UNPKG

74.9 kBMarkdownView Raw
13.7.0 / 2019-05-17
2==================
3
4 * deps: finalhandler@1.1.2
5 - Set stricter `Content-Security-Policy` header
6 - Fix 404 output for bad / missing pathnames
7 - deps: encodeurl@~1.0.2
8 - deps: parseurl@~1.3.3
9 - deps: statuses@~1.4.0
10 * deps: parseurl@~1.3.3
11 * perf: remove substr call from FQDN mapping
12
133.6.6 / 2018-02-14
14==================
15
16 * deps: finalhandler@1.1.0
17 - Use `res.headersSent` when available
18 * perf: remove array read-past-end
19
203.6.5 / 2017-09-22
21==================
22
23 * deps: debug@2.6.9
24 * deps: finalhandler@1.0.6
25 - deps: debug@2.6.9
26
273.6.4 / 2017-09-20
28==================
29
30 * deps: finalhandler@1.0.5
31 - deps: parseurl@~1.3.2
32 * deps: parseurl@~1.3.2
33 - perf: reduce overhead for full URLs
34 - perf: unroll the "fast-path" `RegExp`
35 * deps: utils-merge@1.0.1
36
373.6.3 / 2017-08-03
38==================
39
40 * deps: debug@2.6.8
41 * deps: finalhandler@1.0.4
42 - deps: debug@2.6.8
43
443.6.2 / 2017-05-16
45==================
46
47 * deps: finalhandler@1.0.3
48 - deps: debug@2.6.7
49 * deps: debug@2.6.7
50 - deps: ms@2.0.0
51
523.6.1 / 2017-04-19
53==================
54
55 * deps: debug@2.6.3
56 - Fix `DEBUG_MAX_ARRAY_LENGTH`
57 * deps: finalhandler@1.0.1
58 - Fix missing `</html>` in HTML document
59 - deps: debug@2.6.3
60
613.6.0 / 2017-02-17
62==================
63
64 * deps: debug@2.6.1
65 - Allow colors in workers
66 - Deprecated `DEBUG_FD` environment variable set to `3` or higher
67 - Fix error when running under React Native
68 - Use same color for same namespace
69 - deps: ms@0.7.2
70 * deps: finalhandler@1.0.0
71 - Fix exception when `err` cannot be converted to a string
72 - Fully URL-encode the pathname in the 404
73 - Only include the pathname in the 404 message
74 - Send complete HTML document
75 - Set `Content-Security-Policy: default-src 'self'` header
76 - deps: debug@2.6.1
77
783.5.1 / 2017-02-12
79==================
80
81 * deps: finalhandler@0.5.1
82 - Fix exception when `err.headers` is not an object
83 - deps: statuses@~1.3.1
84 - perf: hoist regular expressions
85 - perf: remove duplicate validation path
86
873.5.0 / 2016-09-09
88==================
89
90 * deps: finalhandler@0.5.0
91 - Change invalid or non-numeric status code to 500
92 - Overwrite status message to match set status code
93 - Prefer `err.statusCode` if `err.status` is invalid
94 - Set response headers from `err.headers` object
95 - Use `statuses` instead of `http` module for status messages
96
973.4.1 / 2016-01-23
98==================
99
100 * deps: finalhandler@0.4.1
101 - deps: escape-html@~1.0.3
102 * deps: parseurl@~1.3.1
103 - perf: enable strict mode
104
1053.4.0 / 2015-06-18
106==================
107
108 * deps: debug@~2.2.0
109 - deps: ms@0.7.1
110 * deps: finalhandler@0.4.0
111 - Fix a false-positive when unpiping in Node.js 0.8
112 - Support `statusCode` property on `Error` objects
113 - Use `unpipe` module for unpiping requests
114 - deps: debug@~2.2.0
115 - deps: escape-html@1.0.2
116 - deps: on-finished@~2.3.0
117 - perf: enable strict mode
118 - perf: remove argument reassignment
119 * perf: enable strict mode
120 * perf: remove argument reassignments
121
1223.3.5 / 2015-03-16
123==================
124
125 * deps: debug@~2.1.3
126 - Fix high intensity foreground color for bold
127 - deps: ms@0.7.0
128 * deps: finalhandler@0.3.4
129 - deps: debug@~2.1.3
130
1313.3.4 / 2015-01-07
132==================
133
134 * deps: debug@~2.1.1
135 * deps: finalhandler@0.3.3
136 - deps: debug@~2.1.1
137 - deps: on-finished@~2.2.0
138
1393.3.3 / 2014-11-09
140==================
141
142 * Correctly invoke async callback asynchronously
143
1443.3.2 / 2014-10-28
145==================
146
147 * Fix handling of URLs containing `://` in the path
148
1493.3.1 / 2014-10-22
150==================
151
152 * deps: finalhandler@0.3.2
153 - deps: on-finished@~2.1.1
154
1553.3.0 / 2014-10-17
156==================
157
158 * deps: debug@~2.1.0
159 - Implement `DEBUG_FD` env variable support
160 * deps: finalhandler@0.3.1
161 - Terminate in progress response only on error
162 - Use `on-finished` to determine request status
163 - deps: debug@~2.1.0
164
1653.2.0 / 2014-09-08
166==================
167
168 * deps: debug@~2.0.0
169 * deps: finalhandler@0.2.0
170 - Set `X-Content-Type-Options: nosniff` header
171 - deps: debug@~2.0.0
172
1733.1.1 / 2014-08-10
174==================
175
176 * deps: parseurl@~1.3.0
177
1783.1.0 / 2014-07-22
179==================
180
181 * deps: debug@1.0.4
182 * deps: finalhandler@0.1.0
183 - Respond after request fully read
184 - deps: debug@1.0.4
185 * deps: parseurl@~1.2.0
186 - Cache URLs based on original value
187 - Remove no-longer-needed URL mis-parse work-around
188 - Simplify the "fast-path" `RegExp`
189 * perf: reduce executed logic in routing
190 * perf: refactor location of `try` block
191
1923.0.2 / 2014-07-10
193==================
194
195 * deps: debug@1.0.3
196 - Add support for multiple wildcards in namespaces
197 * deps: parseurl@~1.1.3
198 - faster parsing of href-only URLs
199
2003.0.1 / 2014-06-19
201==================
202
203 * use `finalhandler` for final response handling
204 * deps: debug@1.0.2
205
2063.0.0 / 2014-05-29
207==================
208
209 * No changes
210
2113.0.0-rc.2 / 2014-05-04
212=======================
213
214 * Call error stack even when response has been sent
215 * Prevent default 404 handler after response sent
216 * dep: debug@0.8.1
217 * encode stack in HTML for default error handler
218 * remove `proto` export
219
2203.0.0-rc.1 / 2014-03-06
221=======================
222
223 * move middleware to separate repos
224 * remove docs
225 * remove node patches
226 * remove connect(middleware...)
227 * remove the old `connect.createServer()` method
228 * remove various private `connect.utils` functions
229 * drop node.js 0.8 support
230
2312.30.2 / 2015-07-31
232===================
233
234 * deps: body-parser@~1.13.3
235 - deps: type-is@~1.6.6
236 * deps: compression@~1.5.2
237 - deps: accepts@~1.2.12
238 - deps: compressible@~2.0.5
239 - deps: vary@~1.0.1
240 * deps: errorhandler@~1.4.2
241 - deps: accepts@~1.2.12
242 * deps: method-override@~2.3.5
243 - deps: vary@~1.0.1
244 - perf: enable strict mode
245 * deps: serve-index@~1.7.2
246 - deps: accepts@~1.2.12
247 - deps: mime-types@~2.1.4
248 * deps: type-is@~1.6.6
249 - deps: mime-types@~2.1.4
250 * deps: vhost@~3.0.1
251 - perf: enable strict mode
252
2532.30.1 / 2015-07-05
254===================
255
256 * deps: body-parser@~1.13.2
257 - deps: iconv-lite@0.4.11
258 - deps: qs@4.0.0
259 - deps: raw-body@~2.1.2
260 - deps: type-is@~1.6.4
261 * deps: compression@~1.5.1
262 - deps: accepts@~1.2.10
263 - deps: compressible@~2.0.4
264 * deps: errorhandler@~1.4.1
265 - deps: accepts@~1.2.10
266 * deps: qs@4.0.0
267 - Fix dropping parameters like `hasOwnProperty`
268 - Fix various parsing edge cases
269 * deps: morgan@~1.6.1
270 - deps: basic-auth@~1.0.3
271 * deps: pause@0.1.0
272 - Re-emit events with all original arguments
273 - Refactor internals
274 - perf: enable strict mode
275 * deps: serve-index@~1.7.1
276 - deps: accepts@~1.2.10
277 - deps: mime-types@~2.1.2
278 * deps: type-is@~1.6.4
279 - deps: mime-types@~2.1.2
280 - perf: enable strict mode
281 - perf: remove argument reassignment
282
2832.30.0 / 2015-06-18
284===================
285
286 * deps: body-parser@~1.13.1
287 - Add `statusCode` property on `Error`s, in addition to `status`
288 - Change `type` default to `application/json` for JSON parser
289 - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser
290 - Provide static `require` analysis
291 - Use the `http-errors` module to generate errors
292 - deps: bytes@2.1.0
293 - deps: iconv-lite@0.4.10
294 - deps: on-finished@~2.3.0
295 - deps: raw-body@~2.1.1
296 - deps: type-is@~1.6.3
297 - perf: enable strict mode
298 - perf: remove argument reassignment
299 - perf: remove delete call
300 * deps: bytes@2.1.0
301 - Slight optimizations
302 - Units no longer case sensitive when parsing
303 * deps: compression@~1.5.0
304 - Fix return value from `.end` and `.write` after end
305 - Improve detection of zero-length body without `Content-Length`
306 - deps: accepts@~1.2.9
307 - deps: bytes@2.1.0
308 - deps: compressible@~2.0.3
309 - perf: enable strict mode
310 - perf: remove flush reassignment
311 - perf: simplify threshold detection
312 * deps: cookie@0.1.3
313 - Slight optimizations
314 * deps: cookie-parser@~1.3.5
315 - deps: cookie@0.1.3
316 * deps: csurf@~1.8.3
317 - Add `sessionKey` option
318 - deps: cookie@0.1.3
319 - deps: csrf@~3.0.0
320 * deps: errorhandler@~1.4.0
321 - Add charset to the `Content-Type` header
322 - Support `statusCode` property on `Error` objects
323 - deps: accepts@~1.2.9
324 - deps: escape-html@1.0.2
325 * deps: express-session@~1.11.3
326 - Support an array in `secret` option for key rotation
327 - deps: cookie@0.1.3
328 - deps: crc@3.3.0
329 - deps: debug@~2.2.0
330 - deps: depd@~1.0.1
331 - deps: uid-safe@~2.0.0
332 * deps: finalhandler@0.4.0
333 - Fix a false-positive when unpiping in Node.js 0.8
334 - Support `statusCode` property on `Error` objects
335 - Use `unpipe` module for unpiping requests
336 - deps: escape-html@1.0.2
337 - deps: on-finished@~2.3.0
338 - perf: enable strict mode
339 - perf: remove argument reassignment
340 * deps: fresh@0.3.0
341 - Add weak `ETag` matching support
342 * deps: morgan@~1.6.0
343 - Add `morgan.compile(format)` export
344 - Do not color 1xx status codes in `dev` format
345 - Fix `response-time` token to not include response latency
346 - Fix `status` token incorrectly displaying before response in `dev` format
347 - Fix token return values to be `undefined` or a string
348 - Improve representation of multiple headers in `req` and `res` tokens
349 - Use `res.getHeader` in `res` token
350 - deps: basic-auth@~1.0.2
351 - deps: on-finished@~2.3.0
352 - pref: enable strict mode
353 - pref: reduce function closure scopes
354 - pref: remove dynamic compile on every request for `dev` format
355 - pref: remove an argument reassignment
356 - pref: skip function call without `skip` option
357 * deps: serve-favicon@~2.3.0
358 - Send non-chunked response for `OPTIONS`
359 - deps: etag@~1.7.0
360 - deps: fresh@0.3.0
361 - perf: enable strict mode
362 - perf: remove argument reassignment
363 - perf: remove bitwise operations
364 * deps: serve-index@~1.7.0
365 - Accept `function` value for `template` option
366 - Send non-chunked response for `OPTIONS`
367 - Stat parent directory when necessary
368 - Use `Date.prototype.toLocaleDateString` to format date
369 - deps: accepts@~1.2.9
370 - deps: escape-html@1.0.2
371 - deps: mime-types@~2.1.1
372 - perf: enable strict mode
373 - perf: remove argument reassignment
374 * deps: serve-static@~1.10.0
375 - Add `fallthrough` option
376 - Fix reading options from options prototype
377 - Improve the default redirect response headers
378 - Malformed URLs now `next()` instead of 400
379 - deps: escape-html@1.0.2
380 - deps: send@0.13.0
381 - perf: enable strict mode
382 - perf: remove argument reassignment
383 * deps: type-is@~1.6.3
384 - deps: mime-types@~2.1.1
385 - perf: reduce try block size
386 - perf: remove bitwise operations
387
3882.29.2 / 2015-05-14
389===================
390
391 * deps: body-parser@~1.12.4
392 - Slight efficiency improvement when not debugging
393 - deps: debug@~2.2.0
394 - deps: depd@~1.0.1
395 - deps: iconv-lite@0.4.8
396 - deps: on-finished@~2.2.1
397 - deps: qs@2.4.2
398 - deps: raw-body@~2.0.1
399 - deps: type-is@~1.6.2
400 * deps: compression@~1.4.4
401 - deps: accepts@~1.2.7
402 - deps: debug@~2.2.0
403 * deps: connect-timeout@~1.6.2
404 - deps: debug@~2.2.0
405 - deps: ms@0.7.1
406 * deps: debug@~2.2.0
407 - deps: ms@0.7.1
408 * deps: depd@~1.0.1
409 * deps: errorhandler@~1.3.6
410 - deps: accepts@~1.2.7
411 * deps: finalhandler@0.3.6
412 - deps: debug@~2.2.0
413 - deps: on-finished@~2.2.1
414 * deps: method-override@~2.3.3
415 - deps: debug@~2.2.0
416 * deps: morgan@~1.5.3
417 - deps: basic-auth@~1.0.1
418 - deps: debug@~2.2.0
419 - deps: depd@~1.0.1
420 - deps: on-finished@~2.2.1
421 * deps: qs@2.4.2
422 - Fix allowing parameters like `constructor`
423 * deps: response-time@~2.3.1
424 - deps: depd@~1.0.1
425 * deps: serve-favicon@~2.2.1
426 - deps: etag@~1.6.0
427 - deps: ms@0.7.1
428 * deps: serve-index@~1.6.4
429 - deps: accepts@~1.2.7
430 - deps: debug@~2.2.0
431 - deps: mime-types@~2.0.11
432 * deps: serve-static@~1.9.3
433 - deps: send@0.12.3
434 * deps: type-is@~1.6.2
435 - deps: mime-types@~2.0.11
436
4372.29.1 / 2015-03-16
438===================
439
440 * deps: body-parser@~1.12.2
441 - deps: debug@~2.1.3
442 - deps: qs@2.4.1
443 - deps: type-is@~1.6.1
444 * deps: compression@~1.4.3
445 - Fix error when code calls `res.end(str, encoding)`
446 - deps: accepts@~1.2.5
447 - deps: debug@~2.1.3
448 * deps: connect-timeout@~1.6.1
449 - deps: debug@~2.1.3
450 * deps: debug@~2.1.3
451 - Fix high intensity foreground color for bold
452 - deps: ms@0.7.0
453 * deps: errorhandler@~1.3.5
454 - deps: accepts@~1.2.5
455 * deps: express-session@~1.10.4
456 - deps: debug@~2.1.3
457 * deps: finalhandler@0.3.4
458 - deps: debug@~2.1.3
459 * deps: method-override@~2.3.2
460 - deps: debug@~2.1.3
461 * deps: morgan@~1.5.2
462 - deps: debug@~2.1.3
463 * deps: qs@2.4.1
464 - Fix error when parameter `hasOwnProperty` is present
465 * deps: serve-index@~1.6.3
466 - Properly escape file names in HTML
467 - deps: accepts@~1.2.5
468 - deps: debug@~2.1.3
469 - deps: escape-html@1.0.1
470 - deps: mime-types@~2.0.10
471 * deps: serve-static@~1.9.2
472 - deps: send@0.12.2
473 * deps: type-is@~1.6.1
474 - deps: mime-types@~2.0.10
475
4762.29.0 / 2015-02-17
477===================
478
479 * Use `content-type` to parse `Content-Type` headers
480 * deps: body-parser@~1.12.0
481 - add `debug` messages
482 - accept a function for the `type` option
483 - make internal `extended: true` depth limit infinity
484 - use `content-type` to parse `Content-Type` headers
485 - deps: iconv-lite@0.4.7
486 - deps: raw-body@1.3.3
487 - deps: type-is@~1.6.0
488 * deps: compression@~1.4.1
489 - Prefer `gzip` over `deflate` on the server
490 - deps: accepts@~1.2.4
491 * deps: connect-timeout@~1.6.0
492 - deps: http-errors@~1.3.1
493 * deps: cookie-parser@~1.3.4
494 - deps: cookie-signature@1.0.6
495 * deps: cookie-signature@1.0.6
496 * deps: csurf@~1.7.0
497 - Accept `CSRF-Token` and `XSRF-Token` request headers
498 - Default `cookie.path` to `'/'`, if using cookies
499 - deps: cookie-signature@1.0.6
500 - deps: csrf@~2.0.6
501 - deps: http-errors@~1.3.1
502 * deps: errorhandler@~1.3.4
503 - deps: accepts@~1.2.4
504 * deps: express-session@~1.10.3
505 - deps: cookie-signature@1.0.6
506 - deps: uid-safe@1.1.0
507 * deps: http-errors@~1.3.1
508 - Construct errors using defined constructors from `createError`
509 - Fix error names that are not identifiers
510 - Set a meaningful `name` property on constructed errors
511 * deps: response-time@~2.3.0
512 - Add function argument to support recording of response time
513 * deps: serve-index@~1.6.2
514 - deps: accepts@~1.2.4
515 - deps: http-errors@~1.3.1
516 - deps: mime-types@~2.0.9
517 * deps: serve-static@~1.9.1
518 - deps: send@0.12.1
519 * deps: type-is@~1.6.0
520 - fix argument reassignment
521 - fix false-positives in `hasBody` `Transfer-Encoding` check
522 - support wildcard for both type and subtype (`*/*`)
523 - deps: mime-types@~2.0.9
524
5252.28.3 / 2015-01-31
526===================
527
528 * deps: compression@~1.3.1
529 - deps: accepts@~1.2.3
530 - deps: compressible@~2.0.2
531 * deps: csurf@~1.6.6
532 - deps: csrf@~2.0.5
533 * deps: errorhandler@~1.3.3
534 - deps: accepts@~1.2.3
535 * deps: express-session@~1.10.2
536 - deps: uid-safe@1.0.3
537 * deps: serve-index@~1.6.1
538 - deps: accepts@~1.2.3
539 - deps: mime-types@~2.0.8
540 * deps: type-is@~1.5.6
541 - deps: mime-types@~2.0.8
542
5432.28.2 / 2015-01-20
544===================
545
546 * deps: body-parser@~1.10.2
547 - deps: iconv-lite@0.4.6
548 - deps: raw-body@1.3.2
549 * deps: serve-static@~1.8.1
550 - Fix redirect loop in Node.js 0.11.14
551 - Fix root path disclosure
552 - deps: send@0.11.1
553
5542.28.1 / 2015-01-08
555===================
556
557 * deps: csurf@~1.6.5
558 - deps: csrf@~2.0.4
559 * deps: express-session@~1.10.1
560 - deps: uid-safe@~1.0.2
561
5622.28.0 / 2015-01-05
563===================
564
565 * deps: body-parser@~1.10.1
566 - Make internal `extended: true` array limit dynamic
567 - deps: on-finished@~2.2.0
568 - deps: type-is@~1.5.5
569 * deps: compression@~1.3.0
570 - Export the default `filter` function for wrapping
571 - deps: accepts@~1.2.2
572 - deps: debug@~2.1.1
573 * deps: connect-timeout@~1.5.0
574 - deps: debug@~2.1.1
575 - deps: http-errors@~1.2.8
576 - deps: ms@0.7.0
577 * deps: csurf@~1.6.4
578 - deps: csrf@~2.0.3
579 - deps: http-errors@~1.2.8
580 * deps: debug@~2.1.1
581 * deps: errorhandler@~1.3.2
582 - Add `log` option
583 - Fix heading content to not include stack
584 - deps: accepts@~1.2.2
585 * deps: express-session@~1.10.0
586 - Add `store.touch` interface for session stores
587 - Fix `MemoryStore` expiration with `resave: false`
588 - deps: debug@~2.1.1
589 * deps: finalhandler@0.3.3
590 - deps: debug@~2.1.1
591 - deps: on-finished@~2.2.0
592 * deps: method-override@~2.3.1
593 - deps: debug@~2.1.1
594 - deps: methods@~1.1.1
595 * deps: morgan@~1.5.1
596 - Add multiple date formats `clf`, `iso`, and `web`
597 - Deprecate `buffer` option
598 - Fix date format in `common` and `combined` formats
599 - Fix token arguments to accept values with `"`
600 - deps: debug@~2.1.1
601 - deps: on-finished@~2.2.0
602 * deps: serve-favicon@~2.2.0
603 - Support query string in the URL
604 - deps: etag@~1.5.1
605 - deps: ms@0.7.0
606 * deps: serve-index@~1.6.0
607 - Add link to root directory
608 - deps: accepts@~1.2.2
609 - deps: batch@0.5.2
610 - deps: debug@~2.1.1
611 - deps: mime-types@~2.0.7
612 * deps: serve-static@~1.8.0
613 - Fix potential open redirect when mounted at root
614 - deps: send@0.11.0
615 * deps: type-is@~1.5.5
616 - deps: mime-types@~2.0.7
617
6182.27.6 / 2014-12-10
619===================
620
621 * deps: serve-index@~1.5.3
622 - deps: accepts@~1.1.4
623 - deps: http-errors@~1.2.8
624 - deps: mime-types@~2.0.4
625
6262.27.5 / 2014-12-10
627===================
628
629 * deps: compression@~1.2.2
630 - Fix `.end` to only proxy to `.end`
631 - deps: accepts@~1.1.4
632 * deps: express-session@~1.9.3
633 - Fix error when `req.sessionID` contains a non-string value
634 * deps: http-errors@~1.2.8
635 - Fix stack trace from exported function
636 - Remove `arguments.callee` usage
637 * deps: serve-index@~1.5.2
638 - Fix icon name background alignment on mobile view
639 * deps: type-is@~1.5.4
640 - deps: mime-types@~2.0.4
641
6422.27.4 / 2014-11-23
643===================
644
645 * deps: body-parser@~1.9.3
646 - deps: iconv-lite@0.4.5
647 - deps: qs@2.3.3
648 - deps: raw-body@1.3.1
649 - deps: type-is@~1.5.3
650 * deps: compression@~1.2.1
651 - deps: accepts@~1.1.3
652 * deps: errorhandler@~1.2.3
653 - deps: accepts@~1.1.3
654 * deps: express-session@~1.9.2
655 - deps: crc@3.2.1
656 * deps: qs@2.3.3
657 - Fix `arrayLimit` behavior
658 * deps: serve-favicon@~2.1.7
659 - Avoid errors from enumerables on `Object.prototype`
660 * deps: serve-index@~1.5.1
661 - deps: accepts@~1.1.3
662 - deps: mime-types@~2.0.3
663 * deps: type-is@~1.5.3
664 - deps: mime-types@~2.0.3
665
6662.27.3 / 2014-11-09
667===================
668
669 * Correctly invoke async callback asynchronously
670 * deps: csurf@~1.6.3
671 - bump csrf
672 - bump http-errors
673
6742.27.2 / 2014-10-28
675===================
676
677 * Fix handling of URLs containing `://` in the path
678 * deps: body-parser@~1.9.2
679 - deps: qs@2.3.2
680 * deps: qs@2.3.2
681 - Fix parsing of mixed objects and values
682
6832.27.1 / 2014-10-22
684===================
685
686 * deps: body-parser@~1.9.1
687 - deps: on-finished@~2.1.1
688 - deps: qs@2.3.0
689 - deps: type-is@~1.5.2
690 * deps: express-session@~1.9.1
691 - Remove unnecessary empty write call
692 * deps: finalhandler@0.3.2
693 - deps: on-finished@~2.1.1
694 * deps: morgan@~1.4.1
695 - deps: on-finished@~2.1.1
696 * deps: qs@2.3.0
697 - Fix parsing of mixed implicit and explicit arrays
698 * deps: serve-static@~1.7.1
699 - deps: send@0.10.1
700
7012.27.0 / 2014-10-16
702===================
703
704 * Use `http-errors` module for creating errors
705 * Use `utils-merge` module for merging objects
706 * deps: body-parser@~1.9.0
707 - include the charset in "unsupported charset" error message
708 - include the encoding in "unsupported content encoding" error message
709 - deps: depd@~1.0.0
710 * deps: compression@~1.2.0
711 - deps: debug@~2.1.0
712 * deps: connect-timeout@~1.4.0
713 - Create errors with `http-errors`
714 - deps: debug@~2.1.0
715 * deps: debug@~2.1.0
716 - Implement `DEBUG_FD` env variable support
717 * deps: depd@~1.0.0
718 * deps: express-session@~1.9.0
719 - deps: debug@~2.1.0
720 - deps: depd@~1.0.0
721 * deps: finalhandler@0.3.1
722 - Terminate in progress response only on error
723 - Use `on-finished` to determine request status
724 - deps: debug@~2.1.0
725 * deps: method-override@~2.3.0
726 - deps: debug@~2.1.0
727 * deps: morgan@~1.4.0
728 - Add `debug` messages
729 - deps: depd@~1.0.0
730 * deps: response-time@~2.2.0
731 - Add `header` option for custom header name
732 - Add `suffix` option
733 - Change `digits` argument to an `options` argument
734 - deps: depd@~1.0.0
735 * deps: serve-favicon@~2.1.6
736 - deps: etag@~1.5.0
737 * deps: serve-index@~1.5.0
738 - Add `dir` argument to `filter` function
739 - Add icon for mkv files
740 - Create errors with `http-errors`
741 - Fix incorrect 403 on Windows and Node.js 0.11
742 - Lookup icon by mime type for greater icon support
743 - Support using tokens multiple times
744 - deps: accepts@~1.1.2
745 - deps: debug@~2.1.0
746 - deps: mime-types@~2.0.2
747 * deps: serve-static@~1.7.0
748 - deps: send@0.10.0
749
7502.26.6 / 2014-10-15
751===================
752
753 * deps: compression@~1.1.2
754 - deps: accepts@~1.1.2
755 - deps: compressible@~2.0.1
756 * deps: csurf@~1.6.2
757 - bump http-errors
758 - fix cookie name when using `cookie: true`
759 * deps: errorhandler@~1.2.2
760 - deps: accepts@~1.1.2
761
7622.26.5 / 2014-10-08
763===================
764
765 * Fix accepting non-object arguments to `logger`
766 * deps: serve-static@~1.6.4
767 - Fix redirect loop when index file serving disabled
768
7692.26.4 / 2014-10-02
770===================
771
772 * deps: morgan@~1.3.2
773 - Fix `req.ip` integration when `immediate: false`
774 * deps: type-is@~1.5.2
775 - deps: mime-types@~2.0.2
776
7772.26.3 / 2014-09-24
778===================
779
780 * deps: body-parser@~1.8.4
781 - fix content encoding to be case-insensitive
782 * deps: serve-favicon@~2.1.5
783 - deps: etag@~1.4.0
784 * deps: serve-static@~1.6.3
785 - deps: send@0.9.3
786
7872.26.2 / 2014-09-19
788===================
789
790 * deps: body-parser@~1.8.3
791 - deps: qs@2.2.4
792 * deps: qs@2.2.4
793 - Fix issue with object keys starting with numbers truncated
794
7952.26.1 / 2014-09-15
796===================
797
798 * deps: body-parser@~1.8.2
799 - deps: depd@0.4.5
800 * deps: depd@0.4.5
801 * deps: express-session@~1.8.2
802 - Use `crc` instead of `buffer-crc32` for speed
803 - deps: depd@0.4.5
804 * deps: morgan@~1.3.1
805 - Remove un-used `bytes` dependency
806 - deps: depd@0.4.5
807 * deps: serve-favicon@~2.1.4
808 - Fix content headers being sent in 304 response
809 - deps: etag@~1.3.1
810 * deps: serve-static@~1.6.2
811 - deps: send@0.9.2
812
8132.26.0 / 2014-09-08
814===================
815
816 * deps: body-parser@~1.8.1
817 - add `parameterLimit` option to `urlencoded` parser
818 - change `urlencoded` extended array limit to 100
819 - make empty-body-handling consistent between chunked requests
820 - respond with 415 when over `parameterLimit` in `urlencoded`
821 - deps: media-typer@0.3.0
822 - deps: qs@2.2.3
823 - deps: type-is@~1.5.1
824 * deps: compression@~1.1.0
825 - deps: accepts@~1.1.0
826 - deps: compressible@~2.0.0
827 - deps: debug@~2.0.0
828 * deps: connect-timeout@~1.3.0
829 - deps: debug@~2.0.0
830 * deps: cookie-parser@~1.3.3
831 - deps: cookie-signature@1.0.5
832 * deps: cookie-signature@1.0.5
833 * deps: csurf@~1.6.1
834 - add `ignoreMethods` option
835 - bump cookie-signature
836 - csrf-tokens -> csrf
837 - set `code` property on CSRF token errors
838 * deps: debug@~2.0.0
839 * deps: errorhandler@~1.2.0
840 - Display error using `util.inspect` if no other representation
841 - deps: accepts@~1.1.0
842 * deps: express-session@~1.8.1
843 - Do not resave already-saved session at end of request
844 - Prevent session prototype methods from being overwritten
845 - deps: cookie-signature@1.0.5
846 - deps: debug@~2.0.0
847 * deps: finalhandler@0.2.0
848 - Set `X-Content-Type-Options: nosniff` header
849 - deps: debug@~2.0.0
850 * deps: fresh@0.2.4
851 * deps: media-typer@0.3.0
852 - Throw error when parameter format invalid on parse
853 * deps: method-override@~2.2.0
854 - deps: debug@~2.0.0
855 * deps: morgan@~1.3.0
856 - Assert if `format` is not a function or string
857 * deps: qs@2.2.3
858 - Fix issue where first empty value in array is discarded
859 * deps: serve-favicon@~2.1.3
860 - Accept string for `maxAge` (converted by `ms`)
861 - Use `etag` to generate `ETag` header
862 - deps: fresh@0.2.4
863 * deps: serve-index@~1.2.1
864 - Add `debug` messages
865 - Resolve relative paths at middleware setup
866 - deps: accepts@~1.1.0
867 * deps: serve-static@~1.6.1
868 - Add `lastModified` option
869 - deps: send@0.9.1
870 * deps: type-is@~1.5.1
871 - fix `hasbody` to be true for `content-length: 0`
872 - deps: media-typer@0.3.0
873 - deps: mime-types@~2.0.1
874 * deps: vhost@~3.0.0
875
8762.25.10 / 2014-09-04
877====================
878
879 * deps: serve-static@~1.5.4
880 - deps: send@0.8.5
881
8822.25.9 / 2014-08-29
883===================
884
885 * deps: body-parser@~1.6.7
886 - deps: qs@2.2.2
887 * deps: qs@2.2.2
888
8892.25.8 / 2014-08-27
890===================
891
892 * deps: body-parser@~1.6.6
893 - deps: qs@2.2.0
894 * deps: csurf@~1.4.1
895 * deps: qs@2.2.0
896 - Array parsing fix
897 - Performance improvements
898
8992.25.7 / 2014-08-18
900===================
901
902 * deps: body-parser@~1.6.5
903 - deps: on-finished@2.1.0
904 * deps: express-session@~1.7.6
905 - Fix exception on `res.end(null)` calls
906 * deps: morgan@~1.2.3
907 - deps: on-finished@2.1.0
908 * deps: serve-static@~1.5.3
909 - deps: send@0.8.3
910
9112.25.6 / 2014-08-14
912===================
913
914 * deps: body-parser@~1.6.4
915 - deps: qs@1.2.2
916 * deps: qs@1.2.2
917 * deps: serve-static@~1.5.2
918 - deps: send@0.8.2
919
9202.25.5 / 2014-08-11
921===================
922
923 * Fix backwards compatibility in `logger`
924
9252.25.4 / 2014-08-10
926===================
927
928 * Fix `query` middleware breaking with argument
929 - It never really took one in the first place
930 * deps: body-parser@~1.6.3
931 - deps: qs@1.2.1
932 * deps: compression@~1.0.11
933 - deps: on-headers@~1.0.0
934 - deps: parseurl@~1.3.0
935 * deps: connect-timeout@~1.2.2
936 - deps: on-headers@~1.0.0
937 * deps: express-session@~1.7.5
938 - Fix parsing original URL
939 - deps: on-headers@~1.0.0
940 - deps: parseurl@~1.3.0
941 * deps: method-override@~2.1.3
942 * deps: on-headers@~1.0.0
943 * deps: parseurl@~1.3.0
944 * deps: qs@1.2.1
945 * deps: response-time@~2.0.1
946 - deps: on-headers@~1.0.0
947 * deps: serve-index@~1.1.6
948 - Fix URL parsing
949 * deps: serve-static@~1.5.1
950 - Fix parsing of weird `req.originalUrl` values
951 - deps: parseurl@~1.3.0
952 = deps: utils-merge@1.0.0
953
9542.25.3 / 2014-08-07
955===================
956
957 * deps: multiparty@3.3.2
958 - Fix potential double-callback
959
9602.25.2 / 2014-08-07
961===================
962
963 * deps: body-parser@~1.6.2
964 - deps: qs@1.2.0
965 * deps: qs@1.2.0
966 - Fix parsing array of objects
967
9682.25.1 / 2014-08-06
969===================
970
971 * deps: body-parser@~1.6.1
972 - deps: qs@1.1.0
973 * deps: qs@1.1.0
974 - Accept urlencoded square brackets
975 - Accept empty values in implicit array notation
976
9772.25.0 / 2014-08-05
978===================
979
980 * deps: body-parser@~1.6.0
981 - deps: qs@1.0.2
982 * deps: compression@~1.0.10
983 - Fix upper-case Content-Type characters prevent compression
984 - deps: compressible@~1.1.1
985 * deps: csurf@~1.4.0
986 - Support changing `req.session` after `csurf` middleware
987 - Calling `res.csrfToken()` after `req.session.destroy()` will now work
988 * deps: express-session@~1.7.4
989 - Fix `res.end` patch to call correct upstream `res.write`
990 - Fix response end delay for non-chunked responses
991 * deps: qs@1.0.2
992 - Complete rewrite
993 - Limits array length to 20
994 - Limits object depth to 5
995 - Limits parameters to 1,000
996 * deps: serve-static@~1.5.0
997 - Add `extensions` option
998 - deps: send@0.8.1
999
10002.24.3 / 2014-08-04
1001===================
1002
1003 * deps: serve-index@~1.1.5
1004 - Fix Content-Length calculation for multi-byte file names
1005 - deps: accepts@~1.0.7
1006 * deps: serve-static@~1.4.4
1007 - Fix incorrect 403 on Windows and Node.js 0.11
1008 - deps: send@0.7.4
1009
10102.24.2 / 2014-07-27
1011===================
1012
1013 * deps: body-parser@~1.5.2
1014 * deps: depd@0.4.4
1015 - Work-around v8 generating empty stack traces
1016 * deps: express-session@~1.7.2
1017 * deps: morgan@~1.2.2
1018 * deps: serve-static@~1.4.2
1019
10202.24.1 / 2014-07-26
1021===================
1022
1023 * deps: body-parser@~1.5.1
1024 * deps: depd@0.4.3
1025 - Fix exception when global `Error.stackTraceLimit` is too low
1026 * deps: express-session@~1.7.1
1027 * deps: morgan@~1.2.1
1028 * deps: serve-index@~1.1.4
1029 * deps: serve-static@~1.4.1
1030
10312.24.0 / 2014-07-22
1032===================
1033
1034 * deps: body-parser@~1.5.0
1035 - deps: depd@0.4.2
1036 - deps: iconv-lite@0.4.4
1037 - deps: raw-body@1.3.0
1038 - deps: type-is@~1.3.2
1039 * deps: compression@~1.0.9
1040 - Add `debug` messages
1041 - deps: accepts@~1.0.7
1042 * deps: connect-timeout@~1.2.1
1043 - Accept string for `time` (converted by `ms`)
1044 - deps: debug@1.0.4
1045 * deps: debug@1.0.4
1046 * deps: depd@0.4.2
1047 - Add `TRACE_DEPRECATION` environment variable
1048 - Remove non-standard grey color from color output
1049 - Support `--no-deprecation` argument
1050 - Support `--trace-deprecation` argument
1051 * deps: express-session@~1.7.0
1052 - Improve session-ending error handling
1053 - deps: debug@1.0.4
1054 - deps: depd@0.4.2
1055 * deps: finalhandler@0.1.0
1056 - Respond after request fully read
1057 - deps: debug@1.0.4
1058 * deps: method-override@~2.1.2
1059 - deps: debug@1.0.4
1060 - deps: parseurl@~1.2.0
1061 * deps: morgan@~1.2.0
1062 - Add `:remote-user` token
1063 - Add `combined` log format
1064 - Add `common` log format
1065 - Remove non-standard grey color from `dev` format
1066 * deps: multiparty@3.3.1
1067 * deps: parseurl@~1.2.0
1068 - Cache URLs based on original value
1069 - Remove no-longer-needed URL mis-parse work-around
1070 - Simplify the "fast-path" `RegExp`
1071 * deps: serve-static@~1.4.0
1072 - Add `dotfiles` option
1073 - deps: parseurl@~1.2.0
1074 - deps: send@0.7.0
1075
10762.23.0 / 2014-07-10
1077===================
1078
1079 * deps: debug@1.0.3
1080 - Add support for multiple wildcards in namespaces
1081 * deps: express-session@~1.6.4
1082 * deps: method-override@~2.1.0
1083 - add simple debug output
1084 - deps: methods@1.1.0
1085 - deps: parseurl@~1.1.3
1086 * deps: parseurl@~1.1.3
1087 - faster parsing of href-only URLs
1088 * deps: serve-static@~1.3.1
1089 - deps: parseurl@~1.1.3
1090
10912.22.0 / 2014-07-03
1092===================
1093
1094 * deps: csurf@~1.3.0
1095 - Fix `cookie.signed` option to actually sign cookie
1096 * deps: express-session@~1.6.1
1097 - Fix `res.end` patch to return correct value
1098 - Fix `res.end` patch to handle multiple `res.end` calls
1099 - Reject cookies with missing signatures
1100 * deps: multiparty@3.3.0
1101 - Always emit close after all parts ended
1102 - Fix callback hang in node.js 0.8 on errors
1103 * deps: serve-static@~1.3.0
1104 - Accept string for `maxAge` (converted by `ms`)
1105 - Add `setHeaders` option
1106 - Include HTML link in redirect response
1107 - deps: send@0.5.0
1108
11092.21.1 / 2014-06-26
1110===================
1111
1112 * deps: cookie-parser@1.3.2
1113 - deps: cookie-signature@1.0.4
1114 * deps: cookie-signature@1.0.4
1115 - fix for timing attacks
1116 * deps: express-session@~1.5.2
1117 - deps: cookie-signature@1.0.4
1118 * deps: type-is@~1.3.2
1119 - more mime types
1120
11212.21.0 / 2014-06-20
1122===================
1123
1124 * deprecate `connect(middleware)` -- use `app.use(middleware)` instead
1125 * deprecate `connect.createServer()` -- use `connect()` instead
1126 * fix `res.setHeader()` patch to work with get -> append -> set pattern
1127 * deps: compression@~1.0.8
1128 * deps: errorhandler@~1.1.1
1129 * deps: express-session@~1.5.0
1130 - Deprecate integration with `cookie-parser` middleware
1131 - Deprecate looking for secret in `req.secret`
1132 - Directly read cookies; `cookie-parser` no longer required
1133 - Directly set cookies; `res.cookie` no longer required
1134 - Generate session IDs with `uid-safe`, faster and even less collisions
1135 * deps: serve-index@~1.1.3
1136
11372.20.2 / 2014-06-19
1138===================
1139
1140 * deps: body-parser@1.4.3
1141 - deps: type-is@1.3.1
1142
11432.20.1 / 2014-06-19
1144===================
1145
1146 * deps: type-is@1.3.1
1147 - fix global variable leak
1148
11492.20.0 / 2014-06-19
1150===================
1151
1152 * deprecate `verify` option to `json` -- use `body-parser` npm module instead
1153 * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
1154 * deprecate things with `depd` module
1155 * use `finalhandler` for final response handling
1156 * use `media-typer` to parse `content-type` for charset
1157 * deps: body-parser@1.4.2
1158 - check accepted charset in content-type (accepts utf-8)
1159 - check accepted encoding in content-encoding (accepts identity)
1160 - deprecate `urlencoded()` without provided `extended` option
1161 - lazy-load urlencoded parsers
1162 - support gzip and deflate bodies
1163 - set `inflate: false` to turn off
1164 - deps: raw-body@1.2.2
1165 - deps: type-is@1.3.0
1166 - Support all encodings from `iconv-lite`
1167 * deps: connect-timeout@1.1.1
1168 - deps: debug@1.0.2
1169 * deps: cookie-parser@1.3.1
1170 - export parsing functions
1171 - `req.cookies` and `req.signedCookies` are now plain objects
1172 - slightly faster parsing of many cookies
1173 * deps: csurf@1.2.2
1174 * deps: errorhandler@1.1.0
1175 - Display error on console formatted like `throw`
1176 - Escape HTML in stack trace
1177 - Escape HTML in title
1178 - Fix up edge cases with error sent in response
1179 - Set `X-Content-Type-Options: nosniff` header
1180 - Use accepts for negotiation
1181 * deps: express-session@1.4.0
1182 - Add `genid` option to generate custom session IDs
1183 - Add `saveUninitialized` option to control saving uninitialized sessions
1184 - Add `unset` option to control unsetting `req.session`
1185 - Generate session IDs with `rand-token` by default; reduce collisions
1186 - Integrate with express "trust proxy" by default
1187 - deps: buffer-crc32@0.2.3
1188 - deps: debug@1.0.2
1189 * deps: multiparty@3.2.9
1190 * deps: serve-index@1.1.2
1191 - deps: batch@0.5.1
1192 * deps: type-is@1.3.0
1193 - improve type parsing
1194 * deps: vhost@2.0.0
1195 - Accept `RegExp` object for `hostname`
1196 - Provide `req.vhost` object
1197 - Support IPv6 literal in `Host` header
1198
11992.19.6 / 2014-06-11
1200===================
1201
1202 * deps: body-parser@1.3.1
1203 - deps: type-is@1.2.1
1204 * deps: compression@1.0.7
1205 - use vary module for better `Vary` behavior
1206 - deps: accepts@1.0.3
1207 - deps: compressible@1.1.0
1208 * deps: debug@1.0.2
1209 * deps: serve-index@1.1.1
1210 - deps: accepts@1.0.3
1211 * deps: serve-static@1.2.3
1212 - Do not throw un-catchable error on file open race condition
1213 - deps: send@0.4.3
1214
12152.19.5 / 2014-06-09
1216===================
1217
1218 * deps: csurf@1.2.1
1219 - refactor to use csrf-tokens@~1.0.2
1220 * deps: debug@1.0.1
1221 * deps: serve-static@1.2.2
1222 - fix "event emitter leak" warnings
1223 - deps: send@0.4.2
1224 * deps: type-is@1.2.1
1225 - Switch dependency from `mime` to `mime-types@1.0.0`
1226
12272.19.4 / 2014-06-05
1228===================
1229
1230 * deps: errorhandler@1.0.2
1231 - Pass on errors from reading error files
1232 * deps: method-override@2.0.2
1233 - use vary module for better `Vary` behavior
1234 * deps: serve-favicon@2.0.1
1235 - Reduce byte size of `ETag` header
1236
12372.19.3 / 2014-06-03
1238===================
1239
1240 * deps: compression@1.0.6
1241 - fix listeners for delayed stream creation
1242 - fix regression for certain `stream.pipe(res)` situations
1243 - fix regression when negotiation fails
1244
12452.19.2 / 2014-06-03
1246===================
1247
1248 * deps: compression@1.0.4
1249 - fix adding `Vary` when value stored as array
1250 - fix back-pressure behavior
1251 - fix length check for `res.end`
1252
12532.19.1 / 2014-06-02
1254===================
1255
1256 * fix deprecated `utils.escape`
1257
12582.19.0 / 2014-06-02
1259===================
1260
1261 * deprecate `methodOverride()` -- use `method-override` npm module instead
1262 * deps: body-parser@1.3.0
1263 - add `extended` option to urlencoded parser
1264 * deps: method-override@2.0.1
1265 - set `Vary` header
1266 - deps: methods@1.0.1
1267 * deps: multiparty@3.2.8
1268 * deps: response-time@2.0.0
1269 - add `digits` argument
1270 - do not override existing `X-Response-Time` header
1271 - timer not subject to clock drift
1272 - timer resolution down to nanoseconds
1273 * deps: serve-static@1.2.1
1274 - send max-age in Cache-Control in correct format
1275 - use `escape-html` for escaping
1276 - deps: send@0.4.1
1277
12782.18.0 / 2014-05-29
1279===================
1280
1281 * deps: compression@1.0.3
1282 * deps: serve-index@1.1.0
1283 - Fix content negotiation when no `Accept` header
1284 - Properly support all HTTP methods
1285 - Support vanilla node.js http servers
1286 - Treat `ENAMETOOLONG` as code 414
1287 - Use accepts for negotiation
1288 * deps: serve-static@1.2.0
1289 - Calculate ETag with md5 for reduced collisions
1290 - Fix wrong behavior when index file matches directory
1291 - Ignore stream errors after request ends
1292 - Skip directories in index file search
1293 - deps: send@0.4.0
1294
12952.17.3 / 2014-05-27
1296===================
1297
1298 * deps: express-session@1.2.1
1299 - Fix `resave` such that `resave: true` works
1300
13012.17.2 / 2014-05-27
1302===================
1303
1304 * deps: body-parser@1.2.2
1305 - invoke `next(err)` after request fully read
1306 - deps: raw-body@1.1.6
1307 * deps: method-override@1.0.2
1308 - Handle `req.body` key referencing array or object
1309 - Handle multiple HTTP headers
1310
13112.17.1 / 2014-05-21
1312===================
1313
1314 * fix `res.charset` appending charset when `content-type` has one
1315
13162.17.0 / 2014-05-20
1317===================
1318
1319 * deps: express-session@1.2.0
1320 - Add `resave` option to control saving unmodified sessions
1321 * deps: morgan@1.1.1
1322 - "dev" format will use same tokens as other formats
1323 - `:response-time` token is now empty when immediate used
1324 - `:response-time` token is now monotonic
1325 - `:response-time` token has precision to 1 μs
1326 - fix `:status` + immediate output in node.js 0.8
1327 - improve `buffer` option to prevent indefinite event loop holding
1328 - simplify method to get remote address
1329 - deps: bytes@1.0.0
1330 * deps: serve-index@1.0.3
1331 - Fix error from non-statable files in HTML view
1332
13332.16.2 / 2014-05-18
1334===================
1335
1336 * fix edge-case in `res.appendHeader` that would append in wrong order
1337 * deps: method-override@1.0.1
1338
13392.16.1 / 2014-05-17
1340===================
1341
1342 * remove usages of `res.headerSent` from core
1343
13442.16.0 / 2014-05-17
1345===================
1346
1347 * deprecate `res.headerSent` -- use `res.headersSent`
1348 * deprecate `res.on("header")` -- use on-headers module instead
1349 * fix `connect.version` to reflect the actual version
1350 * json: use body-parser
1351 - add `type` option
1352 - fix repeated limit parsing with every request
1353 - improve parser speed
1354 * urlencoded: use body-parser
1355 - add `type` option
1356 - fix repeated limit parsing with every request
1357 * dep: bytes@1.0.0
1358 * add negative support
1359 * dep: cookie-parser@1.1.0
1360 - deps: cookie@0.1.2
1361 * dep: csurf@1.2.0
1362 - add support for double-submit cookie
1363 * dep: express-session@1.1.0
1364 - Add `name` option; replacement for `key` option
1365 - Use `setImmediate` in MemoryStore for node.js >= 0.10
1366
13672.15.0 / 2014-05-04
1368===================
1369
1370 * Add simple `res.cookie` support
1371 * Add `res.appendHeader`
1372 * Call error stack even when response has been sent
1373 * Patch `res.headerSent` to return Boolean
1374 * Patch `res.headersSent` for node.js 0.8
1375 * Prevent default 404 handler after response sent
1376 * dep: compression@1.0.2
1377 * support headers given to `res.writeHead`
1378 * deps: bytes@0.3.0
1379 * deps: negotiator@0.4.3
1380 * dep: connect-timeout@1.1.0
1381 * Add `req.timedout` property
1382 * Add `respond` option to constructor
1383 * Clear timer on socket destroy
1384 * deps: debug@0.8.1
1385 * dep: debug@^0.8.0
1386 * add `enable()` method
1387 * change from stderr to stdout
1388 * dep: errorhandler@1.0.1
1389 * Clean up error CSS
1390 * Do not respond after headers sent
1391 * dep: express-session@1.0.4
1392 * Remove import of `setImmediate`
1393 * Use `res.cookie()` instead of `res.setHeader()`
1394 * deps: cookie@0.1.2
1395 * deps: debug@0.8.1
1396 * dep: morgan@1.0.1
1397 * Make buffer unique per morgan instance
1398 * deps: bytes@0.3.0
1399 * dep: serve-favicon@2.0.0
1400 * Accept `Buffer` of icon as first argument
1401 * Non-GET and HEAD requests are denied
1402 * Send valid max-age value
1403 * Support conditional requests
1404 * Support max-age=0
1405 * Support OPTIONS method
1406 * Throw if `path` argument is directory
1407 * dep: serve-index@1.0.2
1408 * Add stylesheet option
1409 * deps: negotiator@0.4.3
1410
14112.14.5 / 2014-04-24
1412===================
1413
1414 * dep: raw-body@1.1.4
1415 * allow true as an option
1416 * deps: bytes@0.3.0
1417 * dep: serve-static@1.1.0
1418 * Accept options directly to `send` module
1419 * deps: send@0.3.0
1420
14212.14.4 / 2014-04-07
1422===================
1423
1424 * dep: bytes@0.3.0
1425 * added terabyte support
1426 * dep: csurf@1.1.0
1427 * add constant-time string compare
1428 * dep: serve-static@1.0.4
1429 * Resolve relative paths at middleware setup
1430 * Use parseurl to parse the URL from request
1431 * fix node.js 0.8 compatibility with memory session
1432
14332.14.3 / 2014-03-18
1434===================
1435
1436 * dep: static-favicon@1.0.2
1437 * Fixed content of default icon
1438
14392.14.2 / 2014-03-11
1440===================
1441
1442 * dep: static-favicon@1.0.1
1443 * Fixed path to default icon
1444
14452.14.1 / 2014-03-06
1446===================
1447
1448 * dep: fresh@0.2.2
1449 * no real changes
1450 * dep: serve-index@1.0.1
1451 * deps: negotiator@0.4.2
1452 * dep: serve-static@1.0.2
1453 * deps: send@0.2.0
1454
14552.14.0 / 2014-03-05
1456===================
1457
1458 * basicAuth: use basic-auth-connect
1459 * cookieParser: use cookie-parser
1460 * compress: use compression
1461 * csrf: use csurf
1462 * dep: cookie-signature@1.0.3
1463 * directory: use serve-index
1464 * errorHandler: use errorhandler
1465 * favicon: use static-favicon
1466 * logger: use morgan
1467 * methodOverride: use method-override
1468 * responseTime: use response-time
1469 * session: use express-session
1470 * static: use serve-static
1471 * timeout: use connect-timeout
1472 * vhost: use vhost
1473
14742.13.1 / 2014-03-05
1475===================
1476
1477 * cookieSession: compare full value rather than crc32
1478 * deps: raw-body@1.1.3
1479
14802.13.0 / 2014-02-14
1481===================
1482
1483 * fix typo in memory store warning #974 @rvagg
1484 * compress: use compressible
1485 * directory: add template option #990 @gottaloveit @Earl-Brown
1486 * csrf: prevent deprecated warning with old sessions
1487
14882.12.0 / 2013-12-10
1489===================
1490
1491 * bump qs
1492 * directory: sort folders before files
1493 * directory: add folder icons
1494 * directory: de-duplicate icons, details/mobile views #968 @simov
1495 * errorHandler: end default 404 handler with a newline #972 @rlidwka
1496 * session: remove long cookie expire check #870 @undoZen
1497
14982.11.2 / 2013-12-01
1499===================
1500
1501 * bump raw-body
1502
15032.11.1 / 2013-11-27
1504===================
1505
1506 * bump raw-body
1507 * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma
1508
15092.11.0 / 2013-10-29
1510===================
1511
1512 * update bytes
1513 * update uid2
1514 * update negotiator
1515 * sessions: add rolling session option #944 @ilmeo
1516 * sessions: property set cookies when given FQDN
1517 * cookieSessions: properly set cookies when given FQDN #948 @bmancini55
1518 * proto: fix FQDN mounting when multiple handlers #945 @bmancini55
1519
15202.10.1 / 2013-10-23
1521===================
1522
1523 * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson)
1524
15252.10.0 / 2013-10-22
1526===================
1527
1528 * fixed: set headers written by writeHead before emitting 'header'
1529 * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson)
1530 * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson)
1531 * fixed: fix static directory redirect for mount's root #937 (@dougwilson)
1532 * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123)
1533 * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies
1534 * compress: compress checks content-length to check threshold
1535 * compress: expose `res.flush()` for flushing responses
1536 * cookieParser: pass options into node-cookie #803 (@cauldrath)
1537 * errorHandler: replace `\n`s with `<br/>`s in error handler
1538
15392.9.2 / 2013-10-18
1540==================
1541
1542 * warn about multiparty and limit middleware deprecation for v3
1543 * fix fully qualified domain name mounting. #920 (@dougwilson)
1544 * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson)
1545 * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson)
1546
15472.9.1 / 2013-10-15
1548==================
1549
1550 * update multiparty
1551 * compress: Set vary header only if Content-Type passes filter #904
1552 * directory: Fix directory middleware URI escaping #917 (@dougwilson)
1553 * directory: Fix directory seperators for Windows #914 (@dougwilson)
1554 * directory: Keep query string intact during directory redirect #913 (@dougwilson)
1555 * directory: Fix paths in links #730 (@JacksonTian)
1556 * errorHandler: Don't escape text/plain as HTML #875 (@johan)
1557 * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson)
1558 * logger: Log even when connections are aborted #760 (@dylanahsmith)
1559 * methodOverride: Check req.body is an object #907 (@kbjr)
1560 * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson)
1561 * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce)
1562
15632.9.0 / 2013-09-07
1564==================
1565
1566 * multipart: add docs regarding tmpfiles
1567 * multipart: add .name back to file parts
1568 * multipart: use multiparty instead of formidable
1569
15702.8.8 / 2013-09-02
1571==================
1572
1573 * csrf: change to math.random() salt and remove csrfToken() callback
1574
15752.8.7 / 2013-08-28
1576==================
1577
1578 * csrf: prevent salt generation on every request, and add async req.csrfToken(fn)
1579
15802.8.6 / 2013-08-28
1581==================
1582
1583 * csrf: refactor to use HMAC tokens (BREACH attack)
1584 * compress: add compression of SVG and common font files by default.
1585
15862.8.5 / 2013-08-11
1587==================
1588
1589 * add: compress Dart source files by default
1590 * update fresh
1591
15922.8.4 / 2013-07-08
1593==================
1594
1595 * update send
1596
15972.8.3 / 2013-07-04
1598==================
1599
1600 * add a name back to static middleware ("staticMiddleware")
1601 * fix .hasBody() utility to require transfer-encoding or content-length
1602
16032.8.2 / 2013-07-03
1604==================
1605
1606 * update send
1607 * update cookie dep.
1608 * add better debug() for middleware
1609 * add whitelisting of supported methods to methodOverride()
1610
16112.8.1 / 2013-06-27
1612==================
1613
1614 * fix: escape req.method in 404 response
1615
16162.8.0 / 2013-06-26
1617==================
1618
1619 * add `threshold` option to `compress()` to prevent compression of small responses
1620 * add support for vendor JSON mime types in json()
1621 * add X-Forwarded-Proto initial https proxy support
1622 * change static redirect to 303
1623 * change octal escape sequences for strict mode
1624 * change: replace utils.uid() with uid2 lib
1625 * remove other "static" function name. Fixes #794
1626 * fix: hasBody() should return false if Content-Length: 0
1627
16282.7.11 / 2013-06-02
1629==================
1630
1631 * update send
1632
16332.7.10 / 2013-05-21
1634==================
1635
1636 * update qs
1637 * update formidable
1638 * fix: write/end to noop() when request aborted
1639
16402.7.9 / 2013-05-07
1641==================
1642
1643 * update qs
1644 * drop support for node < v0.8
1645
16462.7.8 / 2013-05-03
1647==================
1648
1649 * update qs
1650
16512.7.7 / 2013-04-29
1652==================
1653
1654 * update qs dependency
1655 * remove "static" function name. Closes #794
1656 * update node-formidable
1657 * update buffer-crc32
1658
16592.7.6 / 2013-04-15
1660==================
1661
1662 * revert cookie signature which was creating session race conditions
1663
16642.7.5 / 2013-04-12
1665==================
1666
1667 * update cookie-signature
1668 * limit: do not consume request in node 0.10.x
1669
16702.7.4 / 2013-04-01
1671==================
1672
1673 * session: add long expires check and prevent excess set-cookie
1674 * session: add console.error() of session#save() errors
1675
16762.7.3 / 2013-02-19
1677==================
1678
1679 * add name to compress middleware
1680 * add appending Accept-Encoding to Vary when set but missing
1681 * add tests for csrf middleware
1682 * add 'next' support for connect() server handler
1683 * change utils.uid() to return url-safe chars. Closes #753
1684 * fix treating '.' as a regexp in vhost()
1685 * fix duplicate bytes dep in package.json. Closes #743
1686 * fix #733 - parse x-forwarded-proto in a more generally compatibly way
1687 * revert "add support for `next(status[, msg])`"; makes composition hard
1688
16892.7.2 / 2013-01-04
1690==================
1691
1692 * add support for `next(status[, msg])` back
1693 * add utf-8 meta tag to support foreign characters in filenames/directories
1694 * change `timeout()` 408 to 503
1695 * replace 'node-crc' with 'buffer-crc32', fixes licensing
1696 * fix directory.html IE support
1697
16982.7.1 / 2012-12-05
1699==================
1700
1701 * add directory() tests
1702 * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely)
1703 * fix errorHandler signature
1704
17052.7.0 / 2012-11-13
1706==================
1707
1708 * add support for leading JSON whitespace
1709 * add logging of `req.ip` when present
1710 * add basicAuth support for `:`-delimited string
1711 * update cookie module. Closes #688
1712
17132.6.2 / 2012-11-01
1714==================
1715
1716 * add `debug()` for disconnected session store
1717 * fix session regeneration bug. Closes #681
1718
17192.6.1 / 2012-10-25
1720==================
1721
1722 * add passing of `connect.timeout()` errors to `next()`
1723 * replace signature utils with cookie-signature module
1724
17252.6.0 / 2012-10-09
1726==================
1727
1728 * add `defer` option to `multipart()` [Blake Miner]
1729 * fix mount path case sensitivity. Closes #663
1730 * fix default of ascii encoding from `logger()`, now utf8. Closes #293
1731
17322.5.0 / 2012-09-27
1733==================
1734
1735 * add `err.status = 400` to multipart() errors
1736 * add double-encoding protection to `compress()`. Closes #659
1737 * add graceful handling cookie parsing errors [shtylman]
1738 * fix typo X-Response-time to X-Response-Time
1739
17402.4.6 / 2012-09-18
1741==================
1742
1743 * update qs
1744
17452.4.5 / 2012-09-03
1746==================
1747
1748 * add session store "connect" / "disconnect" support [louischatriot]
1749 * fix `:url` log token
1750
17512.4.4 / 2012-08-21
1752==================
1753
1754 * fix `static()` pause regression from "send" integration
1755
17562.4.3 / 2012-08-07
1757==================
1758
1759 * fix `.write()` encoding for zlib inconstancy. Closes #561
1760
17612.4.2 / 2012-07-25
1762==================
1763
1764 * remove limit default from `urlencoded()`
1765 * remove limit default from `json()`
1766 * remove limit default from `multipart()`
1767 * fix `cookieSession()` clear cookie path / domain bug. Closes #636
1768
17692.4.1 / 2012-07-24
1770==================
1771
1772 * fix `options` mutation in `static()`
1773
17742.4.0 / 2012-07-23
1775==================
1776
1777 * add `connect.timeout()`
1778 * add __GET__ / __HEAD__ check to `directory()`. Closes #634
1779 * add "pause" util dep
1780 * update send dep for normalization bug
1781
17822.3.9 / 2012-07-16
1783==================
1784
1785 * add more descriptive invalid json error message
1786 * update send dep for root normalization regression
1787 * fix staticCache fresh dep
1788
17892.3.8 / 2012-07-12
1790==================
1791
1792 * fix `connect.static()` 404 regression, pass `next()`. Closes #629
1793
17942.3.7 / 2012-07-05
1795==================
1796
1797 * add `json()` utf-8 illustration test. Closes #621
1798 * add "send" dependency
1799 * change `connect.static()` internals to use "send"
1800 * fix `session()` req.session generation with pathname mismatch
1801 * fix `cookieSession()` req.session generation with pathname mismatch
1802 * fix mime export. Closes #618
1803
18042.3.6 / 2012-07-03
1805==================
1806
1807 * Fixed cookieSession() with cookieParser() secret regression. Closes #602
1808 * Fixed set-cookie header fields on cookie.path mismatch. Closes #615
1809
18102.3.5 / 2012-06-28
1811==================
1812
1813 * Remove `logger()` mount check
1814 * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607
1815 * Fixed `staticCache()` when Cookie is present
1816
18172.3.4 / 2012-06-22
1818==================
1819
1820 * Added `err.buf` to urlencoded() and json()
1821 * Update cookie to 0.0.4. Closes #604
1822 * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten]
1823
18242.3.3 / 2012-06-11
1825==================
1826
1827 * Added ETags back to `static()` [timkuijsten]
1828 * Replaced `utils.parseRange()` with `range-parser` module
1829 * Replaced `utils.parseBytes()` with `bytes` module
1830 * Replaced `utils.modified()` with `fresh` module
1831 * Fixed `cookieSession()` regression with invalid cookie signing [shtylman]
1832
18332.3.2 / 2012-06-08
1834==================
1835
1836 * expose mime module
1837 * Update crc dep (which bundled nodeunit)
1838
18392.3.1 / 2012-06-06
1840==================
1841
1842 * Added `secret` option to `cookieSession` middleware [shtylman]
1843 * Added `secret` option to `session` middleware [shtylman]
1844 * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user`
1845 * Performance: improve signed cookie parsing
1846 * Update `cookie` dependency [shtylman]
1847
18482.3.0 / 2012-05-20
1849==================
1850
1851 * Added limit option to `json()`
1852 * Added limit option to `urlencoded()`
1853 * Added limit option to `multipart()`
1854 * Fixed: remove socket error event listener on callback
1855 * Fixed __ENOTDIR__ error on `static` middleware
1856
18572.2.2 / 2012-05-07
1858==================
1859
1860 * Added support to csrf middle for pre-flight CORS requests
1861 * Updated `engines` to allow newer version of node
1862 * Removed duplicate repo prop. Closes #560
1863
18642.2.1 / 2012-04-28
1865==================
1866
1867 * Fixed `static()` redirect when mounted. Closes #554
1868
18692.2.0 / 2012-04-25
1870==================
1871
1872 * Added `make benchmark`
1873 * Perf: memoize url parsing (~20% increase)
1874 * Fixed `connect(fn, fn2, ...)`. Closes #549
1875
18762.1.3 / 2012-04-20
1877==================
1878
1879 * Added optional json() `reviver` function to be passed to JSON.parse [jed]
1880 * Fixed: emit drain in compress middleware [nsabovic]
1881
18822.1.2 / 2012-04-11
1883==================
1884
1885 * Fixed cookieParser() `req.cookies` regression
1886
18872.1.1 / 2012-04-11
1888==================
1889
1890 * Fixed `session()` browser-session length cookies & examples
1891 * Fixed: make `query()` "self-aware" [jed]
1892
18932.1.0 / 2012-04-05
1894==================
1895
1896 * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`)
1897 * Added `urlencoded()` support for GET
1898 * Added `json()` support for GET. Closes #497
1899 * Added `strict` option to `json()`
1900 * Changed: `session()` only set-cookie when modified
1901 * Removed `Session#lastAccess` property. Closes #399
1902
19032.0.3 / 2012-03-20
1904==================
1905
1906 * Added: `cookieSession()` only sets cookie on change. Closes #442
1907 * Added `connect:dispatcher` debug() probes
1908
19092.0.2 / 2012-03-04
1910==================
1911
1912 * Added test for __ENAMETOOLONG__ now that node is fixed
1913 * Fixed static() index "/" check on windows. Closes #498
1914 * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]
1915
19162.0.1 / 2012-02-29
1917==================
1918
1919 * Added test coverage for `vhost()` middleware
1920 * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov]
1921 * Fixed `static()` Range: respond with 416 when unsatisfiable
1922 * Fixed `vhost()` middleware. Closes #494
1923
19242.0.0 / 2011-10-05
1925==================
1926
1927 * Added `cookieSession()` middleware for cookie-only sessions
1928 * Added `compress()` middleware for gzip / deflate support
1929 * Added `session()` "proxy" setting to trust `X-Forwarded-Proto`
1930 * Added `json()` middleware to parse "application/json"
1931 * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded"
1932 * Added `multipart()` middleware to parse "multipart/form-data"
1933 * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies
1934 * Added signed cookie support to `cookieParser()`
1935 * Added support for JSON-serialized cookies to `cookieParser()`
1936 * Added `err.status` support in Connect's default end-point
1937 * Added X-Cache MISS / HIT to `staticCache()`
1938 * Added public `res.headerSent` checking nodes `res._headerSent` until node does
1939 * Changed `basicAuth()` req.remoteUser to req.user
1940 * Changed: default `session()` to a browser-session cookie. Closes #475
1941 * Changed: no longer lowercase cookie names
1942 * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()`
1943 * Changed: `errorHandler()` is now a development-only middleware
1944 * Changed middleware to `next()` errors when possible so applications can unify logging / handling
1945 * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https
1946 * Removed `.createServer()` (use `connect()`)
1947 * Removed `secret` option from `session()`, use `cookieParser(secret)`
1948 * Removed `connect.session.ignore` array support
1949 * Removed `router()` middleware. Closes #262
1950 * Fixed: set-cookie only once for browser-session cookies
1951 * Fixed FQDN support. dont add leading "/"
1952 * Fixed 404 XSS attack vector. Closes #473
1953 * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point
1954
19551.8.5 / 2011-12-22
1956==================
1957
1958 * Fixed: actually allow empty body for json
1959
19601.8.4 / 2011-12-22
1961==================
1962
1963 * Changed: allow empty body for json/urlencoded requests. Backport for #443
1964
19651.8.3 / 2011-12-16
1966==================
1967
1968 * Fixed `static()` _index.html_ support on windows
1969
19701.8.2 / 2011-12-03
1971==================
1972
1973 * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]
1974
19751.8.1 / 2011-11-21
1976==================
1977
1978 * Added nesting support for _multipart/form-data_ [jackyz]
1979
19801.8.0 / 2011-11-17
1981==================
1982
1983 * Added _multipart/form-data_ support to `bodyParser()` using formidable
1984
19851.7.3 / 2011-11-11
1986==================
1987
1988 * Fixed `req.body`, always default to {}
1989 * Fixed HEAD support for 404s and 500s
1990
19911.7.2 / 2011-10-24
1992==================
1993
1994 * "node": ">= 0.4.1 < 0.7.0"
1995 * Added `static()` redirect option. Closes #398
1996 * Changed `limit()`: respond with 413 when content-length exceeds the limit
1997 * Removed socket error listener in static(). Closes #389
1998 * Fixed `staticCache()` Age header field
1999 * Fixed race condition causing errors reported in #329.
2000
20011.7.1 / 2011-09-12
2002==================
2003
2004 * Added: make `Store` inherit from `EventEmitter`
2005 * Added session `Store#load(sess, fn)` to fetch a `Session` instance
2006 * Added backpressure support to `staticCache()`
2007 * Changed `res.socket.destroy()` to `req.socket.destroy()`
2008
20091.7.0 / 2011-08-31
2010==================
2011
2012 * Added `staticCache()` middleware, a memory cache for `static()`
2013 * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this)
2014 * Changed: ignore error handling middleware when header is sent
2015 * Changed: dispatcher errors after header is sent destroy the sock
2016
20171.6.4 / 2011-08-26
2018==================
2019
2020 * Revert "Added double-next reporting"
2021
20221.6.3 / 2011-08-26
2023==================
2024
2025 * Added double-`next()` reporting
2026 * Added `immediate` option to `logger()`. Closes #321
2027 * Dependency `qs >= 0.3.1`
2028
20291.6.2 / 2011-08-11
2030==================
2031
2032 * Fixed `connect.static()` null byte vulnerability
2033 * Fixed `connect.directory()` null byte vulnerability
2034 * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289
2035
20361.6.1 / 2011-08-03
2037==================
2038
2039 * Added: allow retval `== null` from logger callback to ignore line
2040 * Added `getOnly` option to `connect.static.send()`
2041 * Added response "header" event allowing augmentation
2042 * Added `X-CSRF-Token` header field check
2043 * Changed dep `qs >= 0.3.0`
2044 * Changed: persist csrf token. Closes #322
2045 * Changed: sort directory middleware files alphabetically
2046
20471.6.0 / 2011-07-10
2048==================
2049
2050 * Added :response-time to "dev" logger format
2051 * Added simple `csrf()` middleware. Closes #315
2052 * Fixed `res._headers` logger regression. Closes #318
2053 * Removed support for multiple middleware being passed to `.use()`
2054
20551.5.2 / 2011-07-06
2056==================
2057
2058 * Added `filter` function option to `directory()` [David Rio Deiros]
2059 * Changed: re-write of the `logger()` middleware, with extensible tokens and formats
2060 * Changed: `static.send()` ".." in path without root considered malicious
2061 * Fixed quotes in docs. Closes #312
2062 * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison]
2063
2064
20651.5.1 / 2011-06-20
2066==================
2067
2068 * Added malicious path check to `directory()` middleware
2069 * Added `utils.forbidden(res)`
2070 * Added `connect.query()` middleware
2071
20721.5.0 / 2011-06-20
2073==================
2074
2075 * Added `connect.directory()` middleware for serving directory listings
2076
20771.4.6 / 2011-06-18
2078==================
2079
2080 * Fixed `connect.static()` root with `..`
2081 * Fixed `connect.static()` __EBADF__
2082
20831.4.5 / 2011-06-17
2084==================
2085
2086 * Fixed EBADF in `connect.static()`. Closes #297
2087
20881.4.4 / 2011-06-16
2089==================
2090
2091 * Changed `connect.static()` to check resolved dirname. Closes #294
2092
20931.4.3 / 2011-06-06
2094==================
2095
2096 * Fixed fd leak in `connect.static()` when the socket is closed
2097 * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285
2098
20991.4.2 / 2011-05-27
2100==================
2101
2102 * Changed to `devDependencies`
2103 * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen]
2104 * Fixed Win32 support for `static()`
2105 * Fixed monkey-patch issue. Closes #261
2106
21071.4.1 / 2011-05-08
2108==================
2109
2110 * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251
2111 * Fixed `errorHandler` middleware for missing stack traces. [aseemk]
2112#274
2113
21141.4.0 / 2011-04-25
2115==================
2116
2117 * Added route-middleware `next('route')` support to jump passed the route itself
2118 * Added Content-Length support to `limit()`
2119 * Added route-specific middleware support (used to be in express)
2120 * Changed; refactored duplicate session logic
2121 * Changed; prevent redefining `store.generate` per request
2122 * Fixed; `static()` does not set Content-Type when explicitly set [nateps]
2123 * Fixed escape `errorHandler()` {error} contents
2124 * NOTE: `router` will be removed in 2.0
2125
2126
21271.3.0 / 2011-04-06
2128==================
2129
2130 * Added `router.remove(path[, method])` to remove a route
2131
21321.2.3 / 2011-04-05
2133==================
2134
2135 * Fixed basicAuth realm issue when passing strings. Closes #253
2136
21371.2.2 / 2011-04-05
2138==================
2139
2140 * Added `basicAuth(username, password)` support
2141 * Added `errorHandler.title` defaulting to "Connect"
2142 * Changed `errorHandler` css
2143
21441.2.1 / 2011-03-30
2145==================
2146
2147 * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl]
2148
21491.2.0 / 2011-03-30
2150==================
2151
2152 * Added `router.lookup(path[, method])`
2153 * Added `router.match(url[, method])`
2154 * Added basicAuth async support. Closes #223
2155
21561.1.5 / 2011-03-27
2157==================
2158
2159 * Added; allow `logger()` callback function to return an empty string to ignore logging
2160 * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245
2161
21621.1.4 / 2011-03-23
2163==================
2164
2165 * Added `logger()` support for format function
2166 * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x
2167
21681.1.3 / 2011-03-21
2169==================
2170
2171 * Changed; `limit()` now calls `req.destroy()`
2172
21731.1.2 / 2011-03-21
2174==================
2175
2176 * Added request "limit" event to `limit()` middleware
2177 * Changed; `limit()` middleware will `next(err)` on failure
2178
21791.1.1 / 2011-03-18
2180==================
2181
2182 * Fixed session middleware for HTTPS. Closes #241 [reported by mt502]
2183
21841.1.0 / 2011-03-17
2185==================
2186
2187 * Added `Session#reload(fn)`
2188
21891.0.6 / 2011-03-09
2190==================
2191
2192 * Fixed `res.setHeader()` patch, preserve casing
2193
21941.0.5 / 2011-03-09
2195==================
2196
2197 * Fixed; `logger()` using `req.originalUrl` instead of `req.url`
2198
21991.0.4 / 2011-03-09
2200==================
2201
2202 * Added `res.charset`
2203 * Added conditional sessions example
2204 * Added support for `session.ignore` to be replaced. Closes #227
2205 * Fixed `Cache-Control` delimiters. Closes #228
2206
22071.0.3 / 2011-03-03
2208==================
2209
2210 * Fixed; `static.send()` invokes callback with connection error
2211
22121.0.2 / 2011-03-02
2213==================
2214
2215 * Fixed exported connect function
2216 * Fixed package.json; node ">= 0.4.1 < 0.5.0"
2217
22181.0.1 / 2011-03-02
2219==================
2220
2221 * Added `Session#save(fn)`. Closes #213
2222 * Added callback support to `connect.static.send()` for express
2223 * Added `connect.static.send()` "path" option
2224 * Fixed content-type in `static()` for _index.html_
2225
22261.0.0 / 2011-03-01
2227==================
2228
2229 * Added `stack`, `message`, and `dump` errorHandler option aliases
2230 * Added `req.originalMethod` to methodOverride
2231 * Added `favicon()` maxAge option support
2232 * Added `connect()` alternative to `connect.createServer()`
2233 * Added new [documentation](http://senchalabs.github.com/connect)
2234 * Added Range support to `static()`
2235 * Added HTTPS support
2236 * Rewrote session middleware. The session API now allows for
2237 session-specific cookies, so you may alter each individually.
2238 Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html).
2239 * Added middleware self-awareness. This helps prevent
2240 middleware breakage when used within mounted servers.
2241 For example `cookieParser()` will not parse cookies more
2242 than once even when within a mounted server.
2243 * Added new examples in the `./examples` directory
2244 * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware
2245 * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware
2246 * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware
2247 * Renamed `staticProvider` to `static`
2248 * Renamed `bodyDecoder` to `bodyParser`
2249 * Renamed `cookieDecoder` to `cookieParser`
2250 * Fixed ETag quotes. [reported by papandreou]
2251 * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
2252 * Fixed; only set req.originalUrl once. Closes #124
2253 * Fixed symlink support for `static()`. Closes #123
2254
22550.5.10 / 2011-02-14
2256==================
2257
2258 * Fixed SID space issue. Closes #196
2259 * Fixed; proxy `res.end()` to commit session data
2260 * Fixed directory traversal attack in `staticProvider`. Closes #198
2261
22620.5.9 / 2011-02-09
2263==================
2264
2265 * qs >= 0.0.4
2266
22670.5.8 / 2011-02-04
2268==================
2269
2270 * Added `qs` dependency
2271 * Fixed router race-condition causing possible failure
2272 when `next()`ing to one or more routes with parallel
2273 requests
2274
22750.5.7 / 2011-02-01
2276==================
2277
2278 * Added `onvhost()` call so Express (and others) can know when they are
2279 * Revert "Added stylus support" (use the middleware which ships with stylus)
2280 * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly
2281 * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
2282 * Fixed `utils.uid()` length error [Jxck]
2283mounted
2284
22850.5.6 / 2011-01-23
2286==================
2287
2288 * Added stylus support to `compiler`
2289 * _favicon.js_ cleanup
2290 * _compiler.js_ cleanup
2291 * _bodyDecoder.js_ cleanup
2292
22930.5.5 / 2011-01-13
2294==================
2295
2296 * Changed; using sha256 HMAC instead of md5. [Paul Querna]
2297 * Changed; generated a longer random UID, without time influence. [Paul Querna]
2298 * Fixed; session middleware throws when secret is not present. [Paul Querna]
2299
23000.5.4 / 2011-01-07
2301==================
2302
2303 * Added; throw when router path or callback is missing
2304 * Fixed; `next(err)` on cookie parse exception instead of ignoring
2305 * Revert "Added utils.pathname(), memoized url.parse(str).pathname"
2306
23070.5.3 / 2011-01-05
2308==================
2309
2310 * Added _docs/api.html_
2311 * Added `utils.pathname()`, memoized url.parse(str).pathname
2312 * Fixed `session.id` issue. Closes #183
2313 * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179
2314 * Removed bad outdated docs, we need something new / automated eventually
2315
23160.5.2 / 2010-12-28
2317==================
2318
2319 * Added default __OPTIONS__ support to _router_ middleware
2320
23210.5.1 / 2010-12-28
2322==================
2323
2324 * Added `req.session.id` mirroring `req.sessionID`
2325 * Refactored router, exposing `connect.router.methods`
2326 * Exclude non-lib files from npm
2327 * Removed imposed headers `X-Powered-By`, `Server`, etc
2328
23290.5.0 / 2010-12-06
2330==================
2331
2332 * Added _./index.js_
2333 * Added route segment precondition support and example
2334 * Added named capture group support to router
2335
23360.4.0 / 2010-11-29
2337==================
2338
2339 * Added `basicAuth` middleware
2340 * Added more HTTP methods to the `router` middleware
2341
23420.3.0 / 2010-07-21
2343==================
2344
2345 * Added _staticGzip_ middleware
2346 * Added `connect.utils` to expose utils
2347 * Added `connect.session.Session`
2348 * Added `connect.session.Store`
2349 * Added `connect.session.MemoryStore`
2350 * Added `connect.middleware` to expose the middleware getters
2351 * Added `buffer` option to _logger_ for performance increase
2352 * Added _favicon_ middleware for serving your own favicon or the connect default
2353 * Added option support to _staticProvider_, can now pass _root_ and _lifetime_.
2354 * Added; mounted `Server` instances now have the `route` property exposed for reflection
2355 * Added support for callback as first arg to `Server#use()`
2356 * Added support for `next(true)` in _router_ to bypass match attempts
2357 * Added `Server#listen()` _host_ support
2358 * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance
2359 * Added _methodOverride_ X-HTTP-Method-Override support
2360 * Refactored session internals, adds _secret_ option
2361 * Renamed `lifetime` option to `maxAge` in _staticProvider_
2362 * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark)
2363 * Removed connect(1) dependency on examples, they can all now run with node(1)
2364 * Remove a typo that was leaking a global.
2365 * Removed `Object.prototype` forEach() and map() methods
2366 * Removed a few utils not used
2367 * Removed `connect.createApp()`
2368 * Removed `res.simpleBody()`
2369 * Removed _format_ middleware
2370 * Removed _flash_ middleware
2371 * Removed _redirect_ middleware
2372 * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc)
2373 * Removed _pubsub_ middleware
2374 * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array
2375 * Changed; _compiler_ no longer 404s
2376 * Changed; _router_ signature now matches connect middleware signature
2377 * Fixed a require in _session_ for default `MemoryStore`
2378 * Fixed nasty request body bug in _router_. Closes #54
2379 * Fixed _less_ support in _compiler_
2380 * Fixed bug preventing proper bubbling of exceptions in mounted servers
2381 * Fixed bug in `Server#use()` preventing `Server` instances as the first arg
2382 * Fixed **ENOENT** special case, is now treated as any other exception
2383 * Fixed spark env support
2384
23850.2.1 / 2010-07-09
2386==================
2387
2388 * Added support for _router_ `next()` to continue calling matched routes
2389 * Added mime type for _cache.manifest_ files.
2390 * Changed _compiler_ middleware to use async require
2391 * Changed session api, stores now only require `#get()`, and `#set()`
2392 * Fixed _cacheManifest_ by adding `utils.find()` back
2393
23940.2.0 / 2010-07-01
2395==================
2396
2397 * Added calls to `Session()` casts the given object as a `Session` instance
2398 * Added passing of `next()` to _router_ callbacks. Closes #46
2399 * Changed; `MemoryStore#destroy()` removes `req.session`
2400 * Changed `res.redirect("back")` to default to "/" when Referr?er is not present
2401 * Fixed _staticProvider_ urlencoded paths issue. Closes #47
2402 * Fixed _staticProvider_ middleware responding to **GET** requests
2403 * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43
2404 * Fixed _logger_ format option
2405 * Fixed typo in _compiler_ middleware preventing the _dest_ option from working
2406
24070.1.0 / 2010-06-25
2408==================
2409
2410 * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu)
2411 * Added [extended api docs](http://extjs.github.com/Connect/api.html)
2412 * Added docs for several more middleware layers
2413 * Added `connect.Server#use()`
2414 * Added _compiler_ middleware which provides arbitrary static compilation
2415 * Added `req.originalUrl`
2416 * Removed _blog_ example
2417 * Removed _sass_ middleware (use _compiler_)
2418 * Removed _less_ middleware (use _compiler_)
2419 * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc.
2420 * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes
2421 * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39
2422 * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies
2423 * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries
2424
24250.0.6 / 2010-06-22
2426==================
2427
2428 * Added _static_ middleware usage example
2429 * Added support for regular expressions as paths for _router_
2430 * Added `util.merge()`
2431 * Increased performance of _static_ by ~ 200 rps
2432 * Renamed the _rest_ middleware to _router_
2433 * Changed _rest_ api to accept a callback function
2434 * Removed _router_ middleware
2435 * Removed _proto.js_, only `Object#forEach()` remains
2436
24370.0.5 / 2010-06-21
2438==================
2439
2440 * Added Server#use() which contains the Layer normalization logic
2441 * Added documentation for several middleware
2442 * Added several new examples
2443 * Added _less_ middleware
2444 * Added _repl_ middleware
2445 * Added _vhost_ middleware
2446 * Added _flash_ middleware
2447 * Added _cookie_ middleware
2448 * Added _session_ middleware
2449 * Added `utils.htmlEscape()`
2450 * Added `utils.base64Decode()`
2451 * Added `utils.base64Encode()`
2452 * Added `utils.uid()`
2453 * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
2454 * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()`
2455 * Renamed req.redirect() to res.redirect(). Closes #29
2456 * Fixed _sass_ 404 on **ENOENT**
2457 * Fixed +new Date duplication. Closes #24
2458
24590.0.4 / 2010-06-16
2460==================
2461
2462 * Added workerPidfile() to bin/connect
2463 * Added --workers support to bin/connect stop and status commands
2464 * Added _redirect_ middleware
2465 * Added better --config support to bin/connect. All flags can be utilized
2466 * Added auto-detection of _./config.js_
2467 * Added config example
2468 * Added `net.Server` support to bin/connect
2469 * Writing worker pids relative to `env.pidfile`
2470 * s/parseQuery/parse/g
2471 * Fixed npm support
2472
24730.0.3 / 2010-06-16
2474==================
2475
2476 * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__
2477
24780.0.2 / 2010-06-15
2479==================
2480
2481 * Added `-V, --version` to bin/connect
2482 * Added `utils.parseCookie()`
2483 * Added `utils.serializeCookie()`
2484 * Added `utils.toBoolean()`
2485 * Added _sass_ middleware
2486 * Added _cookie_ middleware
2487 * Added _format_ middleware
2488 * Added _lint_ middleware
2489 * Added _rest_ middleware
2490 * Added _./package.json_ (npm install connect)
2491 * Added `handleError()` support
2492 * Added `process.connectEnv`
2493 * Added custom log format support to _log_ middleware
2494 * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
2495 * Added -w, --workers to bin/connect
2496 * Added bin/connect support for --user NAME and --group NAME
2497 * Fixed url re-writing support
2498
24990.0.1 / 2010-06-03
2500==================
2501
2502 * Initial release
2503