd@0.4.5
  1515. * deps: send@0.9.2
  1516. - deps: depd@0.4.5
  1517. - deps: etag@~1.3.1
  1518. - deps: range-parser@~1.0.2
  1519. 3.17.1 / 2014-09-08
  1520. ===================
  1521. * Fix error in `req.subdomains` on empty host
  1522. 3.17.0 / 2014-09-08
  1523. ===================
  1524. * Support `X-Forwarded-Host` in `req.subdomains`
  1525. * Support IP address host in `req.subdomains`
  1526. * deps: connect@2.26.0
  1527. - deps: body-parser@~1.8.1
  1528. - deps: compression@~1.1.0
  1529. - deps: connect-timeout@~1.3.0
  1530. - deps: cookie-parser@~1.3.3
  1531. - deps: cookie-signature@1.0.5
  1532. - deps: csurf@~1.6.1
  1533. - deps: debug@~2.0.0
  1534. - deps: errorhandler@~1.2.0
  1535. - deps: express-session@~1.8.1
  1536. - deps: finalhandler@0.2.0
  1537. - deps: fresh@0.2.4
  1538. - deps: media-typer@0.3.0
  1539. - deps: method-override@~2.2.0
  1540. - deps: morgan@~1.3.0
  1541. - deps: qs@2.2.3
  1542. - deps: serve-favicon@~2.1.3
  1543. - deps: serve-index@~1.2.1
  1544. - deps: serve-static@~1.6.1
  1545. - deps: type-is@~1.5.1
  1546. - deps: vhost@~3.0.0
  1547. * deps: cookie-signature@1.0.5
  1548. * deps: debug@~2.0.0
  1549. * deps: fresh@0.2.4
  1550. * deps: media-typer@0.3.0
  1551. - Throw error when parameter format invalid on parse
  1552. * deps: range-parser@~1.0.2
  1553. * deps: send@0.9.1
  1554. - Add `lastModified` option
  1555. - Use `etag` to generate `ETag` header
  1556. - deps: debug@~2.0.0
  1557. - deps: fresh@0.2.4
  1558. * deps: vary@~1.0.0
  1559. - Accept valid `Vary` header string as `field`
  1560. 3.16.10 / 2014-09-04
  1561. ====================
  1562. * deps: connect@2.25.10
  1563. - deps: serve-static@~1.5.4
  1564. * deps: send@0.8.5
  1565. - Fix a path traversal issue when using `root`
  1566. - Fix malicious path detection for empty string path
  1567. 3.16.9 / 2014-08-29
  1568. ===================
  1569. * deps: connect@2.25.9
  1570. - deps: body-parser@~1.6.7
  1571. - deps: qs@2.2.2
  1572. 3.16.8 / 2014-08-27
  1573. ===================
  1574. * deps: connect@2.25.8
  1575. - deps: body-parser@~1.6.6
  1576. - deps: csurf@~1.4.1
  1577. - deps: qs@2.2.0
  1578. 3.16.7 / 2014-08-18
  1579. ===================
  1580. * deps: connect@2.25.7
  1581. - deps: body-parser@~1.6.5
  1582. - deps: express-session@~1.7.6
  1583. - deps: morgan@~1.2.3
  1584. - deps: serve-static@~1.5.3
  1585. * deps: send@0.8.3
  1586. - deps: destroy@1.0.3
  1587. - deps: on-finished@2.1.0
  1588. 3.16.6 / 2014-08-14
  1589. ===================
  1590. * deps: connect@2.25.6
  1591. - deps: body-parser@~1.6.4
  1592. - deps: qs@1.2.2
  1593. - deps: serve-static@~1.5.2
  1594. * deps: send@0.8.2
  1595. - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
  1596. 3.16.5 / 2014-08-11
  1597. ===================
  1598. * deps: connect@2.25.5
  1599. - Fix backwards compatibility in `logger`
  1600. 3.16.4 / 2014-08-10
  1601. ===================
  1602. * Fix original URL parsing in `res.location`
  1603. * deps: connect@2.25.4
  1604. - Fix `query` middleware breaking with argument
  1605. - deps: body-parser@~1.6.3
  1606. - deps: compression@~1.0.11
  1607. - deps: connect-timeout@~1.2.2
  1608. - deps: express-session@~1.7.5
  1609. - deps: method-override@~2.1.3
  1610. - deps: on-headers@~1.0.0
  1611. - deps: parseurl@~1.3.0
  1612. - deps: qs@1.2.1
  1613. - deps: response-time@~2.0.1
  1614. - deps: serve-index@~1.1.6
  1615. - deps: serve-static@~1.5.1
  1616. * deps: parseurl@~1.3.0
  1617. 3.16.3 / 2014-08-07
  1618. ===================
  1619. * deps: connect@2.25.3
  1620. - deps: multiparty@3.3.2
  1621. 3.16.2 / 2014-08-07
  1622. ===================
  1623. * deps: connect@2.25.2
  1624. - deps: body-parser@~1.6.2
  1625. - deps: qs@1.2.0
  1626. 3.16.1 / 2014-08-06
  1627. ===================
  1628. * deps: connect@2.25.1
  1629. - deps: body-parser@~1.6.1
  1630. - deps: qs@1.1.0
  1631. 3.16.0 / 2014-08-05
  1632. ===================
  1633. * deps: connect@2.25.0
  1634. - deps: body-parser@~1.6.0
  1635. - deps: compression@~1.0.10
  1636. - deps: csurf@~1.4.0
  1637. - deps: express-session@~1.7.4
  1638. - deps: qs@1.0.2
  1639. - deps: serve-static@~1.5.0
  1640. * deps: send@0.8.1
  1641. - Add `extensions` option
  1642. 3.15.3 / 2014-08-04
  1643. ===================
  1644. * fix `res.sendfile` regression for serving directory index files
  1645. * deps: connect@2.24.3
  1646. - deps: serve-index@~1.1.5
  1647. - deps: serve-static@~1.4.4
  1648. * deps: send@0.7.4
  1649. - Fix incorrect 403 on Windows and Node.js 0.11
  1650. - Fix serving index files without root dir
  1651. 3.15.2 / 2014-07-27
  1652. ===================
  1653. * deps: connect@2.24.2
  1654. - deps: body-parser@~1.5.2
  1655. - deps: depd@0.4.4
  1656. - deps: express-session@~1.7.2
  1657. - deps: morgan@~1.2.2
  1658. - deps: serve-static@~1.4.2
  1659. * deps: depd@0.4.4
  1660. - Work-around v8 generating empty stack traces
  1661. * deps: send@0.7.2
  1662. - deps: depd@0.4.4
  1663. 3.15.1 / 2014-07-26
  1664. ===================
  1665. * deps: connect@2.24.1
  1666. - deps: body-parser@~1.5.1
  1667. - deps: depd@0.4.3
  1668. - deps: express-session@~1.7.1
  1669. - deps: morgan@~1.2.1
  1670. - deps: serve-index@~1.1.4
  1671. - deps: serve-static@~1.4.1
  1672. * deps: depd@0.4.3
  1673. - Fix exception when global `Error.stackTraceLimit` is too low
  1674. * deps: send@0.7.1
  1675. - deps: depd@0.4.3
  1676. 3.15.0 / 2014-07-22
  1677. ===================
  1678. * Fix `req.protocol` for proxy-direct connections
  1679. * Pass options from `res.sendfile` to `send`
  1680. * deps: connect@2.24.0
  1681. - deps: body-parser@~1.5.0
  1682. - deps: compression@~1.0.9
  1683. - deps: connect-timeout@~1.2.1
  1684. - deps: debug@1.0.4
  1685. - deps: depd@0.4.2
  1686. - deps: express-session@~1.7.0
  1687. - deps: finalhandler@0.1.0
  1688. - deps: method-override@~2.1.2
  1689. - deps: morgan@~1.2.0
  1690. - deps: multiparty@3.3.1
  1691. - deps: parseurl@~1.2.0
  1692. - deps: serve-static@~1.4.0
  1693. * deps: debug@1.0.4
  1694. * deps: depd@0.4.2
  1695. - Add `TRACE_DEPRECATION` environment variable
  1696. - Remove non-standard grey color from color output
  1697. - Support `--no-deprecation` argument
  1698. - Support `--trace-deprecation` argument
  1699. * deps: parseurl@~1.2.0
  1700. - Cache URLs based on original value
  1701. - Remove no-longer-needed URL mis-parse work-around
  1702. - Simplify the "fast-path" `RegExp`
  1703. * deps: send@0.7.0
  1704. - Add `dotfiles` option
  1705. - Cap `maxAge` value to 1 year
  1706. - deps: debug@1.0.4
  1707. - deps: depd@0.4.2
  1708. 3.14.0 / 2014-07-11
  1709. ===================
  1710. * add explicit "Rosetta Flash JSONP abuse" protection
  1711. - previous versions are not vulnerable; this is just explicit protection
  1712. * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
  1713. * fix `res.send(status, num)` to send `num` as json (not error)
  1714. * remove unnecessary escaping when `res.jsonp` returns JSON response
  1715. * deps: basic-auth@1.0.0
  1716. - support empty password
  1717. - support empty username
  1718. * deps: connect@2.23.0
  1719. - deps: debug@1.0.3
  1720. - deps: express-session@~1.6.4
  1721. - deps: method-override@~2.1.0
  1722. - deps: parseurl@~1.1.3
  1723. - deps: serve-static@~1.3.1
  1724. * deps: debug@1.0.3
  1725. - Add support for multiple wildcards in namespaces
  1726. * deps: methods@1.1.0
  1727. - add `CONNECT`
  1728. * deps: parseurl@~1.1.3
  1729. - faster parsing of href-only URLs
  1730. 3.13.0 / 2014-07-03
  1731. ===================
  1732. * add deprecation message to `app.configure`
  1733. * add deprecation message to `req.auth`
  1734. * use `basic-auth` to parse `Authorization` header
  1735. * deps: connect@2.22.0
  1736. - deps: csurf@~1.3.0
  1737. - deps: express-session@~1.6.1
  1738. - deps: multiparty@3.3.0
  1739. - deps: serve-static@~1.3.0
  1740. * deps: send@0.5.0
  1741. - Accept string for `maxage` (converted by `ms`)
  1742. - Include link in default redirect response
  1743. 3.12.1 / 2014-06-26
  1744. ===================
  1745. * deps: connect@2.21.1
  1746. - deps: cookie-parser@1.3.2
  1747. - deps: cookie-signature@1.0.4
  1748. - deps: express-session@~1.5.2
  1749. - deps: type-is@~1.3.2
  1750. * deps: cookie-signature@1.0.4
  1751. - fix for timing attacks
  1752. 3.12.0 / 2014-06-21
  1753. ===================
  1754. * use `media-typer` to alter content-type charset
  1755. * deps: connect@2.21.0
  1756. - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
  1757. - deprecate `connect.createServer()` -- use `connect()` instead
  1758. - fix `res.setHeader()` patch to work with with get -> append -> set pattern
  1759. - deps: compression@~1.0.8
  1760. - deps: errorhandler@~1.1.1
  1761. - deps: express-session@~1.5.0
  1762. - deps: serve-index@~1.1.3
  1763. 3.11.0 / 2014-06-19
  1764. ===================
  1765. * deprecate things with `depd` module
  1766. * deps: buffer-crc32@0.2.3
  1767. * deps: connect@2.20.2
  1768. - deprecate `verify` option to `json` -- use `body-parser` npm module instead
  1769. - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
  1770. - deprecate things with `depd` module
  1771. - use `finalhandler` for final response handling
  1772. - use `media-typer` to parse `content-type` for charset
  1773. - deps: body-parser@1.4.3
  1774. - deps: connect-timeout@1.1.1
  1775. - deps: cookie-parser@1.3.1
  1776. - deps: csurf@1.2.2
  1777. - deps: errorhandler@1.1.0
  1778. - deps: express-session@1.4.0
  1779. - deps: multiparty@3.2.9
  1780. - deps: serve-index@1.1.2
  1781. - deps: type-is@1.3.1
  1782. - deps: vhost@2.0.0
  1783. 3.10.5 / 2014-06-11
  1784. ===================
  1785. * deps: connect@2.19.6
  1786. - deps: body-parser@1.3.1
  1787. - deps: compression@1.0.7
  1788. - deps: debug@1.0.2
  1789. - deps: serve-index@1.1.1
  1790. - deps: serve-static@1.2.3
  1791. * deps: debug@1.0.2
  1792. * deps: send@0.4.3
  1793. - Do not throw uncatchable error on file open race condition
  1794. - Use `escape-html` for HTML escaping
  1795. - deps: debug@1.0.2
  1796. - deps: finished@1.2.2
  1797. - deps: fresh@0.2.2
  1798. 3.10.4 / 2014-06-09
  1799. ===================
  1800. * deps: connect@2.19.5
  1801. - fix "event emitter leak" warnings
  1802. - deps: csurf@1.2.1
  1803. - deps: debug@1.0.1
  1804. - deps: serve-static@1.2.2
  1805. - deps: type-is@1.2.1
  1806. * deps: debug@1.0.1
  1807. * deps: send@0.4.2
  1808. - fix "event emitter leak" warnings
  1809. - deps: finished@1.2.1
  1810. - deps: debug@1.0.1
  1811. 3.10.3 / 2014-06-05
  1812. ===================
  1813. * use `vary` module for `res.vary`
  1814. * deps: connect@2.19.4
  1815. - deps: errorhandler@1.0.2
  1816. - deps: method-override@2.0.2
  1817. - deps: serve-favicon@2.0.1
  1818. * deps: debug@1.0.0
  1819. 3.10.2 / 2014-06-03
  1820. ===================
  1821. * deps: connect@2.19.3
  1822. - deps: compression@1.0.6
  1823. 3.10.1 / 2014-06-03
  1824. ===================
  1825. * deps: connect@2.19.2
  1826. - deps: compression@1.0.4
  1827. * deps: proxy-addr@1.0.1
  1828. 3.10.0 / 2014-06-02
  1829. ===================
  1830. * deps: connect@2.19.1
  1831. - deprecate `methodOverride()` -- use `method-override` npm module instead
  1832. - deps: body-parser@1.3.0
  1833. - deps: method-override@2.0.1
  1834. - deps: multiparty@3.2.8
  1835. - deps: response-time@2.0.0
  1836. - deps: serve-static@1.2.1
  1837. * deps: methods@1.0.1
  1838. * deps: send@0.4.1
  1839. - Send `max-age` in `Cache-Control` in correct format
  1840. 3.9.0 / 2014-05-30
  1841. ==================
  1842. * custom etag control with `app.set('etag', val)`
  1843. - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
  1844. - `app.set('etag', 'weak')` weak tag
  1845. - `app.set('etag', 'strong')` strong etag
  1846. - `app.set('etag', false)` turn off
  1847. - `app.set('etag', true)` standard etag
  1848. * Include ETag in HEAD requests
  1849. * mark `res.send` ETag as weak and reduce collisions
  1850. * update connect to 2.18.0
  1851. - deps: compression@1.0.3
  1852. - deps: serve-index@1.1.0
  1853. - deps: serve-static@1.2.0
  1854. * update send to 0.4.0
  1855. - Calculate ETag with md5 for reduced collisions
  1856. - Ignore stream errors after request ends
  1857. - deps: debug@0.8.1
  1858. 3.8.1 / 2014-05-27
  1859. ==================
  1860. * update connect to 2.17.3
  1861. - deps: body-parser@1.2.2
  1862. - deps: express-session@1.2.1
  1863. - deps: method-override@1.0.2
  1864. 3.8.0 / 2014-05-21
  1865. ==================
  1866. * keep previous `Content-Type` for `res.jsonp`
  1867. * set proper `charset` in `Content-Type` for `res.send`
  1868. * update connect to 2.17.1
  1869. - fix `res.charset` appending charset when `content-type` has one
  1870. - deps: express-session@1.2.0
  1871. - deps: morgan@1.1.1
  1872. - deps: serve-index@1.0.3
  1873. 3.7.0 / 2014-05-18
  1874. ==================
  1875. * proper proxy trust with `app.set('trust proxy', trust)`
  1876. - `app.set('trust proxy', 1)` trust first hop
  1877. - `app.set('trust proxy', 'loopback')` trust loopback addresses
  1878. - `app.set('trust proxy', '10.0.0.1')` trust single IP
  1879. - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
  1880. - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
  1881. - `app.set('trust proxy', false)` turn off
  1882. - `app.set('trust proxy', true)` trust everything
  1883. * update connect to 2.16.2
  1884. - deprecate `res.headerSent` -- use `res.headersSent`
  1885. - deprecate `res.on("header")` -- use on-headers module instead
  1886. - fix edge-case in `res.appendHeader` that would append in wrong order
  1887. - json: use body-parser
  1888. - urlencoded: use body-parser
  1889. - dep: bytes@1.0.0
  1890. - dep: cookie-parser@1.1.0
  1891. - dep: csurf@1.2.0
  1892. - dep: express-session@1.1.0
  1893. - dep: method-override@1.0.1
  1894. 3.6.0 / 2014-05-09
  1895. ==================
  1896. * deprecate `app.del()` -- use `app.delete()` instead
  1897. * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
  1898. - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
  1899. * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
  1900. - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
  1901. * support PURGE method
  1902. - add `app.purge`
  1903. - add `router.purge`
  1904. - include PURGE in `app.all`
  1905. * update connect to 2.15.0
  1906. * Add `res.appendHeader`
  1907. * Call error stack even when response has been sent
  1908. * Patch `res.headerSent` to return Boolean
  1909. * Patch `res.headersSent` for node.js 0.8
  1910. * Prevent default 404 handler after response sent
  1911. * dep: compression@1.0.2
  1912. * dep: connect-timeout@1.1.0
  1913. * dep: debug@^0.8.0
  1914. * dep: errorhandler@1.0.1
  1915. * dep: express-session@1.0.4
  1916. * dep: morgan@1.0.1
  1917. * dep: serve-favicon@2.0.0
  1918. * dep: serve-index@1.0.2
  1919. * update debug to 0.8.0
  1920. * add `enable()` method
  1921. * change from stderr to stdout
  1922. * update methods to 1.0.0
  1923. - add PURGE
  1924. * update mkdirp to 0.5.0
  1925. 3.5.3 / 2014-05-08
  1926. ==================
  1927. * fix `req.host` for IPv6 literals
  1928. * fix `res.jsonp` error if callback param is object
  1929. 3.5.2 / 2014-04-24
  1930. ==================
  1931. * update connect to 2.14.5
  1932. * update cookie to 0.1.2
  1933. * update mkdirp to 0.4.0
  1934. * update send to 0.3.0
  1935. 3.5.1 / 2014-03-25
  1936. ==================
  1937. * pin less-middleware in generated app
  1938. 3.5.0 / 2014-03-06
  1939. ==================
  1940. * bump deps
  1941. 3.4.8 / 2014-01-13
  1942. ==================
  1943. * prevent incorrect automatic OPTIONS responses #1868 @dpatti
  1944. * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
  1945. * throw 400 in case of malformed paths @rlidwka
  1946. 3.4.7 / 2013-12-10
  1947. ==================
  1948. * update connect
  1949. 3.4.6 / 2013-12-01
  1950. ==================
  1951. * update connect (raw-body)
  1952. 3.4.5 / 2013-11-27
  1953. ==================
  1954. * update connect
  1955. * res.location: remove leading ./ #1802 @kapouer
  1956. * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
  1957. * res.send: always send ETag when content-length > 0
  1958. * router: add Router.all() method
  1959. 3.4.4 / 2013-10-29
  1960. ==================
  1961. * update connect
  1962. * update supertest
  1963. * update methods
  1964. * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
  1965. 3.4.3 / 2013-10-23
  1966. ==================
  1967. * update connect
  1968. 3.4.2 / 2013-10-18
  1969. ==================
  1970. * update connect
  1971. * downgrade commander
  1972. 3.4.1 / 2013-10-15
  1973. ==================
  1974. * update connect
  1975. * update commander
  1976. * jsonp: check if callback is a function
  1977. * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
  1978. * res.format: now includes charset @1747 (@sorribas)
  1979. * res.links: allow multiple calls @1746 (@sorribas)
  1980. 3.4.0 / 2013-09-07
  1981. ==================
  1982. * add res.vary(). Closes #1682
  1983. * update connect
  1984. 3.3.8 / 2013-09-02
  1985. ==================
  1986. * update connect
  1987. 3.3.7 / 2013-08-28
  1988. ==================
  1989. * update connect
  1990. 3.3.6 / 2013-08-27
  1991. ==================
  1992. * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
  1993. * add: req.accepts take an argument list
  1994. 3.3.4 / 2013-07-08
  1995. ==================
  1996. * update send and connect
  1997. 3.3.3 / 2013-07-04
  1998. ==================
  1999. * update connect
  2000. 3.3.2 / 2013-07-03
  2001. ==================
  2002. * update connect
  2003. * update send
  2004. * remove .version export
  2005. 3.3.1 / 2013-06-27
  2006. ==================
  2007. * update connect
  2008. 3.3.0 / 2013-06-26
  2009. ==================
  2010. * update connect
  2011. * add support for multiple X-Forwarded-Proto values. Closes #1646
  2012. * change: remove charset from json responses. Closes #1631
  2013. * change: return actual booleans from req.accept* functions
  2014. * fix jsonp callback array throw
  2015. 3.2.6 / 2013-06-02
  2016. ==================
  2017. * update connect
  2018. 3.2.5 / 2013-05-21
  2019. ==================
  2020. * update connect
  2021. * update node-cookie
  2022. * add: throw a meaningful error when there is no default engine
  2023. * change generation of ETags with res.send() to GET requests only. Closes #1619
  2024. 3.2.4 / 2013-05-09
  2025. ==================
  2026. * fix `req.subdomains` when no Host is present
  2027. * fix `req.host` when no Host is present, return undefined
  2028. 3.2.3 / 2013-05-07
  2029. ==================
  2030. * update connect / qs
  2031. 3.2.2 / 2013-05-03
  2032. ==================
  2033. * update qs
  2034. 3.2.1 / 2013-04-29
  2035. ==================
  2036. * add app.VERB() paths array deprecation warning
  2037. * update connect
  2038. * update qs and remove all ~ semver crap
  2039. * fix: accept number as value of Signed Cookie
  2040. 3.2.0 / 2013-04-15
  2041. ==================
  2042. * add "view" constructor setting to override view behaviour
  2043. * add req.acceptsEncoding(name)
  2044. * add req.acceptedEncodings
  2045. * revert cookie signature change causing session race conditions
  2046. * fix sorting of Accept values of the same quality
  2047. 3.1.2 / 2013-04-12
  2048. ==================
  2049. * add support for custom Accept parameters
  2050. * update cookie-signature
  2051. 3.1.1 / 2013-04-01
  2052. ==================
  2053. * add X-Forwarded-Host support to `req.host`
  2054. * fix relative redirects
  2055. * update mkdirp
  2056. * update buffer-crc32
  2057. * remove legacy app.configure() method from app template.
  2058. 3.1.0 / 2013-01-25
  2059. ==================
  2060. * add support for leading "." in "view engine" setting
  2061. * add array support to `res.set()`
  2062. * add node 0.8.x to travis.yml
  2063. * add "subdomain offset" setting for tweaking `req.subdomains`
  2064. * add `res.location(url)` implementing `res.redirect()`-like setting of Location
  2065. * use app.get() for x-powered-by setting for inheritance
  2066. * fix colons in passwords for `req.auth`
  2067. 3.0.6 / 2013-01-04
  2068. ==================
  2069. * add http verb methods to Router
  2070. * update connect
  2071. * fix mangling of the `res.cookie()` options object
  2072. * fix jsonp whitespace escape. Closes #1132
  2073. 3.0.5 / 2012-12-19
  2074. ==================
  2075. * add throwing when a non-function is passed to a route
  2076. * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
  2077. * revert "add 'etag' option"
  2078. 3.0.4 / 2012-12-05
  2079. ==================
  2080. * add 'etag' option to disable `res.send()` Etags
  2081. * add escaping of urls in text/plain in `res.redirect()`
  2082. for old browsers interpreting as html
  2083. * change crc32 module for a more liberal license
  2084. * update connect
  2085. 3.0.3 / 2012-11-13
  2086. ==================
  2087. * update connect
  2088. * update cookie module
  2089. * fix cookie max-age
  2090. 3.0.2 / 2012-11-08
  2091. ==================
  2092. * add OPTIONS to cors example. Closes #1398
  2093. * fix route chaining regression. Closes #1397
  2094. 3.0.1 / 2012-11-01
  2095. ==================
  2096. * update connect
  2097. 3.0.0 / 2012-10-23
  2098. ==================
  2099. * add `make clean`
  2100. * add "Basic" check to req.auth
  2101. * add `req.auth` test coverage
  2102. * add cb && cb(payload) to `res.jsonp()`. Closes #1374
  2103. * add backwards compat for `res.redirect()` status. Closes #1336
  2104. * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
  2105. * update connect
  2106. * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
  2107. * remove non-primitive string support for `res.send()`
  2108. * fix view-locals example. Closes #1370
  2109. * fix route-separation example
  2110. 3.0.0rc5 / 2012-09-18
  2111. ==================
  2112. * update connect
  2113. * add redis search example
  2114. * add static-files example
  2115. * add "x-powered-by" setting (`app.disable('x-powered-by')`)
  2116. * add "application/octet-stream" redirect Accept test case. Closes #1317
  2117. 3.0.0rc4 / 2012-08-30
  2118. ==================
  2119. * add `res.jsonp()`. Closes #1307
  2120. * add "verbose errors" option to error-pages example
  2121. * add another route example to express(1) so people are not so confused
  2122. * add redis online user activity tracking example
  2123. * update connect dep
  2124. * fix etag quoting. Closes #1310
  2125. * fix error-pages 404 status
  2126. * fix jsonp callback char restrictions
  2127. * remove old OPTIONS default response
  2128. 3.0.0rc3 / 2012-08-13
  2129. ==================
  2130. * update connect dep
  2131. * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
  2132. * fix `res.render()` clobbering of "locals"
  2133. 3.0.0rc2 / 2012-08-03
  2134. ==================
  2135. * add CORS example
  2136. * update connect dep
  2137. * deprecate `.createServer()` & remove old stale examples
  2138. * fix: escape `res.redirect()` link
  2139. * fix vhost example
  2140. 3.0.0rc1 / 2012-07-24
  2141. ==================
  2142. * add more examples to view-locals
  2143. * add scheme-relative redirects (`res.redirect("//foo.com")`) support
  2144. * update cookie dep
  2145. * update connect dep
  2146. * update send dep
  2147. * fix `express(1)` -h flag, use -H for hogan. Closes #1245
  2148. * fix `res.sendfile()` socket error handling regression
  2149. 3.0.0beta7 / 2012-07-16
  2150. ==================
  2151. * update connect dep for `send()` root normalization regression
  2152. 3.0.0beta6 / 2012-07-13
  2153. ==================
  2154. * add `err.view` property for view errors. Closes #1226
  2155. * add "jsonp callback name" setting
  2156. * add support for "/foo/:bar*" non-greedy matches
  2157. * change `res.sendfile()` to use `send()` module
  2158. * change `res.send` to use "response-send" module
  2159. * remove `app.locals.use` and `res.locals.use`, use regular middleware
  2160. 3.0.0beta5 / 2012-07-03
  2161. ==================
  2162. * add "make check" support
  2163. * add route-map example
  2164. * add `res.json(obj, status)` support back for BC
  2165. * add "methods" dep, remove internal methods module
  2166. * update connect dep
  2167. * update auth example to utilize cores pbkdf2
  2168. * updated tests to use "supertest"
  2169. 3.0.0beta4 / 2012-06-25
  2170. ==================
  2171. * Added `req.auth`
  2172. * Added `req.range(size)`
  2173. * Added `res.links(obj)`
  2174. * Added `res.send(body, status)` support back for backwards compat
  2175. * Added `.default()` support to `res.format()`
  2176. * Added 2xx / 304 check to `req.fresh`
  2177. * Revert "Added + support to the router"
  2178. * Fixed `res.send()` freshness check, respect res.statusCode
  2179. 3.0.0beta3 / 2012-06-15
  2180. ==================
  2181. * Added hogan `--hjs` to express(1) [nullfirm]
  2182. * Added another example to content-negotiation
  2183. * Added `fresh` dep
  2184. * Changed: `res.send()` always checks freshness
  2185. * Fixed: expose connects mime module. Closes #1165
  2186. 3.0.0beta2 / 2012-06-06
  2187. ==================
  2188. * Added `+` support to the router
  2189. * Added `req.host`
  2190. * Changed `req.param()` to check route first
  2191. * Update connect dep
  2192. 3.0.0beta1 / 2012-06-01
  2193. ==================
  2194. * Added `res.format()` callback to override default 406 behaviour
  2195. * Fixed `res.redirect()` 406. Closes #1154
  2196. 3.0.0alpha5 / 2012-05-30
  2197. ==================
  2198. * Added `req.ip`
  2199. * Added `{ signed: true }` option to `res.cookie()`
  2200. * Removed `res.signedCookie()`
  2201. * Changed: dont reverse `req.ips`
  2202. * Fixed "trust proxy" setting check for `req.ips`
  2203. 3.0.0alpha4 / 2012-05-09
  2204. ==================
  2205. * Added: allow `[]` in jsonp callback. Closes #1128
  2206. * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
  2207. * Updated: connect 2.2.2
  2208. 3.0.0alpha3 / 2012-05-04
  2209. ==================
  2210. * Added public `app.routes`. Closes #887
  2211. * Added _view-locals_ example
  2212. * Added _mvc_ example
  2213. * Added `res.locals.use()`. Closes #1120
  2214. * Added conditional-GET support to `res.send()`
  2215. * Added: coerce `res.set()` values to strings
  2216. * Changed: moved `static()` in generated apps below router
  2217. * Changed: `res.send()` only set ETag when not previously set
  2218. * Changed connect 2.2.1 dep
  2219. * Changed: `make test` now runs unit / acceptance tests
  2220. * Fixed req/res proto inheritance
  2221. 3.0.0alpha2 / 2012-04-26
  2222. ==================
  2223. * Added `make benchmark` back
  2224. * Added `res.send()` support for `String` objects
  2225. * Added client-side data exposing example
  2226. * Added `res.header()` and `req.header()` aliases for BC
  2227. * Added `express.createServer()` for BC
  2228. * Perf: memoize parsed urls
  2229. * Perf: connect 2.2.0 dep
  2230. * Changed: make `expressInit()` middleware self-aware
  2231. * Fixed: use app.get() for all core settings
  2232. * Fixed redis session example
  2233. * Fixed session example. Closes #1105
  2234. * Fixed generated express dep. Closes #1078
  2235. 3.0.0alpha1 / 2012-04-15
  2236. ==================
  2237. * Added `app.locals.use(callback)`
  2238. * Added `app.locals` object
  2239. * Added `app.locals(obj)`
  2240. * Added `res.locals` object
  2241. * Added `res.locals(obj)`
  2242. * Added `res.format()` for content-negotiation
  2243. * Added `app.engine()`
  2244. * Added `res.cookie()` JSON cookie support
  2245. * Added "trust proxy" setting
  2246. * Added `req.subdomains`
  2247. * Added `req.protocol`
  2248. * Added `req.secure`
  2249. * Added `req.path`
  2250. * Added `req.ips`
  2251. * Added `req.fresh`
  2252. * Added `req.stale`
  2253. * Added comma-delimited / array support for `req.accepts()`
  2254. * Added debug instrumentation
  2255. * Added `res.set(obj)`
  2256. * Added `res.set(field, value)`
  2257. * Added `res.get(field)`
  2258. * Added `app.get(setting)`. Closes #842
  2259. * Added `req.acceptsLanguage()`
  2260. * Added `req.acceptsCharset()`
  2261. * Added `req.accepted`
  2262. * Added `req.acceptedLanguages`
  2263. * Added `req.acceptedCharsets`
  2264. * Added "json replacer" setting
  2265. * Added "json spaces" setting
  2266. * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
  2267. * Added `--less` support to express(1)
  2268. * Added `express.response` prototype
  2269. * Added `express.request` prototype
  2270. * Added `express.application` prototype
  2271. * Added `app.path()`
  2272. * Added `app.render()`
  2273. * Added `res.type()` to replace `res.contentType()`
  2274. * Changed: `res.redirect()` to add relative support
  2275. * Changed: enable "jsonp callback" by default
  2276. * Changed: renamed "case sensitive routes" to "case sensitive routing"
  2277. * Rewrite of all tests with mocha
  2278. * Removed "root" setting
  2279. * Removed `res.redirect('home')` support
  2280. * Removed `req.notify()`
  2281. * Removed `app.register()`
  2282. * Removed `app.redirect()`
  2283. * Removed `app.is()`
  2284. * Removed `app.helpers()`
  2285. * Removed `app.dynamicHelpers()`
  2286. * Fixed `res.sendfile()` with non-GET. Closes #723
  2287. * Fixed express(1) public dir for windows. Closes #866
  2288. 2.5.9/ 2012-04-02
  2289. ==================
  2290. * Added support for PURGE request method [pbuyle]
  2291. * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
  2292. 2.5.8 / 2012-02-08
  2293. ==================
  2294. * Update mkdirp dep. Closes #991
  2295. 2.5.7 / 2012-02-06
  2296. ==================
  2297. * Fixed `app.all` duplicate DELETE requests [mscdex]
  2298. 2.5.6 / 2012-01-13
  2299. ==================
  2300. * Updated hamljs dev dep. Closes #953
  2301. 2.5.5 / 2012-01-08
  2302. ==================
  2303. * Fixed: set `filename` on cached templates [matthewleon]
  2304. 2.5.4 / 2012-01-02
  2305. ==================
  2306. * Fixed `express(1)` eol on 0.4.x. Closes #947
  2307. 2.5.3 / 2011-12-30
  2308. ==================
  2309. * Fixed `req.is()` when a charset is present
  2310. 2.5.2 / 2011-12-10
  2311. ==================
  2312. * Fixed: express(1) LF -> CRLF for windows
  2313. 2.5.1 / 2011-11-17
  2314. ==================
  2315. * Changed: updated connect to 1.8.x
  2316. * Removed sass.js support from express(1)
  2317. 2.5.0 / 2011-10-24
  2318. ==================
  2319. * Added ./routes dir for generated app by default
  2320. * Added npm install reminder to express(1) app gen
  2321. * Added 0.5.x support
  2322. * Removed `make test-cov` since it wont work with node 0.5.x
  2323. * Fixed express(1) public dir for windows. Closes #866
  2324. 2.4.7 / 2011-10-05
  2325. ==================
  2326. * Added mkdirp to express(1). Closes #795
  2327. * Added simple _json-config_ example
  2328. * Added shorthand for the parsed request's pathname via `req.path`
  2329. * Changed connect dep to 1.7.x to fix npm issue...
  2330. * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
  2331. * Fixed `req.flash()`, only escape args
  2332. * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
  2333. 2.4.6 / 2011-08-22
  2334. ==================
  2335. * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
  2336. 2.4.5 / 2011-08-19
  2337. ==================
  2338. * Added support for routes to handle errors. Closes #809
  2339. * Added `app.routes.all()`. Closes #803
  2340. * Added "basepath" setting to work in conjunction with reverse proxies etc.
  2341. * Refactored `Route` to use a single array of callbacks
  2342. * Added support for multiple callbacks for `app.param()`. Closes #801
  2343. Closes #805
  2344. * Changed: removed .call(self) for route callbacks
  2345. * Dependency: `qs >= 0.3.1`
  2346. * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
  2347. 2.4.4 / 2011-08-05
  2348. ==================
  2349. * Fixed `res.header()` intention of a set, even when `undefined`
  2350. * Fixed `*`, value no longer required
  2351. * Fixed `res.send(204)` support. Closes #771
  2352. 2.4.3 / 2011-07-14
  2353. ==================
  2354. * Added docs for `status` option special-case. Closes #739
  2355. * Fixed `options.filename`, exposing the view path to template engines
  2356. 2.4.2. / 2011-07-06
  2357. ==================
  2358. * Revert "removed jsonp stripping" for XSS
  2359. 2.4.1 / 2011-07-06
  2360. ==================
  2361. * Added `res.json()` JSONP support. Closes #737
  2362. * Added _extending-templates_ example. Closes #730
  2363. * Added "strict routing" setting for trailing slashes
  2364. * Added support for multiple envs in `app.configure()` calls. Closes #735
  2365. * Changed: `res.send()` using `res.json()`
  2366. * Changed: when cookie `path === null` don't default it
  2367. * Changed; default cookie path to "home" setting. Closes #731
  2368. * Removed _pids/logs_ creation from express(1)
  2369. 2.4.0 / 2011-06-28
  2370. ==================
  2371. * Added chainable `res.status(code)`
  2372. * Added `res.json()`, an explicit version of `res.send(obj)`
  2373. * Added simple web-service example
  2374. 2.3.12 / 2011-06-22
  2375. ==================
  2376. * \#express is now on freenode! come join!
  2377. * Added `req.get(field, param)`
  2378. * Added links to Japanese documentation, thanks @hideyukisaito!
  2379. * Added; the `express(1)` generated app outputs the env
  2380. * Added `content-negotiation` example
  2381. * Dependency: connect >= 1.5.1 < 2.0.0
  2382. * Fixed view layout bug. Closes #720
  2383. * Fixed; ignore body on 304. Closes #701
  2384. 2.3.11 / 2011-06-04
  2385. ==================
  2386. * Added `npm test`
  2387. * Removed generation of dummy test file from `express(1)`
  2388. * Fixed; `express(1)` adds express as a dep
  2389. * Fixed; prune on `prepublish`
  2390. 2.3.10 / 2011-05-27
  2391. ==================
  2392. * Added `req.route`, exposing the current route
  2393. * Added _package.json_ generation support to `express(1)`
  2394. * Fixed call to `app.param()` function for optional params. Closes #682
  2395. 2.3.9 / 2011-05-25
  2396. ==================
  2397. * Fixed bug-ish with `../' in `res.partial()` calls
  2398. 2.3.8 / 2011-05-24
  2399. ==================
  2400. * Fixed `app.options()`
  2401. 2.3.7 / 2011-05-23
  2402. ==================
  2403. * Added route `Collection`, ex: `app.get('/user/:id').remove();`
  2404. * Added support for `app.param(fn)` to define param logic
  2405. * Removed `app.param()` support for callback with return value
  2406. * Removed module.parent check from express(1) generated app. Closes #670
  2407. * Refactored router. Closes #639
  2408. 2.3.6 / 2011-05-20
  2409. ==================
  2410. * Changed; using devDependencies instead of git submodules
  2411. * Fixed redis session example
  2412. * Fixed markdown example
  2413. * Fixed view caching, should not be enabled in development
  2414. 2.3.5 / 2011-05-20
  2415. ==================
  2416. * Added export `.view` as alias for `.View`
  2417. 2.3.4 / 2011-05-08
  2418. ==================
  2419. * Added `./examples/say`
  2420. * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
  2421. 2.3.3 / 2011-05-03
  2422. ==================
  2423. * Added "case sensitive routes" option.
  2424. * Changed; split methods supported per rfc [slaskis]
  2425. * Fixed route-specific middleware when using the same callback function several times
  2426. 2.3.2 / 2011-04-27
  2427. ==================
  2428. * Fixed view hints
  2429. 2.3.1 / 2011-04-26
  2430. ==================
  2431. * Added `app.match()` as `app.match.all()`
  2432. * Added `app.lookup()` as `app.lookup.all()`
  2433. * Added `app.remove()` for `app.remove.all()`
  2434. * Added `app.remove.VERB()`
  2435. * Fixed template caching collision issue. Closes #644
  2436. * Moved router over from connect and started refactor
  2437. 2.3.0 / 2011-04-25
  2438. ==================
  2439. * Added options support to `res.clearCookie()`
  2440. * Added `res.helpers()` as alias of `res.locals()`
  2441. * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0`
  2442. * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
  2443. * Renamed "cache views" to "view cache". Closes #628
  2444. * Fixed caching of views when using several apps. Closes #637
  2445. * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
  2446. Closes #638
  2447. * Fixed partial lookup precedence. Closes #631
  2448. Shaw]
  2449. 2.2.2 / 2011-04-12
  2450. ==================
  2451. * Added second callback support for `res.download()` connection errors
  2452. * Fixed `filename` option passing to template engine
  2453. 2.2.1 / 2011-04-04
  2454. ==================
  2455. * Added `layout(path)` helper to change the layout within a view. Closes #610
  2456. * Fixed `partial()` collection object support.
  2457. Previously only anything with `.length` would work.
  2458. When `.length` is present one must still be aware of holes,
  2459. however now `{ collection: {foo: 'bar'}}` is valid, exposes
  2460. `keyInCollection` and `keysInCollection`.
  2461. * Performance improved with better view caching
  2462. * Removed `request` and `response` locals
  2463. * Changed; errorHandler page title is now `Express` instead of `Connect`
  2464. 2.2.0 / 2011-03-30
  2465. ==================
  2466. * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
  2467. * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
  2468. * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
  2469. * Dependency `connect >= 1.2.0`
  2470. 2.1.1 / 2011-03-29
  2471. ==================
  2472. * Added; expose `err.view` object when failing to locate a view
  2473. * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
  2474. * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
  2475. 2.1.0 / 2011-03-24
  2476. ==================
  2477. * Added `<root>/_?<name>` partial lookup support. Closes #447
  2478. * Added `request`, `response`, and `app` local variables
  2479. * Added `settings` local variable, containing the app's settings
  2480. * Added `req.flash()` exception if `req.session` is not available
  2481. * Added `res.send(bool)` support (json response)
  2482. * Fixed stylus example for latest version
  2483. * Fixed; wrap try/catch around `res.render()`
  2484. 2.0.0 / 2011-03-17
  2485. ==================
  2486. * Fixed up index view path alternative.
  2487. * Changed; `res.locals()` without object returns the locals
  2488. 2.0.0rc3 / 2011-03-17
  2489. ==================
  2490. * Added `res.locals(obj)` to compliment `res.local(key, val)`
  2491. * Added `res.partial()` callback support
  2492. * Fixed recursive error reporting issue in `res.render()`
  2493. 2.0.0rc2 / 2011-03-17
  2494. ==================
  2495. * Changed; `partial()` "locals" are now optional
  2496. * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
  2497. * Fixed .filename view engine option [reported by drudge]
  2498. * Fixed blog example
  2499. * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
  2500. 2.0.0rc / 2011-03-14
  2501. ==================
  2502. * Fixed; expose `HTTPSServer` constructor
  2503. * Fixed express(1) default test charset. Closes #579 [reported by secoif]
  2504. * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
  2505. 2.0.0beta3 / 2011-03-09
  2506. ==================
  2507. * Added support for `res.contentType()` literal
  2508. The original `res.contentType('.json')`,
  2509. `res.contentType('application/json')`, and `res.contentType('json')`
  2510. will work now.
  2511. * Added `res.render()` status option support back
  2512. * Added charset option for `res.render()`
  2513. * Added `.charset` support (via connect 1.0.4)
  2514. * Added view resolution hints when in development and a lookup fails
  2515. * Added layout lookup support relative to the page view.
  2516. For example while rendering `./views/user/index.jade` if you create
  2517. `./views/user/layout.jade` it will be used in favour of the root layout.
  2518. * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
  2519. * Fixed; default `res.send()` string charset to utf8
  2520. * Removed `Partial` constructor (not currently used)
  2521. 2.0.0beta2 / 2011-03-07
  2522. ==================
  2523. * Added res.render() `.locals` support back to aid in migration process
  2524. * Fixed flash example
  2525. 2.0.0beta / 2011-03-03
  2526. ==================
  2527. * Added HTTPS support
  2528. * Added `res.cookie()` maxAge support
  2529. * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
  2530. * Added mount support for `res.redirect()`, now respects the mount-point
  2531. * Added `union()` util, taking place of `merge(clone())` combo
  2532. * Added stylus support to express(1) generated app
  2533. * Added secret to session middleware used in examples and generated app
  2534. * Added `res.local(name, val)` for progressive view locals
  2535. * Added default param support to `req.param(name, default)`
  2536. * Added `app.disabled()` and `app.enabled()`
  2537. * Added `app.register()` support for omitting leading ".", either works
  2538. * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
  2539. * Added `app.param()` to map route params to async/sync logic
  2540. * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
  2541. * Added extname with no leading "." support to `res.contentType()`
  2542. * Added `cache views` setting, defaulting to enabled in "production" env
  2543. * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
  2544. * Added `req.accepts()` support for extensions
  2545. * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
  2546. static file server `connect.static.send()`.
  2547. * Changed; replaced `connect.utils.mime()` with npm _mime_ module
  2548. * Changed; allow `req.query` to be pre-defined (via middleware or other parent
  2549. * Changed view partial resolution, now relative to parent view
  2550. * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
  2551. * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
  2552. * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
  2553. * Fixed; using _qs_ module instead of _querystring_
  2554. * Fixed; strip unsafe chars from jsonp callbacks
  2555. * Removed "stream threshold" setting
  2556. 1.0.8 / 2011-03-01
  2557. ==================
  2558. * Allow `req.query` to be pre-defined (via middleware or other parent app)
  2559. * "connect": ">= 0.5.0 < 1.0.0". Closes #547
  2560. * Removed the long deprecated __EXPRESS_ENV__ support
  2561. 1.0.7 / 2011-02-07
  2562. ==================
  2563. * Fixed `render()` setting inheritance.
  2564. Mounted apps would not inherit "view engine"
  2565. 1.0.6 / 2011-02-07
  2566. ==================
  2567. * Fixed `view engine` setting bug when period is in dirname
  2568. 1.0.5 / 2011-02-05
  2569. ==================
  2570. * Added secret to generated app `session()` call
  2571. 1.0.4 / 2011-02-05
  2572. ==================
  2573. * Added `qs` dependency to _package.json_
  2574. * Fixed namespaced `require()`s for latest connect support
  2575. 1.0.3 / 2011-01-13
  2576. ==================
  2577. * Remove unsafe characters from JSONP callback names [Ryan Grove]
  2578. 1.0.2 / 2011-01-10
  2579. ==================
  2580. * Removed nested require, using `connect.router`
  2581. 1.0.1 / 2010-12-29
  2582. ==================
  2583. * Fixed for middleware stacked via `createServer()`
  2584. previously the `foo` middleware passed to `createServer(foo)`
  2585. would not have access to Express methods such as `res.send()`
  2586. or props like `req.query` etc.
  2587. 1.0.0 / 2010-11-16
  2588. ==================
  2589. * Added; deduce partial object names from the last segment.
  2590. For example by default `partial('forum/post', postObject)` will
  2591. give you the _post_ object, providing a meaningful default.
  2592. * Added http status code string representation to `res.redirect()` body
  2593. * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
  2594. * Added `req.is()` to aid in content negotiation
  2595. * Added partial local inheritance [suggested by masylum]. Closes #102
  2596. providing access to parent template locals.
  2597. * Added _-s, --session[s]_ flag to express(1) to add session related middleware
  2598. * Added _--template_ flag to express(1) to specify the
  2599. template engine to use.
  2600. * Added _--css_ flag to express(1) to specify the
  2601. stylesheet engine to use (or just plain css by default).
  2602. * Added `app.all()` support [thanks aheckmann]
  2603. * Added partial direct object support.
  2604. You may now `partial('user', user)` providing the "user" local,
  2605. vs previously `partial('user', { object: user })`.
  2606. * Added _route-separation_ example since many people question ways
  2607. to do this with CommonJS modules. Also view the _blog_ example for
  2608. an alternative.
  2609. * Performance; caching view path derived partial object names
  2610. * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
  2611. * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
  2612. 1.0.0rc4 / 2010-10-14
  2613. ==================
  2614. * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
  2615. * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
  2616. * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
  2617. * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
  2618. * Added `partial()` support for array-like collections. Closes #434
  2619. * Added support for swappable querystring parsers
  2620. * Added session usage docs. Closes #443
  2621. * Added dynamic helper caching. Closes #439 [suggested by maritz]
  2622. * Added authentication example
  2623. * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
  2624. * Changed; `express(1)` generated app using 2 spaces instead of 4
  2625. * Default env to "development" again [aheckmann]
  2626. * Removed _context_ option is no more, use "scope"
  2627. * Fixed; exposing _./support_ libs to examples so they can run without installs
  2628. * Fixed mvc example
  2629. 1.0.0rc3 / 2010-09-20
  2630. ==================
  2631. * Added confirmation for `express(1)` app generation. Closes #391
  2632. * Added extending of flash formatters via `app.flashFormatters`
  2633. * Added flash formatter support. Closes #411
  2634. * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
  2635. * Added _stream threshold_ setting for `res.sendfile()`
  2636. * Added `res.send()` __HEAD__ support
  2637. * Added `res.clearCookie()`
  2638. * Added `res.cookie()`
  2639. * Added `res.render()` headers option
  2640. * Added `res.redirect()` response bodies
  2641. * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
  2642. * Fixed `res.sendfile()` responding with 403 on malicious path
  2643. * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
  2644. * Fixed; mounted apps settings now inherit from parent app [aheckmann]
  2645. * Fixed; stripping Content-Length / Content-Type when 204
  2646. * Fixed `res.send()` 204. Closes #419
  2647. * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
  2648. * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
  2649. 1.0.0rc2 / 2010-08-17
  2650. ==================
  2651. * Added `app.register()` for template engine mapping. Closes #390
  2652. * Added `res.render()` callback support as second argument (no options)
  2653. * Added callback support to `res.download()`
  2654. * Added callback support for `res.sendfile()`
  2655. * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
  2656. * Added "partials" setting to docs
  2657. * Added default expresso tests to `express(1)` generated app. Closes #384
  2658. * Fixed `res.sendfile()` error handling, defer via `next()`
  2659. * Fixed `res.render()` callback when a layout is used [thanks guillermo]
  2660. * Fixed; `make install` creating ~/.node_libraries when not present
  2661. * Fixed issue preventing error handlers from being defined anywhere. Closes #387
  2662. 1.0.0rc / 2010-07-28
  2663. ==================
  2664. * Added mounted hook. Closes #369
  2665. * Added connect dependency to _package.json_
  2666. * Removed "reload views" setting and support code
  2667. development env never caches, production always caches.
  2668. * Removed _param_ in route callbacks, signature is now
  2669. simply (req, res, next), previously (req, res, params, next).
  2670. Use _req.params_ for path captures, _req.query_ for GET params.
  2671. * Fixed "home" setting
  2672. * Fixed middleware/router precedence issue. Closes #366
  2673. * Fixed; _configure()_ callbacks called immediately. Closes #368
  2674. 1.0.0beta2 / 2010-07-23
  2675. ==================
  2676. * Added more examples
  2677. * Added; exporting `Server` constructor
  2678. * Added `Server#helpers()` for view locals
  2679. * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
  2680. * Added support for absolute view paths
  2681. * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
  2682. * Added Guillermo Rauch to the contributor list
  2683. * Added support for "as" for non-collection partials. Closes #341
  2684. * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
  2685. * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
  2686. * Fixed instanceof `Array` checks, now `Array.isArray()`
  2687. * Fixed express(1) expansion of public dirs. Closes #348
  2688. * Fixed middleware precedence. Closes #345
  2689. * Fixed view watcher, now async [thanks aheckmann]
  2690. 1.0.0beta / 2010-07-15
  2691. ==================
  2692. * Re-write
  2693. - much faster
  2694. - much lighter
  2695. - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
  2696. 0.14.0 / 2010-06-15
  2697. ==================
  2698. * Utilize relative requires
  2699. * Added Static bufferSize option [aheckmann]
  2700. * Fixed caching of view and partial subdirectories [aheckmann]
  2701. * Fixed mime.type() comments now that ".ext" is not supported
  2702. * Updated haml submodule
  2703. * Updated class submodule
  2704. * Removed bin/express
  2705. 0.13.0 / 2010-06-01
  2706. ==================
  2707. * Added node v0.1.97 compatibility
  2708. * Added support for deleting cookies via Request#cookie('key', null)
  2709. * Updated haml submodule
  2710. * Fixed not-found page, now using using charset utf-8
  2711. * Fixed show-exceptions page, now using using charset utf-8
  2712. * Fixed view support due to fs.readFile Buffers
  2713. * Changed; mime.type() no longer accepts ".type" due to node extname() changes
  2714. 0.12.0 / 2010-05-22
  2715. ==================
  2716. * Added node v0.1.96 compatibility
  2717. * Added view `helpers` export which act as additional local variables
  2718. * Updated haml submodule
  2719. * Changed ETag; removed inode, modified time only
  2720. * Fixed LF to CRLF for setting multiple cookies
  2721. * Fixed cookie compilation; values are now urlencoded
  2722. * Fixed cookies parsing; accepts quoted values and url escaped cookies
  2723. 0.11.0 / 2010-05-06
  2724. ==================
  2725. * Added support for layouts using different engines
  2726. - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
  2727. - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
  2728. - this.render('page.html.haml', { layout: false }) // no layout
  2729. * Updated ext submodule
  2730. * Updated haml submodule
  2731. * Fixed EJS partial support by passing along the context. Issue #307
  2732. 0.10.1 / 2010-05-03
  2733. ==================
  2734. * Fixed binary uploads.
  2735. 0.10.0 / 2010-04-30
  2736. ==================
  2737. * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
  2738. encoding is set to 'utf8' or 'utf-8'.
  2739. * Added "encoding" option to Request#render(). Closes #299
  2740. * Added "dump exceptions" setting, which is enabled by default.
  2741. * Added simple ejs template engine support
  2742. * Added error response support for text/plain, application/json. Closes #297
  2743. * Added callback function param to Request#error()
  2744. * Added Request#sendHead()
  2745. * Added Request#stream()
  2746. * Added support for Request#respond(304, null) for empty response bodies
  2747. * Added ETag support to Request#sendfile()
  2748. * Added options to Request#sendfile(), passed to fs.createReadStream()
  2749. * Added filename arg to Request#download()
  2750. * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
  2751. * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
  2752. * Changed; Request#sendfile() now streams
  2753. * Changed; Renamed Request#halt() to Request#respond(). Closes #289
  2754. * Changed; Using sys.inspect() instead of JSON.encode() for error output
  2755. * Changed; run() returns the http.Server instance. Closes #298
  2756. * Changed; Defaulting Server#host to null (INADDR_ANY)
  2757. * Changed; Logger "common" format scale of 0.4f
  2758. * Removed Logger "request" format
  2759. * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
  2760. * Fixed several issues with http client
  2761. * Fixed Logger Content-Length output
  2762. * Fixed bug preventing Opera from retaining the generated session id. Closes #292
  2763. 0.9.0 / 2010-04-14
  2764. ==================
  2765. * Added DSL level error() route support
  2766. * Added DSL level notFound() route support
  2767. * Added Request#error()
  2768. * Added Request#notFound()
  2769. * Added Request#render() callback function. Closes #258
  2770. * Added "max upload size" setting
  2771. * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
  2772. * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
  2773. * Added callback function support to Request#halt() as 3rd/4th arg
  2774. * Added preprocessing of route param wildcards using param(). Closes #251
  2775. * Added view partial support (with collections etc)
  2776. * Fixed bug preventing falsey params (such as ?page=0). Closes #286
  2777. * Fixed setting of multiple cookies. Closes #199
  2778. * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
  2779. * Changed; session cookie is now httpOnly
  2780. * Changed; Request is no longer global
  2781. * Changed; Event is no longer global
  2782. * Changed; "sys" module is no longer global
  2783. * Changed; moved Request#download to Static plugin where it belongs
  2784. * Changed; Request instance created before body parsing. Closes #262
  2785. * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
  2786. * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
  2787. * Updated support to node --version 0.1.90
  2788. * Updated dependencies
  2789. * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
  2790. * Removed utils.mixin(); use Object#mergeDeep()
  2791. 0.8.0 / 2010-03-19
  2792. ==================
  2793. * Added coffeescript example app. Closes #242
  2794. * Changed; cache api now async friendly. Closes #240
  2795. * Removed deprecated 'express/static' support. Use 'express/plugins/static'
  2796. 0.7.6 / 2010-03-19
  2797. ==================
  2798. * Added Request#isXHR. Closes #229
  2799. * Added `make install` (for the executable)
  2800. * Added `express` executable for setting up simple app templates
  2801. * Added "GET /public/*" to Static plugin, defaulting to <root>/public
  2802. * Added Static plugin
  2803. * Fixed; Request#render() only calls cache.get() once
  2804. * Fixed; Namespacing View caches with "view:"
  2805. * Fixed; Namespacing Static caches with "static:"
  2806. * Fixed; Both example apps now use the Static plugin
  2807. * Fixed set("views"). Closes #239
  2808. * Fixed missing space for combined log format
  2809. * Deprecated Request#sendfile() and 'express/static'
  2810. * Removed Server#running
  2811. 0.7.5 / 2010-03-16
  2812. ==================
  2813. * Added Request#flash() support without args, now returns all flashes
  2814. * Updated ext submodule
  2815. 0.7.4 / 2010-03-16
  2816. ==================
  2817. * Fixed session reaper
  2818. * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
  2819. 0.7.3 / 2010-03-16
  2820. ==================
  2821. * Added package.json
  2822. * Fixed requiring of haml / sass due to kiwi removal
  2823. 0.7.2 / 2010-03-16
  2824. ==================
  2825. * Fixed GIT submodules (HAH!)
  2826. 0.7.1 / 2010-03-16
  2827. ==================
  2828. * Changed; Express now using submodules again until a PM is adopted
  2829. * Changed; chat example using millisecond conversions from ext
  2830. 0.7.0 / 2010-03-15
  2831. ==================
  2832. * Added Request#pass() support (finds the next matching route, or the given path)
  2833. * Added Logger plugin (default "common" format replaces CommonLogger)
  2834. * Removed Profiler plugin
  2835. * Removed CommonLogger plugin
  2836. 0.6.0 / 2010-03-11
  2837. ==================
  2838. * Added seed.yml for kiwi package management support
  2839. * Added HTTP client query string support when method is GET. Closes #205
  2840. * Added support for arbitrary view engines.
  2841. For example "foo.engine.html" will now require('engine'),
  2842. the exports from this module are cached after the first require().
  2843. * Added async plugin support
  2844. * Removed usage of RESTful route funcs as http client
  2845. get() etc, use http.get() and friends
  2846. * Removed custom exceptions
  2847. 0.5.0 / 2010-03-10
  2848. ==================
  2849. * Added ext dependency (library of js extensions)
  2850. * Removed extname() / basename() utils. Use path module
  2851. * Removed toArray() util. Use arguments.values
  2852. * Removed escapeRegexp() util. Use RegExp.escape()
  2853. * Removed process.mixin() dependency. Use utils.mixin()
  2854. * Removed Collection
  2855. * Removed ElementCollection
  2856. * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
  2857. 0.4.0 / 2010-02-11
  2858. ==================
  2859. * Added flash() example to sample upload app
  2860. * Added high level restful http client module (express/http)
  2861. * Changed; RESTful route functions double as HTTP clients. Closes #69
  2862. * Changed; throwing error when routes are added at runtime
  2863. * Changed; defaulting render() context to the current Request. Closes #197
  2864. * Updated haml submodule
  2865. 0.3.0 / 2010-02-11
  2866. ==================
  2867. * Updated haml / sass submodules. Closes #200
  2868. * Added flash message support. Closes #64
  2869. * Added accepts() now allows multiple args. fixes #117
  2870. * Added support for plugins to halt. Closes #189
  2871. * Added alternate layout support. Closes #119
  2872. * Removed Route#run(). Closes #188
  2873. * Fixed broken specs due to use(Cookie) missing
  2874. 0.2.1 / 2010-02-05
  2875. ==================
  2876. * Added "plot" format option for Profiler (for gnuplot processing)
  2877. * Added request number to Profiler plugin
  2878. * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
  2879. * Fixed issue with routes not firing when not files are present. Closes #184
  2880. * Fixed process.Promise -> events.Promise
  2881. 0.2.0 / 2010-02-03
  2882. ==================
  2883. * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
  2884. * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
  2885. * Added expiration support to cache api with reaper. Closes #133
  2886. * Added cache Store.Memory#reap()
  2887. * Added Cache; cache api now uses first class Cache instances
  2888. * Added abstract session Store. Closes #172
  2889. * Changed; cache Memory.Store#get() utilizing Collection
  2890. * Renamed MemoryStore -> Store.Memory
  2891. * Fixed use() of the same plugin several time will always use latest options. Closes #176
  2892. 0.1.0 / 2010-02-03
  2893. ==================
  2894. * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
  2895. * Updated node support to 0.1.27 Closes #169
  2896. * Updated dirname(__filename) -> __dirname
  2897. * Updated libxmljs support to v0.2.0
  2898. * Added session support with memory store / reaping
  2899. * Added quick uid() helper
  2900. * Added multi-part upload support
  2901. * Added Sass.js support / submodule
  2902. * Added production env caching view contents and static files
  2903. * Added static file caching. Closes #136
  2904. * Added cache plugin with memory stores
  2905. * Added support to StaticFile so that it works with non-textual files.
  2906. * Removed dirname() helper
  2907. * Removed several globals (now their modules must be required)
  2908. 0.0.2 / 2010-01-10
  2909. ==================
  2910. * Added view benchmarks; currently haml vs ejs
  2911. * Added Request#attachment() specs. Closes #116
  2912. * Added use of node's parseQuery() util. Closes #123
  2913. * Added `make init` for submodules
  2914. * Updated Haml
  2915. * Updated sample chat app to show messages on load
  2916. * Updated libxmljs parseString -> parseHtmlString
  2917. * Fixed `make init` to work with older versions of git
  2918. * Fixed specs can now run independent specs for those who can't build deps. Closes #127
  2919. * Fixed issues introduced by the node url module changes. Closes 126.
  2920. * Fixed two assertions failing due to Collection#keys() returning strings
  2921. * Fixed faulty Collection#toArray() spec due to keys() returning strings
  2922. * Fixed `make test` now builds libxmljs.node before testing
  2923. 0.0.1 / 2010-01-03
  2924. ==================
  2925. * Initial release