UNPKG

express/History.md

Version:
110 kBMarkdownView Raw
17.1 / 2019-05-25
2===================
3
* Revert "Improve error message for `null`/`undefined` to `res.status`"
5
17.0 / 2019-05-16
7===================
8
* Add `express.raw` to parse bodies into `Buffer`
* Add `express.text` to parse bodies into string
* Improve error message for non-strings to `res.sendFile`
* Improve error message for `null`/`undefined` to `res.status`
* Support multiple hosts in `X-Forwarded-Host`
* deps: accepts@~1.3.7
* deps: body-parser@1.19.0
  - Add encoding MIK
  - Add petabyte (`pb`) support
  - Fix parsing array brackets after index
  - deps: bytes@3.1.0
  - deps: http-errors@1.7.2
  - deps: iconv-lite@0.4.24
  - deps: qs@6.7.0
  - deps: raw-body@2.4.0
  - deps: type-is@~1.6.17
* deps: content-disposition@0.5.3
* deps: cookie@0.4.0
  - Add `SameSite=None` support
* deps: finalhandler@~1.1.2
  - Set stricter `Content-Security-Policy` header
  - deps: parseurl@~1.3.3
  - deps: statuses@~1.5.0
* deps: parseurl@~1.3.3
* deps: proxy-addr@~2.0.5
  - deps: ipaddr.js@1.9.0
* deps: qs@6.7.0
  - Fix parsing array brackets after index
* deps: range-parser@~1.2.1
* deps: send@0.17.1
  - Set stricter CSP header in redirect & error responses
  - deps: http-errors@~1.7.2
  - deps: mime@1.6.0
  - deps: ms@2.1.1
  - deps: range-parser@~1.2.1
  - deps: statuses@~1.5.0
  - perf: remove redundant `path.normalize` call
* deps: serve-static@1.14.1
  - Set stricter CSP header in redirect response
  - deps: parseurl@~1.3.3
  - deps: send@0.17.1
* deps: setprototypeof@1.1.1
* deps: statuses@~1.5.0
  - Add `103 Early Hints`
* deps: type-is@~1.6.18
  - deps: mime-types@~2.1.24
  - perf: prevent internal `throw` on invalid type
56
16.4 / 2018-10-10
58===================
59
* Fix issue where `"Request aborted"` may be logged in `res.sendfile`
* Fix JSDoc for `Router` constructor
* deps: body-parser@1.18.3
  - Fix deprecation warnings on Node.js 10+
  - Fix stack trace for strict json parse error
  - deps: depd@~1.1.2
  - deps: http-errors@~1.6.3
  - deps: iconv-lite@0.4.23
  - deps: qs@6.5.2
  - deps: raw-body@2.3.3
  - deps: type-is@~1.6.16
* deps: proxy-addr@~2.0.4
  - deps: ipaddr.js@1.8.0
* deps: qs@6.5.2
* deps: safe-buffer@5.1.2
75
16.3 / 2018-03-12
77===================
78
* deps: accepts@~1.3.5
  - deps: mime-types@~2.1.18
* deps: depd@~1.1.2
  - perf: remove argument reassignment
* deps: encodeurl@~1.0.2
  - Fix encoding `%` as last character
* deps: finalhandler@1.1.1
  - Fix 404 output for bad / missing pathnames
  - deps: encodeurl@~1.0.2
  - deps: statuses@~1.4.0
* deps: proxy-addr@~2.0.3
  - deps: ipaddr.js@1.6.0
* deps: send@0.16.2
  - Fix incorrect end tag in default error & redirects
  - deps: depd@~1.1.2
  - deps: encodeurl@~1.0.2
  - deps: statuses@~1.4.0
* deps: serve-static@1.13.2
  - Fix incorrect end tag in redirects
  - deps: encodeurl@~1.0.2
  - deps: send@0.16.2
* deps: statuses@~1.4.0
* deps: type-is@~1.6.16
  - deps: mime-types@~2.1.18
103
16.2 / 2017-10-09
105===================
106
* Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
* perf: skip parsing of entire `X-Forwarded-Proto` header
109
16.1 / 2017-09-29
111===================
112
* deps: send@0.16.1
* deps: serve-static@1.13.1
  - Fix regression when `root` is incorrectly set to a file
  - deps: send@0.16.1
117
16.0 / 2017-09-28
119===================
120
* Add `"json escape"` setting for `res.json` and `res.jsonp`
* Add `express.json` and `express.urlencoded` to parse bodies
* Add `options` argument to `res.download`
* Improve error message when autoloading invalid view engine
* Improve error messages when non-function provided as middleware
* Skip `Buffer` encoding when not generating ETag for small response
* Use `safe-buffer` for improved Buffer API
* deps: accepts@~1.3.4
  - deps: mime-types@~2.1.16
* deps: content-type@~1.0.4
  - perf: remove argument reassignment
  - perf: skip parameter parsing when no parameters
* deps: etag@~1.8.1
  - perf: replace regular expression with substring
* deps: finalhandler@1.1.0
  - Use `res.headersSent` when available
* deps: parseurl@~1.3.2
  - perf: reduce overhead for full URLs
  - perf: unroll the "fast-path" `RegExp`
* deps: proxy-addr@~2.0.2
  - Fix trimming leading / trailing OWS in `X-Forwarded-For`
  - deps: forwarded@~0.1.2
  - deps: ipaddr.js@1.5.2
  - perf: reduce overhead when no `X-Forwarded-For` header
* deps: qs@6.5.1
  - Fix parsing & compacting very deep objects
* deps: send@0.16.0
  - Add 70 new types for file extensions
  - Add `immutable` option
  - Fix missing `</html>` in default error & redirects
  - Set charset as "UTF-8" for .js and .json
  - Use instance methods on steam to check for listeners
  - deps: mime@1.4.1
  - perf: improve path validation speed
* deps: serve-static@1.13.0
  - Add 70 new types for file extensions
  - Add `immutable` option
  - Set charset as "UTF-8" for .js and .json
  - deps: send@0.16.0
* deps: setprototypeof@1.1.0
* deps: utils-merge@1.0.1
* deps: vary@~1.1.2
  - perf: improve header token parsing speed
* perf: re-use options object when generating ETags
* perf: remove dead `.charset` set in `res.jsonp`
166
15.5 / 2017-09-24
168===================
169
* deps: debug@2.6.9
* deps: finalhandler@~1.0.6
  - deps: debug@2.6.9
  - deps: parseurl@~1.3.2
* deps: fresh@0.5.2
  - Fix handling of modified headers with invalid dates
  - perf: improve ETag match loop
  - perf: improve `If-None-Match` token parsing
* deps: send@0.15.6
  - Fix handling of modified headers with invalid dates
  - deps: debug@2.6.9
  - deps: etag@~1.8.1
  - deps: fresh@0.5.2
  - perf: improve `If-Match` token parsing
* deps: serve-static@1.12.6
  - deps: parseurl@~1.3.2
  - deps: send@0.15.6
  - perf: improve slash collapsing
188
15.4 / 2017-08-06
190===================
191
* deps: debug@2.6.8
* deps: depd@~1.1.1
  - Remove unnecessary `Buffer` loading
* deps: finalhandler@~1.0.4
  - deps: debug@2.6.8
* deps: proxy-addr@~1.1.5
  - Fix array argument being altered
  - deps: ipaddr.js@1.4.0
* deps: qs@6.5.0
* deps: send@0.15.4
  - deps: debug@2.6.8
  - deps: depd@~1.1.1
  - deps: http-errors@~1.6.2
* deps: serve-static@1.12.4
  - deps: send@0.15.4
207
15.3 / 2017-05-16
209===================
210
* Fix error when `res.set` cannot add charset to `Content-Type`
* deps: debug@2.6.7
  - Fix `DEBUG_MAX_ARRAY_LENGTH`
  - deps: ms@2.0.0
* deps: finalhandler@~1.0.3
  - Fix missing `</html>` in HTML document
  - deps: debug@2.6.7
* deps: proxy-addr@~1.1.4
  - deps: ipaddr.js@1.3.0
* deps: send@0.15.3
  - deps: debug@2.6.7
  - deps: ms@2.0.0
* deps: serve-static@1.12.3
  - deps: send@0.15.3
* deps: type-is@~1.6.15
  - deps: mime-types@~2.1.15
* deps: vary@~1.1.1
  - perf: hoist regular expression
229
15.2 / 2017-03-06
231===================
232
* deps: qs@6.4.0
  - Fix regression parsing keys starting with `[`
235
15.1 / 2017-03-05
237===================
238
* deps: send@0.15.1
  - Fix issue when `Date.parse` does not return `NaN` on invalid date
  - Fix strict violation in broken environments
* deps: serve-static@1.12.1
  - Fix issue when `Date.parse` does not return `NaN` on invalid date
  - deps: send@0.15.1
245
15.0 / 2017-03-01
247===================
248
* Add debug message when loading view engine
* Add `next("router")` to exit from router
* Fix case where `router.use` skipped requests routes did not
* Remove usage of `res._headers` private field
  - Improves compatibility with Node.js 8 nightly
* Skip routing when `req.url` is not set
* Use `%o` in path debug to tell types apart
* Use `Object.create` to setup request & response prototypes
* Use `setprototypeof` module to replace `__proto__` setting
* Use `statuses` instead of `http` module for status messages
* deps: debug@2.6.1
  - Allow colors in workers
  - Deprecated `DEBUG_FD` environment variable set to `3` or higher
  - Fix error when running under React Native
  - Use same color for same namespace
  - deps: ms@0.7.2
* deps: etag@~1.8.0
  - Use SHA1 instead of MD5 for ETag hashing
  - Works with FIPS 140-2 OpenSSL configuration
* deps: finalhandler@~1.0.0
  - Fix exception when `err` cannot be converted to a string
  - Fully URL-encode the pathname in the 404
  - Only include the pathname in the 404 message
  - Send complete HTML document
  - Set `Content-Security-Policy: default-src 'self'` header
  - deps: debug@2.6.1
* deps: fresh@0.5.0
  - Fix false detection of `no-cache` request directive
  - Fix incorrect result when `If-None-Match` has both `*` and ETags
  - Fix weak `ETag` matching to match spec
  - perf: delay reading header values until needed
  - perf: enable strict mode
  - perf: hoist regular expressions
  - perf: remove duplicate conditional
  - perf: remove unnecessary boolean coercions
  - perf: skip checking modified time if ETag check failed
  - perf: skip parsing `If-None-Match` when no `ETag` header
  - perf: use `Date.parse` instead of `new Date`
* deps: qs@6.3.1
  - Fix array parsing from skipping empty values
  - Fix compacting nested arrays
* deps: send@0.15.0
  - Fix false detection of `no-cache` request directive
  - Fix incorrect result when `If-None-Match` has both `*` and ETags
  - Fix weak `ETag` matching to match spec
  - Remove usage of `res._headers` private field
  - Support `If-Match` and `If-Unmodified-Since` headers
  - Use `res.getHeaderNames()` when available
  - Use `res.headersSent` when available
  - deps: debug@2.6.1
  - deps: etag@~1.8.0
  - deps: fresh@0.5.0
  - deps: http-errors@~1.6.1
* deps: serve-static@1.12.0
  - Fix false detection of `no-cache` request directive
  - Fix incorrect result when `If-None-Match` has both `*` and ETags
  - Fix weak `ETag` matching to match spec
  - Remove usage of `res._headers` private field
  - Send complete HTML document in redirect response
  - Set default CSP header in redirect response
  - Support `If-Match` and `If-Unmodified-Since` headers
  - Use `res.getHeaderNames()` when available
  - Use `res.headersSent` when available
  - deps: send@0.15.0
* perf: add fast match path for `*` route
* perf: improve `req.ips` performance
315
14.1 / 2017-01-28
317===================
318
* deps: content-disposition@0.5.2
* deps: finalhandler@0.5.1
  - Fix exception when `err.headers` is not an object
  - deps: statuses@~1.3.1
  - perf: hoist regular expressions
  - perf: remove duplicate validation path
* deps: proxy-addr@~1.1.3
  - deps: ipaddr.js@1.2.0
* deps: send@0.14.2
  - deps: http-errors@~1.5.1
  - deps: ms@0.7.2
  - deps: statuses@~1.3.1
* deps: serve-static@~1.11.2
  - deps: send@0.14.2
* deps: type-is@~1.6.14
  - deps: mime-types@~2.1.13
335
14.0 / 2016-06-16
337===================
338
* Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
* Add `cacheControl` option to `res.sendFile`/`res.sendfile`
* Add `options` argument to `req.range`
  - Includes the `combine` option
* Encode URL in `res.location`/`res.redirect` if not already encoded
* Fix some redirect handling in `res.sendFile`/`res.sendfile`
* Fix Windows absolute path check using forward slashes
* Improve error with invalid arguments to `req.get()`
* Improve performance for `res.json`/`res.jsonp` in most cases
* Improve `Range` header handling in `res.sendFile`/`res.sendfile`
* deps: accepts@~1.3.3
  - Fix including type extensions in parameters in `Accept` parsing
  - Fix parsing `Accept` parameters with quoted equals
  - Fix parsing `Accept` parameters with quoted semicolons
  - Many performance improvements
  - deps: mime-types@~2.1.11
  - deps: negotiator@0.6.1
* deps: content-type@~1.0.2
  - perf: enable strict mode
* deps: cookie@0.3.1
  - Add `sameSite` option
  - Fix cookie `Max-Age` to never be a floating point number
  - Improve error message when `encode` is not a function
  - Improve error message when `expires` is not a `Date`
  - Throw better error for invalid argument to parse
  - Throw on invalid values provided to `serialize`
  - perf: enable strict mode
  - perf: hoist regular expression
  - perf: use for loop in parse
  - perf: use string concatenation for serialization
* deps: finalhandler@0.5.0
  - Change invalid or non-numeric status code to 500
  - Overwrite status message to match set status code
  - Prefer `err.statusCode` if `err.status` is invalid
  - Set response headers from `err.headers` object
  - Use `statuses` instead of `http` module for status messages
* deps: proxy-addr@~1.1.2
  - Fix accepting various invalid netmasks
  - Fix IPv6-mapped IPv4 validation edge cases
  - IPv4 netmasks must be contiguous
  - IPv6 addresses cannot be used as a netmask
  - deps: ipaddr.js@1.1.1
* deps: qs@6.2.0
  - Add `decoder` option in `parse` function
* deps: range-parser@~1.2.0
  - Add `combine` option to combine overlapping ranges
  - Fix incorrectly returning -1 when there is at least one valid range
  - perf: remove internal function
* deps: send@0.14.1
  - Add `acceptRanges` option
  - Add `cacheControl` option
  - Attempt to combine multiple ranges into single range
  - Correctly inherit from `Stream` class
  - Fix `Content-Range` header in 416 responses when using `start`/`end` options
  - Fix `Content-Range` header missing from default 416 responses
  - Fix redirect error when `path` contains raw non-URL characters
  - Fix redirect when `path` starts with multiple forward slashes
  - Ignore non-byte `Range` headers
  - deps: http-errors@~1.5.0
  - deps: range-parser@~1.2.0
  - deps: statuses@~1.3.0
  - perf: remove argument reassignment
* deps: serve-static@~1.11.1
  - Add `acceptRanges` option
  - Add `cacheControl` option
  - Attempt to combine multiple ranges into single range
  - Fix redirect error when `req.url` contains raw non-URL characters
  - Ignore non-byte `Range` headers
  - Use status code 301 for redirects
  - deps: send@0.14.1
* deps: type-is@~1.6.13
  - Fix type error when given invalid type to match against
  - deps: mime-types@~2.1.11
* deps: vary@~1.1.0
  - Only accept valid field names in the `field` argument
* perf: use strict equality when possible
415
13.4 / 2016-01-21
417===================
418
* deps: content-disposition@0.5.1
  - perf: enable strict mode
* deps: cookie@0.1.5
  - Throw on invalid values provided to `serialize`
* deps: depd@~1.1.0
  - Support web browser loading
  - perf: enable strict mode
* deps: escape-html@~1.0.3
  - perf: enable strict mode
  - perf: optimize string replacement
  - perf: use faster string coercion
* deps: finalhandler@0.4.1
  - deps: escape-html@~1.0.3
* deps: merge-descriptors@1.0.1
  - perf: enable strict mode
* deps: methods@~1.1.2
  - perf: enable strict mode
* deps: parseurl@~1.3.1
  - perf: enable strict mode
* deps: proxy-addr@~1.0.10
  - deps: ipaddr.js@1.0.5
  - perf: enable strict mode
* deps: range-parser@~1.0.3
  - perf: enable strict mode
* deps: send@0.13.1
  - deps: depd@~1.1.0
  - deps: destroy@~1.0.4
  - deps: escape-html@~1.0.3
  - deps: range-parser@~1.0.3
* deps: serve-static@~1.10.2
  - deps: escape-html@~1.0.3
  - deps: parseurl@~1.3.0
  - deps: send@0.13.1
452
13.3 / 2015-08-02
454===================
455
* Fix infinite loop condition using `mergeParams: true`
* Fix inner numeric indices incorrectly altering parent `req.params`
458
13.2 / 2015-07-31
460===================
461
* deps: accepts@~1.2.12
  - deps: mime-types@~2.1.4
* deps: array-flatten@1.1.1
  - perf: enable strict mode
* deps: path-to-regexp@0.1.7
  - Fix regression with escaped round brackets and matching groups
* deps: type-is@~1.6.6
  - deps: mime-types@~2.1.4
470
13.1 / 2015-07-05
472===================
473
* deps: accepts@~1.2.10
  - deps: mime-types@~2.1.2
* deps: qs@4.0.0
  - Fix dropping parameters like `hasOwnProperty`
  - Fix various parsing edge cases
* deps: type-is@~1.6.4
  - deps: mime-types@~2.1.2
  - perf: enable strict mode
  - perf: remove argument reassignment
483
13.0 / 2015-06-20
485===================
486
* Add settings to debug output
* Fix `res.format` error when only `default` provided
* Fix issue where `next('route')` in `app.param` would incorrectly skip values
* Fix hiding platform issues with `decodeURIComponent`
  - Only `URIError`s are a 400
* Fix using `*` before params in routes
* Fix using capture groups before params in routes
* Simplify `res.cookie` to call `res.append`
* Use `array-flatten` module for flattening arrays
* deps: accepts@~1.2.9
  - deps: mime-types@~2.1.1
  - perf: avoid argument reassignment & argument slice
  - perf: avoid negotiator recursive construction
  - perf: enable strict mode
  - perf: remove unnecessary bitwise operator
* deps: cookie@0.1.3
  - perf: deduce the scope of try-catch deopt
  - perf: remove argument reassignments
* deps: escape-html@1.0.2
* deps: etag@~1.7.0
  - Always include entity length in ETags for hash length extensions
  - Generate non-Stats ETags using MD5 only (no longer CRC32)
  - Improve stat performance by removing hashing
  - Improve support for JXcore
  - Remove base64 padding in ETags to shorten
  - Support "fake" stats objects in environments without fs
  - Use MD5 instead of MD4 in weak ETags over 1KB
* deps: finalhandler@0.4.0
  - Fix a false-positive when unpiping in Node.js 0.8
  - Support `statusCode` property on `Error` objects
  - Use `unpipe` module for unpiping requests
  - deps: escape-html@1.0.2
  - deps: on-finished@~2.3.0
  - perf: enable strict mode
  - perf: remove argument reassignment
* deps: fresh@0.3.0
  - Add weak `ETag` matching support
* deps: on-finished@~2.3.0
  - Add defined behavior for HTTP `CONNECT` requests
  - Add defined behavior for HTTP `Upgrade` requests
  - deps: ee-first@1.1.1
* deps: path-to-regexp@0.1.6
* deps: send@0.13.0
  - Allow Node.js HTTP server to set `Date` response header
  - Fix incorrectly removing `Content-Location` on 304 response
  - Improve the default redirect response headers
  - Send appropriate headers on default error response
  - Use `http-errors` for standard emitted errors
  - Use `statuses` instead of `http` module for status messages
  - deps: escape-html@1.0.2
  - deps: etag@~1.7.0
  - deps: fresh@0.3.0
  - deps: on-finished@~2.3.0
  - perf: enable strict mode
  - perf: remove unnecessary array allocations
* deps: serve-static@~1.10.0
  - Add `fallthrough` option
  - Fix reading options from options prototype
  - Improve the default redirect response headers
  - Malformed URLs now `next()` instead of 400
  - deps: escape-html@1.0.2
  - deps: send@0.13.0
  - perf: enable strict mode
  - perf: remove argument reassignment
* deps: type-is@~1.6.3
  - deps: mime-types@~2.1.1
  - perf: reduce try block size
  - perf: remove bitwise operations
* perf: enable strict mode
* perf: isolate `app.render` try block
* perf: remove argument reassignments in application
* perf: remove argument reassignments in request prototype
* perf: remove argument reassignments in response prototype
* perf: remove argument reassignments in routing
* perf: remove argument reassignments in `View`
* perf: skip attempting to decode zero length string
* perf: use saved reference to `http.STATUS_CODES`
564
12.4 / 2015-05-17
566===================
567
* deps: accepts@~1.2.7
  - deps: mime-types@~2.0.11
  - deps: negotiator@0.5.3
* deps: debug@~2.2.0
  - deps: ms@0.7.1
* deps: depd@~1.0.1
* deps: etag@~1.6.0
  - Improve support for JXcore
  - Support "fake" stats objects in environments without `fs`
* deps: finalhandler@0.3.6
  - deps: debug@~2.2.0
  - deps: on-finished@~2.2.1
* deps: on-finished@~2.2.1
  - Fix `isFinished(req)` when data buffered
* deps: proxy-addr@~1.0.8
  - deps: ipaddr.js@1.0.1
* deps: qs@2.4.2
 - Fix allowing parameters like `constructor`
* deps: send@0.12.3
  - deps: debug@~2.2.0
  - deps: depd@~1.0.1
  - deps: etag@~1.6.0
  - deps: ms@0.7.1
  - deps: on-finished@~2.2.1
* deps: serve-static@~1.9.3
  - deps: send@0.12.3
* deps: type-is@~1.6.2
  - deps: mime-types@~2.0.11
596
12.3 / 2015-03-17
598===================
599
* deps: accepts@~1.2.5
  - deps: mime-types@~2.0.10
* deps: debug@~2.1.3
  - Fix high intensity foreground color for bold
  - deps: ms@0.7.0
* deps: finalhandler@0.3.4
  - deps: debug@~2.1.3
* deps: proxy-addr@~1.0.7
  - deps: ipaddr.js@0.1.9
* deps: qs@2.4.1
  - Fix error when parameter `hasOwnProperty` is present
* deps: send@0.12.2
  - Throw errors early for invalid `extensions` or `index` options
  - deps: debug@~2.1.3
* deps: serve-static@~1.9.2
  - deps: send@0.12.2
* deps: type-is@~1.6.1
  - deps: mime-types@~2.0.10
618
12.2 / 2015-03-02
620===================
621
* Fix regression where `"Request aborted"` is logged using `res.sendFile`
623
12.1 / 2015-03-01
625===================
626
* Fix constructing application with non-configurable prototype properties
* Fix `ECONNRESET` errors from `res.sendFile` usage
* Fix `req.host` when using "trust proxy" hops count
* Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
* Fix wrong `code` on aborted connections from `res.sendFile`
* deps: merge-descriptors@1.0.0
633
12.0 / 2015-02-23
635===================
636
* Fix `"trust proxy"` setting to inherit when app is mounted
* Generate `ETag`s for all request responses
  - No longer restricted to only responses for `GET` and `HEAD` requests
* Use `content-type` to parse `Content-Type` headers
* deps: accepts@~1.2.4
  - Fix preference sorting to be stable for long acceptable lists
  - deps: mime-types@~2.0.9
  - deps: negotiator@0.5.1
* deps: cookie-signature@1.0.6
* deps: send@0.12.1
  - Always read the stat size from the file
  - Fix mutating passed-in `options`
  - deps: mime@1.3.4
* deps: serve-static@~1.9.1
  - deps: send@0.12.1
* deps: type-is@~1.6.0
  - fix argument reassignment
  - fix false-positives in `hasBody` `Transfer-Encoding` check
  - support wildcard for both type and subtype (`*/*`)
  - deps: mime-types@~2.0.9
657
11.2 / 2015-02-01
659===================
660
* Fix `res.redirect` double-calling `res.end` for `HEAD` requests
* deps: accepts@~1.2.3
  - deps: mime-types@~2.0.8
* deps: proxy-addr@~1.0.6
  - deps: ipaddr.js@0.1.8
* deps: type-is@~1.5.6
  - deps: mime-types@~2.0.8
668
11.1 / 2015-01-20
670===================
671
* deps: send@0.11.1
  - Fix root path disclosure
* deps: serve-static@~1.8.1
  - Fix redirect loop in Node.js 0.11.14
  - Fix root path disclosure
  - deps: send@0.11.1
678
11.0 / 2015-01-13
680===================
681
* Add `res.append(field, val)` to append headers
* Deprecate leading `:` in `name` for `app.param(name, fn)`
* Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
* Deprecate `app.param(fn)`
* Fix `OPTIONS` responses to include the `HEAD` method properly
* Fix `res.sendFile` not always detecting aborted connection
* Match routes iteratively to prevent stack overflows
* deps: accepts@~1.2.2
  - deps: mime-types@~2.0.7
  - deps: negotiator@0.5.0
* deps: send@0.11.0
  - deps: debug@~2.1.1
  - deps: etag@~1.5.1
  - deps: ms@0.7.0
  - deps: on-finished@~2.2.0
* deps: serve-static@~1.8.0
  - deps: send@0.11.0
699
10.8 / 2015-01-13
701===================
702
* Fix crash from error within `OPTIONS` response handler
* deps: proxy-addr@~1.0.5
  - deps: ipaddr.js@0.1.6
706
10.7 / 2015-01-04
708===================
709
* Fix `Allow` header for `OPTIONS` to not contain duplicate methods
* Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
* deps: debug@~2.1.1
* deps: finalhandler@0.3.3
  - deps: debug@~2.1.1
  - deps: on-finished@~2.2.0
* deps: methods@~1.1.1
* deps: on-finished@~2.2.0
* deps: serve-static@~1.7.2
  - Fix potential open redirect when mounted at root
* deps: type-is@~1.5.5
  - deps: mime-types@~2.0.7
722
10.6 / 2014-12-12
724===================
725
* Fix exception in `req.fresh`/`req.stale` without response headers
727
10.5 / 2014-12-10
729===================
730
* Fix `res.send` double-calling `res.end` for `HEAD` requests
* deps: accepts@~1.1.4
  - deps: mime-types@~2.0.4
* deps: type-is@~1.5.4
  - deps: mime-types@~2.0.4
736
10.4 / 2014-11-24
738===================
739
* Fix `res.sendfile` logging standard write errors
741
10.3 / 2014-11-23
743===================
744
* Fix `res.sendFile` logging standard write errors
* deps: etag@~1.5.1
* deps: proxy-addr@~1.0.4
  - deps: ipaddr.js@0.1.5
* deps: qs@2.3.3
  - Fix `arrayLimit` behavior
751
10.2 / 2014-11-09
753===================
754
* Correctly invoke async router callback asynchronously
* deps: accepts@~1.1.3
  - deps: mime-types@~2.0.3
* deps: type-is@~1.5.3
  - deps: mime-types@~2.0.3
760
10.1 / 2014-10-28
762===================
763
* Fix handling of URLs containing `://` in the path
* deps: qs@2.3.2
  - Fix parsing of mixed objects and values
767
10.0 / 2014-10-23
769===================
770
* Add support for `app.set('views', array)`
  - Views are looked up in sequence in array of directories
* Fix `res.send(status)` to mention `res.sendStatus(status)`
* Fix handling of invalid empty URLs
* Use `content-disposition` module for `res.attachment`/`res.download`
  - Sends standards-compliant `Content-Disposition` header
  - Full Unicode support
* Use `path.resolve` in view lookup
* deps: debug@~2.1.0
  - Implement `DEBUG_FD` env variable support
* deps: depd@~1.0.0
* deps: etag@~1.5.0
  - Improve string performance
  - Slightly improve speed for weak ETags over 1KB
* deps: finalhandler@0.3.2
  - Terminate in progress response only on error
  - Use `on-finished` to determine request status
  - deps: debug@~2.1.0
  - deps: on-finished@~2.1.1
* deps: on-finished@~2.1.1
  - Fix handling of pipelined requests
* deps: qs@2.3.0
  - Fix parsing of mixed implicit and explicit arrays
* deps: send@0.10.1
  - deps: debug@~2.1.0
  - deps: depd@~1.0.0
  - deps: etag@~1.5.0
  - deps: on-finished@~2.1.1
* deps: serve-static@~1.7.1
  - deps: send@0.10.1
801
9.8 / 2014-10-17
803==================
804
* Fix `res.redirect` body when redirect status specified
* deps: accepts@~1.1.2
  - Fix error when media type has invalid parameter
  - deps: negotiator@0.4.9
809
9.7 / 2014-10-10
811==================
812
* Fix using same param name in array of paths
814
9.6 / 2014-10-08
816==================
817
* deps: accepts@~1.1.1
  - deps: mime-types@~2.0.2
  - deps: negotiator@0.4.8
* deps: serve-static@~1.6.4
  - Fix redirect loop when index file serving disabled
* deps: type-is@~1.5.2
  - deps: mime-types@~2.0.2
825
9.5 / 2014-09-24
827==================
828
* deps: etag@~1.4.0
* deps: proxy-addr@~1.0.3
  - Use `forwarded` npm module
* deps: send@0.9.3
  - deps: etag@~1.4.0
* deps: serve-static@~1.6.3
  - deps: send@0.9.3
836
9.4 / 2014-09-19
838==================
839
* deps: qs@2.2.4
  - Fix issue with object keys starting with numbers truncated
842
9.3 / 2014-09-18
844==================
845
* deps: proxy-addr@~1.0.2
  - Fix a global leak when multiple subnets are trusted
  - deps: ipaddr.js@0.1.3
849
9.2 / 2014-09-17
851==================
852
* Fix regression for empty string `path` in `app.use`
* Fix `router.use` to accept array of middleware without path
* Improve error message for bad `app.use` arguments
856
9.1 / 2014-09-16
858==================
859
* Fix `app.use` to accept array of middleware without path
* deps: depd@0.4.5
* deps: etag@~1.3.1
* deps: send@0.9.2
  - deps: depd@0.4.5
  - deps: etag@~1.3.1
  - deps: range-parser@~1.0.2
* deps: serve-static@~1.6.2
  - deps: send@0.9.2
869
9.0 / 2014-09-08
871==================
872
* Add `res.sendStatus`
* Invoke callback for sendfile when client aborts
  - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
  - `err` will be populated with request aborted error
* Support IP address host in `req.subdomains`
* Use `etag` to generate `ETag` headers
* deps: accepts@~1.1.0
  - update `mime-types`
* deps: cookie-signature@1.0.5
* deps: debug@~2.0.0
* deps: finalhandler@0.2.0
  - Set `X-Content-Type-Options: nosniff` header
  - deps: debug@~2.0.0
* deps: fresh@0.2.4
* deps: media-typer@0.3.0
  - Throw error when parameter format invalid on parse
* deps: qs@2.2.3
  - Fix issue where first empty value in array is discarded
* deps: range-parser@~1.0.2
* deps: send@0.9.1
  - Add `lastModified` option
  - Use `etag` to generate `ETag` header
  - deps: debug@~2.0.0
  - deps: fresh@0.2.4
* deps: serve-static@~1.6.1
  - Add `lastModified` option
  - deps: send@0.9.1
* deps: type-is@~1.5.1
  - fix `hasbody` to be true for `content-length: 0`
  - deps: media-typer@0.3.0
  - deps: mime-types@~2.0.1
* deps: vary@~1.0.0
  - Accept valid `Vary` header string as `field`
906
8.8 / 2014-09-04
908==================
909
* deps: send@0.8.5
  - Fix a path traversal issue when using `root`
  - Fix malicious path detection for empty string path
* deps: serve-static@~1.5.4
  - deps: send@0.8.5
915
8.7 / 2014-08-29
917==================
918
* deps: qs@2.2.2
  - Remove unnecessary cloning
921
8.6 / 2014-08-27
923==================
924
* deps: qs@2.2.0
  - Array parsing fix
  - Performance improvements
928
8.5 / 2014-08-18
930==================
931
* deps: send@0.8.3
  - deps: destroy@1.0.3
  - deps: on-finished@2.1.0
* deps: serve-static@~1.5.3
  - deps: send@0.8.3
937
8.4 / 2014-08-14
939==================
940
* deps: qs@1.2.2
* deps: send@0.8.2
  - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
* deps: serve-static@~1.5.2
  - deps: send@0.8.2
946
8.3 / 2014-08-10
948==================
949
* deps: parseurl@~1.3.0
* deps: qs@1.2.1
* deps: serve-static@~1.5.1
  - Fix parsing of weird `req.originalUrl` values
  - deps: parseurl@~1.3.0
  - deps: utils-merge@1.0.0
956
8.2 / 2014-08-07
958==================
959
* deps: qs@1.2.0
  - Fix parsing array of objects
962
8.1 / 2014-08-06
964==================
965
* fix incorrect deprecation warnings on `res.download`
* deps: qs@1.1.0
  - Accept urlencoded square brackets
  - Accept empty values in implicit array notation
970
8.0 / 2014-08-05
972==================
973
* add `res.sendFile`
  - accepts a file system path instead of a URL
  - requires an absolute path or `root` option specified
* deprecate `res.sendfile` -- use `res.sendFile` instead
* support mounted app as any argument to `app.use()`
* deps: qs@1.0.2
  - Complete rewrite
  - Limits array length to 20
  - Limits object depth to 5
  - Limits parameters to 1,000
* deps: send@0.8.1
  - Add `extensions` option
* deps: serve-static@~1.5.0
  - Add `extensions` option
  - deps: send@0.8.1
989
7.4 / 2014-08-04
991==================
992
* fix `res.sendfile` regression for serving directory index files
* deps: send@0.7.4
  - Fix incorrect 403 on Windows and Node.js 0.11
  - Fix serving index files without root dir
* deps: serve-static@~1.4.4
  - deps: send@0.7.4
999
7.3 / 2014-08-04
1001==================
1002
* deps: send@0.7.3
  - Fix incorrect 403 on Windows and Node.js 0.11
* deps: serve-static@~1.4.3
  - Fix incorrect 403 on Windows and Node.js 0.11
  - deps: send@0.7.3
1008
7.2 / 2014-07-27
1010==================
1011
* deps: depd@0.4.4
  - Work-around v8 generating empty stack traces
* deps: send@0.7.2
  - deps: depd@0.4.4
* deps: serve-static@~1.4.2
1017
7.1 / 2014-07-26
1019==================
1020
* deps: depd@0.4.3
  - Fix exception when global `Error.stackTraceLimit` is too low
* deps: send@0.7.1
  - deps: depd@0.4.3
* deps: serve-static@~1.4.1
1026
7.0 / 2014-07-25
1028==================
1029
* fix `req.protocol` for proxy-direct connections
* configurable query parser with `app.set('query parser', parser)`
  - `app.set('query parser', 'extended')` parse with "qs" module
  - `app.set('query parser', 'simple')` parse with "querystring" core module
  - `app.set('query parser', false)` disable query string parsing
  - `app.set('query parser', true)` enable simple parsing
* deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
* deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
* deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
* deps: debug@1.0.4
* deps: depd@0.4.2
  - Add `TRACE_DEPRECATION` environment variable
  - Remove non-standard grey color from color output
  - Support `--no-deprecation` argument
  - Support `--trace-deprecation` argument
* deps: finalhandler@0.1.0
  - Respond after request fully read
  - deps: debug@1.0.4
* deps: parseurl@~1.2.0
  - Cache URLs based on original value
  - Remove no-longer-needed URL mis-parse work-around
  - Simplify the "fast-path" `RegExp`
* deps: send@0.7.0
  - Add `dotfiles` option
  - Cap `maxAge` value to 1 year
  - deps: debug@1.0.4
  - deps: depd@0.4.2
* deps: serve-static@~1.4.0
  - deps: parseurl@~1.2.0
  - deps: send@0.7.0
* perf: prevent multiple `Buffer` creation in `res.send`
1061
6.1 / 2014-07-12
1063==================
1064
* fix `subapp.mountpath` regression for `app.use(subapp)`
1066
6.0 / 2014-07-11
1068==================
1069
* accept multiple callbacks to `app.use()`
* add explicit "Rosetta Flash JSONP abuse" protection
  - previous versions are not vulnerable; this is just explicit protection
* catch errors in multiple `req.param(name, fn)` handlers
* deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
* fix `res.send(status, num)` to send `num` as json (not error)
* remove unnecessary escaping when `res.jsonp` returns JSON response
* support non-string `path` in `app.use(path, fn)`
  - supports array of paths
  - supports `RegExp`
* router: fix optimization on router exit
* router: refactor location of `try` blocks
* router: speed up standard `app.use(fn)`
* deps: debug@1.0.3
  - Add support for multiple wildcards in namespaces
* deps: finalhandler@0.0.3
  - deps: debug@1.0.3
* deps: methods@1.1.0
  - add `CONNECT`
* deps: parseurl@~1.1.3
  - faster parsing of href-only URLs
* deps: path-to-regexp@0.1.3
* deps: send@0.6.0
  - deps: debug@1.0.3
* deps: serve-static@~1.3.2
  - deps: parseurl@~1.1.3
  - deps: send@0.6.0
* perf: fix arguments reassign deopt in some `res` methods
1098
5.1 / 2014-07-06
1100==================
1101
* fix routing regression when altering `req.method`
1103
5.0 / 2014-07-04
1105==================
1106
* add deprecation message to non-plural `req.accepts*`
* add deprecation message to `res.send(body, status)`
* add deprecation message to `res.vary()`
* add `headers` option to `res.sendfile`
 - use to set headers on successful file transfer
* add `mergeParams` option to `Router`
 - merges `req.params` from parent routes
* add `req.hostname` -- correct name for what `req.host` returns
* deprecate things with `depd` module
* deprecate `req.host` -- use `req.hostname` instead
* fix behavior when handling request without routes
* fix handling when `route.all` is only route
* invoke `router.param()` only when route matches
* restore `req.params` after invoking router
* use `finalhandler` for final response handling
* use `media-typer` to alter content-type charset
* deps: accepts@~1.0.7
* deps: send@0.5.0
 - Accept string for `maxage` (converted by `ms`)
 - Include link in default redirect response
* deps: serve-static@~1.3.0
 - Accept string for `maxAge` (converted by `ms`)
 - Add `setHeaders` option
 - Include HTML link in redirect response
 - deps: send@0.5.0
* deps: type-is@~1.3.2
1133
4.5 / 2014-06-26
1135==================
1136
* deps: cookie-signature@1.0.4
 - fix for timing attacks
1139
4.4 / 2014-06-20
1141==================
1142
* fix `res.attachment` Unicode filenames in Safari
* fix "trim prefix" debug message in `express:router`
* deps: accepts@~1.0.5
* deps: buffer-crc32@0.2.3
1147
4.3 / 2014-06-11
1149==================
1150
* fix persistence of modified `req.params[name]` from `app.param()`
* deps: accepts@1.0.3
 - deps: negotiator@0.4.6
* deps: debug@1.0.2
* deps: send@0.4.3
 - Do not throw uncatchable error on file open race condition
 - Use `escape-html` for HTML escaping
 - deps: debug@1.0.2
 - deps: finished@1.2.2
 - deps: fresh@0.2.2
* deps: serve-static@1.2.3
 - Do not throw uncatchable error on file open race condition
 - deps: send@0.4.3
1164
4.2 / 2014-06-09
1166==================
1167
* fix catching errors from top-level handlers
* use `vary` module for `res.vary`
* deps: debug@1.0.1
* deps: proxy-addr@1.0.1
* deps: send@0.4.2
 - fix "event emitter leak" warnings
 - deps: debug@1.0.1
 - deps: finished@1.2.1
* deps: serve-static@1.2.2
 - fix "event emitter leak" warnings
 - deps: send@0.4.2
* deps: type-is@1.2.1
1180
4.1 / 2014-06-02
1182==================
1183
* deps: methods@1.0.1
* deps: send@0.4.1
 - Send `max-age` in `Cache-Control` in correct format
* deps: serve-static@1.2.1
 - use `escape-html` for escaping
 - deps: send@0.4.1
1190
4.0 / 2014-05-30
1192==================
1193
* custom etag control with `app.set('etag', val)`
 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
 - `app.set('etag', 'weak')` weak tag
 - `app.set('etag', 'strong')` strong etag
 - `app.set('etag', false)` turn off
 - `app.set('etag', true)` standard etag
* mark `res.send` ETag as weak and reduce collisions
* update accepts to 1.0.2
 - Fix interpretation when header not in request
* update send to 0.4.0
 - Calculate ETag with md5 for reduced collisions
 - Ignore stream errors after request ends
 - deps: debug@0.8.1
* update serve-static to 1.2.0
 - Calculate ETag with md5 for reduced collisions
 - Ignore stream errors after request ends
 - deps: send@0.4.0
1211
3.2 / 2014-05-28
1213==================
1214
* fix handling of errors from `router.param()` callbacks
1216
3.1 / 2014-05-23
1218==================
1219
* revert "fix behavior of multiple `app.VERB` for the same path"
 - this caused a regression in the order of route execution
1222
3.0 / 2014-05-21
1224==================
1225
* add `req.baseUrl` to access the path stripped from `req.url` in routes
* fix behavior of multiple `app.VERB` for the same path
* fix issue routing requests among sub routers
* invoke `router.param()` only when necessary instead of every match
* proper proxy trust with `app.set('trust proxy', trust)`
 - `app.set('trust proxy', 1)` trust first hop
 - `app.set('trust proxy', 'loopback')` trust loopback addresses
 - `app.set('trust proxy', '10.0.0.1')` trust single IP
 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
 - `app.set('trust proxy', false)` turn off
 - `app.set('trust proxy', true)` trust everything
* set proper `charset` in `Content-Type` for `res.send`
* update type-is to 1.2.0
 - support suffix matching
1241
2.0 / 2014-05-11
1243==================
1244
* deprecate `app.del()` -- use `app.delete()` instead
* deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
* deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
* fix `req.next` when inside router instance
* include `ETag` header in `HEAD` requests
* keep previous `Content-Type` for `res.jsonp`
* support PURGE method
 - add `app.purge`
 - add `router.purge`
 - include PURGE in `app.all`
* update debug to 0.8.0
 - add `enable()` method
 - change from stderr to stdout
* update methods to 1.0.0
 - add PURGE
1262
1.2 / 2014-05-08
1264==================
1265
* fix `req.host` for IPv6 literals
* fix `res.jsonp` error if callback param is object
1268
1.1 / 2014-04-27
1270==================
1271
* fix package.json to reflect supported node version
1273
1.0 / 2014-04-24
1275==================
1276
* pass options from `res.sendfile` to `send`
* preserve casing of headers in `res.header` and `res.set`
* support unicode file names in `res.attachment` and `res.download`
* update accepts to 1.0.1
 - deps: negotiator@0.4.0
* update cookie to 0.1.2
 - Fix for maxAge == 0
 - made compat with expires field
* update send to 0.3.0
 - Accept API options in options object
 - Coerce option types
 - Control whether to generate etags
 - Default directory access to 403 when index disabled
 - Fix sending files with dots without root set
 - Include file path in etag
 - Make "Can't set headers after they are sent." catchable
 - Send full entity-body for multi range requests
 - Set etags to "weak"
 - Support "If-Range" header
 - Support multiple index paths
 - deps: mime@1.2.11
* update serve-static to 1.1.0
 - Accept options directly to `send` module
 - Resolve relative paths at middleware setup
 - Use parseurl to parse the URL from request
 - deps: send@0.3.0
* update type-is to 1.1.0
 - add non-array values support
 - add `multipart` as a shorthand
1306
0.0 / 2014-04-09
1308==================
1309
* remove:
 - node 0.8 support
 - connect and connect's patches except for charset handling
 - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
 - `express.createServer()` - it has been deprecated for a long time. Use `express()`
 - `app.configure` - use logic in your own app code
 - `app.router` - is removed
 - `req.auth` - use `basic-auth` instead
 - `req.accepted*` - use `req.accepts*()` instead
 - `res.location` - relative URL resolution is removed
 - `res.charset` - include the charset in the content type when using `res.set()`
 - all bundled middleware except `static`
* change:
 - `app.route` -> `app.mountpath` when mounting an express app in another express app
 - `json spaces` no longer enabled by default in development
 - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
 - `req.params` is now an object instead of an array
 - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
 - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
* refactor:
 - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
 - `req.is` with [type-is](https://github.com/expressjs/type-is)
 - [path-to-regexp](https://github.com/component/path-to-regexp)
* add:
 - `app.router()` - returns the app Router instance
 - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
 - Router & Route - public API
1337
21.2 / 2015-07-31
1339===================
1340
* deps: connect@2.30.2
  - deps: body-parser@~1.13.3
  - deps: compression@~1.5.2
  - deps: errorhandler@~1.4.2
  - deps: method-override@~2.3.5
  - deps: serve-index@~1.7.2
  - deps: type-is@~1.6.6
  - deps: vhost@~3.0.1
* deps: vary@~1.0.1
  - Fix setting empty header from empty `field`
  - perf: enable strict mode
  - perf: remove argument reassignments
1353
21.1 / 2015-07-05
1355===================
1356
* deps: basic-auth@~1.0.3
* deps: connect@2.30.1
  - deps: body-parser@~1.13.2
  - deps: compression@~1.5.1
  - deps: errorhandler@~1.4.1
  - deps: morgan@~1.6.1
  - deps: pause@0.1.0
  - deps: qs@4.0.0
  - deps: serve-index@~1.7.1
  - deps: type-is@~1.6.4
1367
21.0 / 2015-06-18
1369===================
1370
* deps: basic-auth@1.0.2
  - perf: enable strict mode
  - perf: hoist regular expression
  - perf: parse with regular expressions
  - perf: remove argument reassignment
* deps: connect@2.30.0
  - deps: body-parser@~1.13.1
  - deps: bytes@2.1.0
  - deps: compression@~1.5.0
  - deps: cookie@0.1.3
  - deps: cookie-parser@~1.3.5
  - deps: csurf@~1.8.3
  - deps: errorhandler@~1.4.0
  - deps: express-session@~1.11.3
  - deps: finalhandler@0.4.0
  - deps: fresh@0.3.0
  - deps: morgan@~1.6.0
  - deps: serve-favicon@~2.3.0
  - deps: serve-index@~1.7.0
  - deps: serve-static@~1.10.0
  - deps: type-is@~1.6.3
* deps: cookie@0.1.3
  - perf: deduce the scope of try-catch deopt
  - perf: remove argument reassignments
* deps: escape-html@1.0.2
* deps: etag@~1.7.0
  - Always include entity length in ETags for hash length extensions
  - Generate non-Stats ETags using MD5 only (no longer CRC32)
  - Improve stat performance by removing hashing
  - Improve support for JXcore
  - Remove base64 padding in ETags to shorten
  - Support "fake" stats objects in environments without fs
  - Use MD5 instead of MD4 in weak ETags over 1KB
* deps: fresh@0.3.0
  - Add weak `ETag` matching support
* deps: mkdirp@0.5.1
  - Work in global strict mode
* deps: send@0.13.0
  - Allow Node.js HTTP server to set `Date` response header
  - Fix incorrectly removing `Content-Location` on 304 response
  - Improve the default redirect response headers
  - Send appropriate headers on default error response
  - Use `http-errors` for standard emitted errors
  - Use `statuses` instead of `http` module for status messages
  - deps: escape-html@1.0.2
  - deps: etag@~1.7.0
  - deps: fresh@0.3.0
  - deps: on-finished@~2.3.0
  - perf: enable strict mode
  - perf: remove unnecessary array allocations
1421
20.3 / 2015-05-17
1423===================
1424
* deps: connect@2.29.2
  - deps: body-parser@~1.12.4
  - deps: compression@~1.4.4
  - deps: connect-timeout@~1.6.2
  - deps: debug@~2.2.0
  - deps: depd@~1.0.1
  - deps: errorhandler@~1.3.6
  - deps: finalhandler@0.3.6
  - deps: method-override@~2.3.3
  - deps: morgan@~1.5.3
  - deps: qs@2.4.2
  - deps: response-time@~2.3.1
  - deps: serve-favicon@~2.2.1
  - deps: serve-index@~1.6.4
  - deps: serve-static@~1.9.3
  - deps: type-is@~1.6.2
* deps: debug@~2.2.0
  - deps: ms@0.7.1
* deps: depd@~1.0.1
* deps: proxy-addr@~1.0.8
  - deps: ipaddr.js@1.0.1
* deps: send@0.12.3
  - deps: debug@~2.2.0
  - deps: depd@~1.0.1
  - deps: etag@~1.6.0
  - deps: ms@0.7.1
  - deps: on-finished@~2.2.1
1452
20.2 / 2015-03-16
1454===================
1455
* deps: connect@2.29.1
  - deps: body-parser@~1.12.2
  - deps: compression@~1.4.3
  - deps: connect-timeout@~1.6.1
  - deps: debug@~2.1.3
  - deps: errorhandler@~1.3.5
  - deps: express-session@~1.10.4
  - deps: finalhandler@0.3.4
  - deps: method-override@~2.3.2
  - deps: morgan@~1.5.2
  - deps: qs@2.4.1
  - deps: serve-index@~1.6.3
  - deps: serve-static@~1.9.2
  - deps: type-is@~1.6.1
* deps: debug@~2.1.3
  - Fix high intensity foreground color for bold
  - deps: ms@0.7.0
* deps: merge-descriptors@1.0.0
* deps: proxy-addr@~1.0.7
  - deps: ipaddr.js@0.1.9
* deps: send@0.12.2
  - Throw errors early for invalid `extensions` or `index` options
  - deps: debug@~2.1.3
1479
20.1 / 2015-02-28
1481===================
1482
* Fix `req.host` when using "trust proxy" hops count
* Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
1485
20.0 / 2015-02-18
1487===================
1488
* Fix `"trust proxy"` setting to inherit when app is mounted
* Generate `ETag`s for all request responses
  - No longer restricted to only responses for `GET` and `HEAD` requests
* Use `content-type` to parse `Content-Type` headers
* deps: connect@2.29.0
  - Use `content-type` to parse `Content-Type` headers
  - deps: body-parser@~1.12.0
  - deps: compression@~1.4.1
  - deps: connect-timeout@~1.6.0
  - deps: cookie-parser@~1.3.4
  - deps: cookie-signature@1.0.6
  - deps: csurf@~1.7.0
  - deps: errorhandler@~1.3.4
  - deps: express-session@~1.10.3
  - deps: http-errors@~1.3.1
  - deps: response-time@~2.3.0
  - deps: serve-index@~1.6.2
  - deps: serve-static@~1.9.1
  - deps: type-is@~1.6.0
* deps: cookie-signature@1.0.6
* deps: send@0.12.1
  - Always read the stat size from the file
  - Fix mutating passed-in `options`
  - deps: mime@1.3.4
1513
19.2 / 2015-02-01
1515===================
1516
* deps: connect@2.28.3
  - deps: compression@~1.3.1
  - deps: csurf@~1.6.6
  - deps: errorhandler@~1.3.3
  - deps: express-session@~1.10.2
  - deps: serve-index@~1.6.1
  - deps: type-is@~1.5.6
* deps: proxy-addr@~1.0.6
  - deps: ipaddr.js@0.1.8
1526
19.1 / 2015-01-20
1528===================
1529
* deps: connect@2.28.2
  - deps: body-parser@~1.10.2
  - deps: serve-static@~1.8.1
* deps: send@0.11.1
  - Fix root path disclosure
1535
19.0 / 2015-01-09
1537===================
1538
* Fix `OPTIONS` responses to include the `HEAD` method property
* Use `readline` for prompt in `express(1)`
* deps: commander@2.6.0
* deps: connect@2.28.1
  - deps: body-parser@~1.10.1
  - deps: compression@~1.3.0
  - deps: connect-timeout@~1.5.0
  - deps: csurf@~1.6.4
  - deps: debug@~2.1.1
  - deps: errorhandler@~1.3.2
  - deps: express-session@~1.10.1
  - deps: finalhandler@0.3.3
  - deps: method-override@~2.3.1
  - deps: morgan@~1.5.1
  - deps: serve-favicon@~2.2.0
  - deps: serve-index@~1.6.0
  - deps: serve-static@~1.8.0
  - deps: type-is@~1.5.5
* deps: debug@~2.1.1
* deps: methods@~1.1.1
* deps: proxy-addr@~1.0.5
  - deps: ipaddr.js@0.1.6
* deps: send@0.11.0
  - deps: debug@~2.1.1
  - deps: etag@~1.5.1
  - deps: ms@0.7.0
  - deps: on-finished@~2.2.0
1566
18.6 / 2014-12-12
1568===================
1569
* Fix exception in `req.fresh`/`req.stale` without response headers
1571
18.5 / 2014-12-11
1573===================
1574
* deps: connect@2.27.6
  - deps: compression@~1.2.2
  - deps: express-session@~1.9.3
  - deps: http-errors@~1.2.8
  - deps: serve-index@~1.5.3
  - deps: type-is@~1.5.4
1581
18.4 / 2014-11-23
1583===================
1584
* deps: connect@2.27.4
  - deps: body-parser@~1.9.3
  - deps: compression@~1.2.1
  - deps: errorhandler@~1.2.3
  - deps: express-session@~1.9.2
  - deps: qs@2.3.3
  - deps: serve-favicon@~2.1.7
  - deps: serve-static@~1.5.1
  - deps: type-is@~1.5.3
* deps: etag@~1.5.1
* deps: proxy-addr@~1.0.4
  - deps: ipaddr.js@0.1.5
1597
18.3 / 2014-11-09
1599===================
1600
* deps: connect@2.27.3
  - Correctly invoke async callback asynchronously
  - deps: csurf@~1.6.3
1604
18.2 / 2014-10-28
1606===================
1607
* deps: connect@2.27.2
  - Fix handling of URLs containing `://` in the path
  - deps: body-parser@~1.9.2
  - deps: qs@2.3.2
1612
18.1 / 2014-10-22
1614===================
1615
* Fix internal `utils.merge` deprecation warnings
* deps: connect@2.27.1
  - deps: body-parser@~1.9.1
  - deps: express-session@~1.9.1
  - deps: finalhandler@0.3.2
  - deps: morgan@~1.4.1
  - deps: qs@2.3.0
  - deps: serve-static@~1.7.1
* deps: send@0.10.1
  - deps: on-finished@~2.1.1
1626
18.0 / 2014-10-17
1628===================
1629
* Use `content-disposition` module for `res.attachment`/`res.download`
  - Sends standards-compliant `Content-Disposition` header
  - Full Unicode support
* Use `etag` module to generate `ETag` headers
* deps: connect@2.27.0
  - Use `http-errors` module for creating errors
  - Use `utils-merge` module for merging objects
  - deps: body-parser@~1.9.0
  - deps: compression@~1.2.0
  - deps: connect-timeout@~1.4.0
  - deps: debug@~2.1.0
  - deps: depd@~1.0.0
  - deps: express-session@~1.9.0
  - deps: finalhandler@0.3.1
  - deps: method-override@~2.3.0
  - deps: morgan@~1.4.0
  - deps: response-time@~2.2.0
  - deps: serve-favicon@~2.1.6
  - deps: serve-index@~1.5.0
  - deps: serve-static@~1.7.0
* deps: debug@~2.1.0
  - Implement `DEBUG_FD` env variable support
* deps: depd@~1.0.0
* deps: send@0.10.0
  - deps: debug@~2.1.0
  - deps: depd@~1.0.0
  - deps: etag@~1.5.0
1657
17.8 / 2014-10-15
1659===================
1660
* deps: connect@2.26.6
  - deps: compression@~1.1.2
  - deps: csurf@~1.6.2
  - deps: errorhandler@~1.2.2
1665
17.7 / 2014-10-08
1667===================
1668
* deps: connect@2.26.5
  - Fix accepting non-object arguments to `logger`
  - deps: serve-static@~1.6.4
1672
17.6 / 2014-10-02
1674===================
1675
* deps: connect@2.26.4
  - deps: morgan@~1.3.2
  - deps: type-is@~1.5.2
1679
17.5 / 2014-09-24
1681===================
1682
* deps: connect@2.26.3
  - deps: body-parser@~1.8.4
  - deps: serve-favicon@~2.1.5
  - deps: serve-static@~1.6.3
* deps: proxy-addr@~1.0.3
  - Use `forwarded` npm module
* deps: send@0.9.3
  - deps: etag@~1.4.0
1691
17.4 / 2014-09-19
1693===================
1694
* deps: connect@2.26.2
  - deps: body-parser@~1.8.3
  - deps: qs@2.2.4
1698
17.3 / 2014-09-18
1700===================
1701
* deps: proxy-addr@~1.0.2
  - Fix a global leak when multiple subnets are trusted
  - deps: ipaddr.js@0.1.3
1705
17.2 / 2014-09-15
1707===================
1708
* Use `crc` instead of `buffer-crc32` for speed
* deps: connect@2.26.1
  - deps: body-parser@~1.8.2
  - deps: depd@0.4.5
  - deps: express-session@~1.8.2
  - deps: morgan@~1.3.1
  - deps: serve-favicon@~2.1.3
  - deps: serve-static@~1.6.2
* deps: depd@0.4.5
* deps: send@0.9.2
  - deps: depd@0.4.5
  - deps: etag@~1.3.1
  - deps: range-parser@~1.0.2
1722
17.1 / 2014-09-08
1724===================
1725
* Fix error in `req.subdomains` on empty host
1727
17.0 / 2014-09-08
1729===================
1730
* Support `X-Forwarded-Host` in `req.subdomains`
* Support IP address host in `req.subdomains`
* deps: connect@2.26.0
  - deps: body-parser@~1.8.1
  - deps: compression@~1.1.0
  - deps: connect-timeout@~1.3.0
  - deps: cookie-parser@~1.3.3
  - deps: cookie-signature@1.0.5
  - deps: csurf@~1.6.1
  - deps: debug@~2.0.0
  - deps: errorhandler@~1.2.0
  - deps: express-session@~1.8.1
  - deps: finalhandler@0.2.0
  - deps: fresh@0.2.4
  - deps: media-typer@0.3.0
  - deps: method-override@~2.2.0
  - deps: morgan@~1.3.0
  - deps: qs@2.2.3
  - deps: serve-favicon@~2.1.3
  - deps: serve-index@~1.2.1
  - deps: serve-static@~1.6.1
  - deps: type-is@~1.5.1
  - deps: vhost@~3.0.0
* deps: cookie-signature@1.0.5
* deps: debug@~2.0.0
* deps: fresh@0.2.4
* deps: media-typer@0.3.0
  - Throw error when parameter format invalid on parse
* deps: range-parser@~1.0.2
* deps: send@0.9.1
  - Add `lastModified` option
  - Use `etag` to generate `ETag` header
  - deps: debug@~2.0.0
  - deps: fresh@0.2.4
* deps: vary@~1.0.0
  - Accept valid `Vary` header string as `field`
1767
16.10 / 2014-09-04
1769====================
1770
* deps: connect@2.25.10
  - deps: serve-static@~1.5.4
* deps: send@0.8.5
  - Fix a path traversal issue when using `root`
  - Fix malicious path detection for empty string path
1776
16.9 / 2014-08-29
1778===================
1779
* deps: connect@2.25.9
  - deps: body-parser@~1.6.7
  - deps: qs@2.2.2
1783
16.8 / 2014-08-27
1785===================
1786
* deps: connect@2.25.8
  - deps: body-parser@~1.6.6
  - deps: csurf@~1.4.1
  - deps: qs@2.2.0
1791
16.7 / 2014-08-18
1793===================
1794
* deps: connect@2.25.7
  - deps: body-parser@~1.6.5
  - deps: express-session@~1.7.6
  - deps: morgan@~1.2.3
  - deps: serve-static@~1.5.3
* deps: send@0.8.3
  - deps: destroy@1.0.3
  - deps: on-finished@2.1.0
1803
16.6 / 2014-08-14
1805===================
1806
* deps: connect@2.25.6
  - deps: body-parser@~1.6.4
  - deps: qs@1.2.2
  - deps: serve-static@~1.5.2
* deps: send@0.8.2
  - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
1813
16.5 / 2014-08-11
1815===================
1816
* deps: connect@2.25.5
  - Fix backwards compatibility in `logger`
1819
16.4 / 2014-08-10
1821===================
1822
* Fix original URL parsing in `res.location`
* deps: connect@2.25.4
  - Fix `query` middleware breaking with argument
  - deps: body-parser@~1.6.3
  - deps: compression@~1.0.11
  - deps: connect-timeout@~1.2.2
  - deps: express-session@~1.7.5
  - deps: method-override@~2.1.3
  - deps: on-headers@~1.0.0
  - deps: parseurl@~1.3.0
  - deps: qs@1.2.1
  - deps: response-time@~2.0.1
  - deps: serve-index@~1.1.6
  - deps: serve-static@~1.5.1
* deps: parseurl@~1.3.0
1838
16.3 / 2014-08-07
1840===================
1841
* deps: connect@2.25.3
  - deps: multiparty@3.3.2
1844
16.2 / 2014-08-07
1846===================
1847
* deps: connect@2.25.2
  - deps: body-parser@~1.6.2
  - deps: qs@1.2.0
1851
16.1 / 2014-08-06
1853===================
1854
* deps: connect@2.25.1
  - deps: body-parser@~1.6.1
  - deps: qs@1.1.0
1858
16.0 / 2014-08-05
1860===================
1861
* deps: connect@2.25.0
  - deps: body-parser@~1.6.0
  - deps: compression@~1.0.10
  - deps: csurf@~1.4.0
  - deps: express-session@~1.7.4
  - deps: qs@1.0.2
  - deps: serve-static@~1.5.0
* deps: send@0.8.1
  - Add `extensions` option
1871
15.3 / 2014-08-04
1873===================
1874
* fix `res.sendfile` regression for serving directory index files
* deps: connect@2.24.3
  - deps: serve-index@~1.1.5
  - deps: serve-static@~1.4.4
* deps: send@0.7.4
  - Fix incorrect 403 on Windows and Node.js 0.11
  - Fix serving index files without root dir
1882
15.2 / 2014-07-27
1884===================
1885
* deps: connect@2.24.2
  - deps: body-parser@~1.5.2
  - deps: depd@0.4.4
  - deps: express-session@~1.7.2
  - deps: morgan@~1.2.2
  - deps: serve-static@~1.4.2
* deps: depd@0.4.4
  - Work-around v8 generating empty stack traces
* deps: send@0.7.2
  - deps: depd@0.4.4
1896
15.1 / 2014-07-26
1898===================
1899
* deps: connect@2.24.1
  - deps: body-parser@~1.5.1
  - deps: depd@0.4.3
  - deps: express-session@~1.7.1
  - deps: morgan@~1.2.1
  - deps: serve-index@~1.1.4
  - deps: serve-static@~1.4.1
* deps: depd@0.4.3
  - Fix exception when global `Error.stackTraceLimit` is too low
* deps: send@0.7.1
  - deps: depd@0.4.3
1911
15.0 / 2014-07-22
1913===================
1914
* Fix `req.protocol` for proxy-direct connections
* Pass options from `res.sendfile` to `send`
* deps: connect@2.24.0
  - deps: body-parser@~1.5.0
  - deps: compression@~1.0.9
  - deps: connect-timeout@~1.2.1
  - deps: debug@1.0.4
  - deps: depd@0.4.2
  - deps: express-session@~1.7.0
  - deps: finalhandler@0.1.0
  - deps: method-override@~2.1.2
  - deps: morgan@~1.2.0
  - deps: multiparty@3.3.1
  - deps: parseurl@~1.2.0
  - deps: serve-static@~1.4.0
* deps: debug@1.0.4
* deps: depd@0.4.2
  - Add `TRACE_DEPRECATION` environment variable
  - Remove non-standard grey color from color output
  - Support `--no-deprecation` argument
  - Support `--trace-deprecation` argument
* deps: parseurl@~1.2.0
  - Cache URLs based on original value
  - Remove no-longer-needed URL mis-parse work-around
  - Simplify the "fast-path" `RegExp`
* deps: send@0.7.0
  - Add `dotfiles` option
  - Cap `maxAge` value to 1 year
  - deps: debug@1.0.4
  - deps: depd@0.4.2
1945
14.0 / 2014-07-11
1947===================
1948
* add explicit "Rosetta Flash JSONP abuse" protection
 - previous versions are not vulnerable; this is just explicit protection
* deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
* fix `res.send(status, num)` to send `num` as json (not error)
* remove unnecessary escaping when `res.jsonp` returns JSON response
* deps: basic-auth@1.0.0
 - support empty password
 - support empty username
* deps: connect@2.23.0
 - deps: debug@1.0.3
 - deps: express-session@~1.6.4
 - deps: method-override@~2.1.0
 - deps: parseurl@~1.1.3
 - deps: serve-static@~1.3.1
* deps: debug@1.0.3
  - Add support for multiple wildcards in namespaces
* deps: methods@1.1.0
  - add `CONNECT`
* deps: parseurl@~1.1.3
  - faster parsing of href-only URLs
1969
13.0 / 2014-07-03
1971===================
1972
* add deprecation message to `app.configure`
* add deprecation message to `req.auth`
* use `basic-auth` to parse `Authorization` header
* deps: connect@2.22.0
 - deps: csurf@~1.3.0
 - deps: express-session@~1.6.1
 - deps: multiparty@3.3.0
 - deps: serve-static@~1.3.0
* deps: send@0.5.0
 - Accept string for `maxage` (converted by `ms`)
 - Include link in default redirect response
1984
12.1 / 2014-06-26
1986===================
1987
* deps: connect@2.21.1
 - deps: cookie-parser@1.3.2
 - deps: cookie-signature@1.0.4
 - deps: express-session@~1.5.2
 - deps: type-is@~1.3.2
* deps: cookie-signature@1.0.4
 - fix for timing attacks
1995
12.0 / 2014-06-21
1997===================
1998
* use `media-typer` to alter content-type charset
* deps: connect@2.21.0
 - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
 - deprecate `connect.createServer()` -- use `connect()` instead
 - fix `res.setHeader()` patch to work with with get -> append -> set pattern
 - deps: compression@~1.0.8
 - deps: errorhandler@~1.1.1
 - deps: express-session@~1.5.0
 - deps: serve-index@~1.1.3
2008
11.0 / 2014-06-19
2010===================
2011
* deprecate things with `depd` module
* deps: buffer-crc32@0.2.3
* deps: connect@2.20.2
 - deprecate `verify` option to `json` -- use `body-parser` npm module instead
 - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
 - deprecate things with `depd` module
 - use `finalhandler` for final response handling
 - use `media-typer` to parse `content-type` for charset
 - deps: body-parser@1.4.3
 - deps: connect-timeout@1.1.1
 - deps: cookie-parser@1.3.1
 - deps: csurf@1.2.2
 - deps: errorhandler@1.1.0
 - deps: express-session@1.4.0
 - deps: multiparty@3.2.9
 - deps: serve-index@1.1.2
 - deps: type-is@1.3.1
 - deps: vhost@2.0.0
2030
10.5 / 2014-06-11
2032===================
2033
* deps: connect@2.19.6
 - deps: body-parser@1.3.1
 - deps: compression@1.0.7
 - deps: debug@1.0.2
 - deps: serve-index@1.1.1
 - deps: serve-static@1.2.3
* deps: debug@1.0.2
* deps: send@0.4.3
 - Do not throw uncatchable error on file open race condition
 - Use `escape-html` for HTML escaping
 - deps: debug@1.0.2
 - deps: finished@1.2.2
 - deps: fresh@0.2.2
2047
10.4 / 2014-06-09
2049===================
2050
* deps: connect@2.19.5
 - fix "event emitter leak" warnings
 - deps: csurf@1.2.1
 - deps: debug@1.0.1
 - deps: serve-static@1.2.2
 - deps: type-is@1.2.1
* deps: debug@1.0.1
* deps: send@0.4.2
 - fix "event emitter leak" warnings
 - deps: finished@1.2.1
 - deps: debug@1.0.1
2062
10.3 / 2014-06-05
2064===================
2065
* use `vary` module for `res.vary`
* deps: connect@2.19.4
 - deps: errorhandler@1.0.2
 - deps: method-override@2.0.2
 - deps: serve-favicon@2.0.1
* deps: debug@1.0.0
2072
10.2 / 2014-06-03
2074===================
2075
* deps: connect@2.19.3
 - deps: compression@1.0.6
2078
10.1 / 2014-06-03
2080===================
2081
* deps: connect@2.19.2
 - deps: compression@1.0.4
* deps: proxy-addr@1.0.1
2085
10.0 / 2014-06-02
2087===================
2088
* deps: connect@2.19.1
 - deprecate `methodOverride()` -- use `method-override` npm module instead
 - deps: body-parser@1.3.0
 - deps: method-override@2.0.1
 - deps: multiparty@3.2.8
 - deps: response-time@2.0.0
 - deps: serve-static@1.2.1
* deps: methods@1.0.1
* deps: send@0.4.1
 - Send `max-age` in `Cache-Control` in correct format
2099
9.0 / 2014-05-30
2101==================
2102
* custom etag control with `app.set('etag', val)`
 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
 - `app.set('etag', 'weak')` weak tag
 - `app.set('etag', 'strong')` strong etag
 - `app.set('etag', false)` turn off
 - `app.set('etag', true)` standard etag
* Include ETag in HEAD requests
* mark `res.send` ETag as weak and reduce collisions
* update connect to 2.18.0
 - deps: compression@1.0.3
 - deps: serve-index@1.1.0
 - deps: serve-static@1.2.0
* update send to 0.4.0
 - Calculate ETag with md5 for reduced collisions
 - Ignore stream errors after request ends
 - deps: debug@0.8.1
2119
8.1 / 2014-05-27
2121==================
2122
* update connect to 2.17.3
 - deps: body-parser@1.2.2
 - deps: express-session@1.2.1
 - deps: method-override@1.0.2
2127
8.0 / 2014-05-21
2129==================
2130
* keep previous `Content-Type` for `res.jsonp`
* set proper `charset` in `Content-Type` for `res.send`
* update connect to 2.17.1
 - fix `res.charset` appending charset when `content-type` has one
 - deps: express-session@1.2.0
 - deps: morgan@1.1.1
 - deps: serve-index@1.0.3
2138
7.0 / 2014-05-18
2140==================
2141
* proper proxy trust with `app.set('trust proxy', trust)`
 - `app.set('trust proxy', 1)` trust first hop
 - `app.set('trust proxy', 'loopback')` trust loopback addresses
 - `app.set('trust proxy', '10.0.0.1')` trust single IP
 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
 - `app.set('trust proxy', false)` turn off
 - `app.set('trust proxy', true)` trust everything
* update connect to 2.16.2
 - deprecate `res.headerSent` -- use `res.headersSent`
 - deprecate `res.on("header")` -- use on-headers module instead
 - fix edge-case in `res.appendHeader` that would append in wrong order
 - json: use body-parser
 - urlencoded: use body-parser
 - dep: bytes@1.0.0
 - dep: cookie-parser@1.1.0
 - dep: csurf@1.2.0
 - dep: express-session@1.1.0
 - dep: method-override@1.0.1
2161
6.0 / 2014-05-09
2163==================
2164
* deprecate `app.del()` -- use `app.delete()` instead
* deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
* deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
* support PURGE method
 - add `app.purge`
 - add `router.purge`
 - include PURGE in `app.all`
* update connect to 2.15.0
 * Add `res.appendHeader`
 * Call error stack even when response has been sent
 * Patch `res.headerSent` to return Boolean
 * Patch `res.headersSent` for node.js 0.8
 * Prevent default 404 handler after response sent
 * dep: compression@1.0.2
 * dep: connect-timeout@1.1.0
 * dep: debug@^0.8.0
 * dep: errorhandler@1.0.1
 * dep: express-session@1.0.4
 * dep: morgan@1.0.1
 * dep: serve-favicon@2.0.0
 * dep: serve-index@1.0.2
* update debug to 0.8.0
 * add `enable()` method
 * change from stderr to stdout
* update methods to 1.0.0
 - add PURGE
* update mkdirp to 0.5.0
2194
5.3 / 2014-05-08
2196==================
2197
* fix `req.host` for IPv6 literals
* fix `res.jsonp` error if callback param is object
2200
5.2 / 2014-04-24
2202==================
2203
* update connect to 2.14.5
* update cookie to 0.1.2
* update mkdirp to 0.4.0
* update send to 0.3.0
2208
5.1 / 2014-03-25
2210==================
2211
* pin less-middleware in generated app
2213
5.0 / 2014-03-06
2215==================
2216
* bump deps
2218
4.8 / 2014-01-13
2220==================
2221
* prevent incorrect automatic OPTIONS responses #1868 @dpatti
* update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
* throw 400 in case of malformed paths @rlidwka
2225
4.7 / 2013-12-10
2227==================
2228
* update connect
2230
4.6 / 2013-12-01
2232==================
2233
* update connect (raw-body)
2235
4.5 / 2013-11-27
2237==================
2238
* update connect
* res.location: remove leading ./ #1802 @kapouer
* res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
* res.send: always send ETag when content-length > 0
* router: add Router.all() method
2244
4.4 / 2013-10-29
2246==================
2247
* update connect
* update supertest
* update methods
* express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
2252
4.3 / 2013-10-23
2254==================
2255
* update connect
2257
4.2 / 2013-10-18
2259==================
2260
* update connect
* downgrade commander
2263
4.1 / 2013-10-15
2265==================
2266
* update connect
* update commander
* jsonp: check if callback is a function
* router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
* res.format: now includes charset @1747 (@sorribas)
* res.links: allow multiple calls @1746 (@sorribas)
2273
4.0 / 2013-09-07
2275==================
2276
* add res.vary(). Closes #1682
* update connect
2279
3.8 / 2013-09-02
2281==================
2282
* update connect
2284
3.7 / 2013-08-28
2286==================
2287
* update connect
2289
3.6 / 2013-08-27
2291==================
2292
* Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
* add: req.accepts take an argument list
2295
3.4 / 2013-07-08
2297==================
2298
* update send and connect
2300
3.3 / 2013-07-04
2302==================
2303
* update connect
2305
3.2 / 2013-07-03
2307==================
2308
* update connect
* update send
* remove .version export
2312
3.1 / 2013-06-27
2314==================
2315
* update connect
2317
3.0 / 2013-06-26
2319==================
2320
* update connect
* add support for multiple X-Forwarded-Proto values. Closes #1646
* change: remove charset from json responses. Closes #1631
* change: return actual booleans from req.accept* functions
* fix jsonp callback array throw
2326
2.6 / 2013-06-02
2328==================
2329
* update connect
2331
2.5 / 2013-05-21
2333==================
2334
* update connect
* update node-cookie
* add: throw a meaningful error when there is no default engine
* change generation of ETags with res.send() to GET requests only. Closes #1619
2339
2.4 / 2013-05-09
2341==================
2342
* fix `req.subdomains` when no Host is present
* fix `req.host` when no Host is present, return undefined
2345
2.3 / 2013-05-07
2347==================
2348
* update connect / qs
2350
2.2 / 2013-05-03
2352==================
2353
* update qs
2355
2.1 / 2013-04-29
2357==================
2358
* add app.VERB() paths array deprecation warning
* update connect
* update qs and remove all ~ semver crap
* fix: accept number as value of Signed Cookie
2363
2.0 / 2013-04-15
2365==================
2366
* add "view" constructor setting to override view behaviour
* add req.acceptsEncoding(name)
* add req.acceptedEncodings
* revert cookie signature change causing session race conditions
* fix sorting of Accept values of the same quality
2372
1.2 / 2013-04-12
2374==================
2375
* add support for custom Accept parameters
* update cookie-signature
2378
1.1 / 2013-04-01
2380==================
2381
* add X-Forwarded-Host support to `req.host`
* fix relative redirects
* update mkdirp
* update buffer-crc32
* remove legacy app.configure() method from app template.
2387
1.0 / 2013-01-25
2389==================
2390
* add support for leading "." in "view engine" setting
* add array support to `res.set()`
* add node 0.8.x to travis.yml
* add "subdomain offset" setting for tweaking `req.subdomains`
* add `res.location(url)` implementing `res.redirect()`-like setting of Location
* use app.get() for x-powered-by setting for inheritance
* fix colons in passwords for `req.auth`
2398
0.6 / 2013-01-04
2400==================
2401
* add http verb methods to Router
* update connect
* fix mangling of the `res.cookie()` options object
* fix jsonp whitespace escape. Closes #1132
2406
0.5 / 2012-12-19
2408==================
2409
* add throwing when a non-function is passed to a route
* fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
* revert "add 'etag' option"
2413
0.4 / 2012-12-05
2415==================
2416
* add 'etag' option to disable `res.send()` Etags
* add escaping of urls in text/plain in `res.redirect()`
  for old browsers interpreting as html
* change crc32 module for a more liberal license
* update connect
2422
0.3 / 2012-11-13
2424==================
2425
* update connect
* update cookie module
* fix cookie max-age
2429
0.2 / 2012-11-08
2431==================
2432
* add OPTIONS to cors example. Closes #1398
* fix route chaining regression. Closes #1397
2435
0.1 / 2012-11-01
2437==================
2438
* update connect
2440
0.0 / 2012-10-23
2442==================
2443
* add `make clean`
* add "Basic" check to req.auth
* add `req.auth` test coverage
* add cb && cb(payload) to `res.jsonp()`. Closes #1374
* add backwards compat for `res.redirect()` status. Closes #1336
* add support for `res.json()` to retain previously defined Content-Types. Closes #1349
* update connect
* change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
* remove non-primitive string support for `res.send()`
* fix view-locals example. Closes #1370
* fix route-separation example
2455
0.0rc5 / 2012-09-18
2457==================
2458
* update connect
* add redis search example
* add static-files example
* add "x-powered-by" setting (`app.disable('x-powered-by')`)
* add "application/octet-stream" redirect Accept test case. Closes #1317
2464
0.0rc4 / 2012-08-30
2466==================
2467
* add `res.jsonp()`. Closes #1307
* add "verbose errors" option to error-pages example
* add another route example to express(1) so people are not so confused
* add redis online user activity tracking example
* update connect dep
* fix etag quoting. Closes #1310
* fix error-pages 404 status
* fix jsonp callback char restrictions
* remove old OPTIONS default response
2477
0.0rc3 / 2012-08-13
2479==================
2480
* update connect dep
* fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
* fix `res.render()` clobbering of "locals"
2484
0.0rc2 / 2012-08-03
2486==================
2487
* add CORS example
* update connect dep
* deprecate `.createServer()` & remove old stale examples
* fix: escape `res.redirect()` link
* fix vhost example
2493
0.0rc1 / 2012-07-24
2495==================
2496
* add more examples to view-locals
* add scheme-relative redirects (`res.redirect("//foo.com")`) support
* update cookie dep
* update connect dep
* update send dep
* fix `express(1)` -h flag, use -H for hogan. Closes #1245
* fix `res.sendfile()` socket error handling regression
2504
0.0beta7 / 2012-07-16
2506==================
2507
* update connect dep for `send()` root normalization regression
2509
0.0beta6 / 2012-07-13
2511==================
2512
* add `err.view` property for view errors. Closes #1226
* add "jsonp callback name" setting
* add support for "/foo/:bar*" non-greedy matches
* change `res.sendfile()` to use `send()` module
* change `res.send` to use "response-send" module
* remove `app.locals.use` and `res.locals.use`, use regular middleware
2519
0.0beta5 / 2012-07-03
2521==================
2522
* add "make check" support
* add route-map example
* add `res.json(obj, status)` support back for BC
* add "methods" dep, remove internal methods module
* update connect dep
* update auth example to utilize cores pbkdf2
* updated tests to use "supertest"
2530
0.0beta4 / 2012-06-25
2532==================
2533
* Added `req.auth`
* Added `req.range(size)`
* Added `res.links(obj)`
* Added `res.send(body, status)` support back for backwards compat
* Added `.default()` support to `res.format()`
* Added 2xx / 304 check to `req.fresh`
* Revert "Added + support to the router"
* Fixed `res.send()` freshness check, respect res.statusCode
2542
0.0beta3 / 2012-06-15
2544==================
2545
* Added hogan `--hjs` to express(1) [nullfirm]
* Added another example to content-negotiation
* Added `fresh` dep
* Changed: `res.send()` always checks freshness
* Fixed: expose connects mime module. Closes #1165
2551
0.0beta2 / 2012-06-06
2553==================
2554
* Added `+` support to the router
* Added `req.host`
* Changed `req.param()` to check route first
* Update connect dep
2559
0.0beta1 / 2012-06-01
2561==================
2562
* Added `res.format()` callback to override default 406 behaviour
* Fixed `res.redirect()` 406. Closes #1154
2565
0.0alpha5 / 2012-05-30
2567==================
2568
* Added `req.ip`
* Added `{ signed: true }` option to `res.cookie()`
* Removed `res.signedCookie()`
* Changed: dont reverse `req.ips`
* Fixed "trust proxy" setting check for `req.ips`
2574
0.0alpha4 / 2012-05-09
2576==================
2577
* Added: allow `[]` in jsonp callback. Closes #1128
* Added `PORT` env var support in generated template. Closes #1118 [benatkin]
* Updated: connect 2.2.2
2581
0.0alpha3 / 2012-05-04
2583==================
2584
* Added public `app.routes`. Closes #887
* Added _view-locals_ example
* Added _mvc_ example
* Added `res.locals.use()`. Closes #1120
* Added conditional-GET support to `res.send()`
* Added: coerce `res.set()` values to strings
* Changed: moved `static()` in generated apps below router
* Changed: `res.send()` only set ETag when not previously set
* Changed connect 2.2.1 dep
* Changed: `make test` now runs unit / acceptance tests
* Fixed req/res proto inheritance
2596
0.0alpha2 / 2012-04-26
2598==================
2599
* Added `make benchmark` back
* Added `res.send()` support for `String` objects
* Added client-side data exposing example
* Added `res.header()` and `req.header()` aliases for BC
* Added `express.createServer()` for BC
* Perf: memoize parsed urls
* Perf: connect 2.2.0 dep
* Changed: make `expressInit()` middleware self-aware
* Fixed: use app.get() for all core settings
* Fixed redis session example
* Fixed session example. Closes #1105
* Fixed generated express dep. Closes #1078
2612
0.0alpha1 / 2012-04-15
2614==================
2615
* Added `app.locals.use(callback)`
* Added `app.locals` object
* Added `app.locals(obj)`
* Added `res.locals` object
* Added `res.locals(obj)`
* Added `res.format()` for content-negotiation
* Added `app.engine()`
* Added `res.cookie()` JSON cookie support
* Added "trust proxy" setting
* Added `req.subdomains`
* Added `req.protocol`
* Added `req.secure`
* Added `req.path`
* Added `req.ips`
* Added `req.fresh`
* Added `req.stale`
* Added comma-delimited / array support for `req.accepts()`
* Added debug instrumentation
* Added `res.set(obj)`
* Added `res.set(field, value)`
* Added `res.get(field)`
* Added `app.get(setting)`. Closes #842
* Added `req.acceptsLanguage()`
* Added `req.acceptsCharset()`
* Added `req.accepted`
* Added `req.acceptedLanguages`
* Added `req.acceptedCharsets`
* Added "json replacer" setting
* Added "json spaces" setting
* Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
* Added `--less` support to express(1)
* Added `express.response` prototype
* Added `express.request` prototype
* Added `express.application` prototype
* Added `app.path()`
* Added `app.render()`
* Added `res.type()` to replace `res.contentType()`
* Changed: `res.redirect()` to add relative support
* Changed: enable "jsonp callback" by default
* Changed: renamed "case sensitive routes" to "case sensitive routing"
* Rewrite of all tests with mocha
* Removed "root" setting
* Removed `res.redirect('home')` support
* Removed `req.notify()`
* Removed `app.register()`
* Removed `app.redirect()`
* Removed `app.is()`
* Removed `app.helpers()`
* Removed `app.dynamicHelpers()`
* Fixed `res.sendfile()` with non-GET. Closes #723
* Fixed express(1) public dir for windows. Closes #866
2667
5.9/ 2012-04-02
2669==================
2670
* Added support for PURGE request method [pbuyle]
* Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
2673
5.8 / 2012-02-08
2675==================
2676
* Update mkdirp dep. Closes #991
2678
5.7 / 2012-02-06
2680==================
2681
* Fixed `app.all` duplicate DELETE requests [mscdex]
2683
5.6 / 2012-01-13
2685==================
2686
* Updated hamljs dev dep. Closes #953
2688
5.5 / 2012-01-08
2690==================
2691
* Fixed: set `filename` on cached templates [matthewleon]
2693
5.4 / 2012-01-02
2695==================
2696
* Fixed `express(1)` eol on 0.4.x. Closes #947
2698
5.3 / 2011-12-30
2700==================
2701
* Fixed `req.is()` when a charset is present
2703
5.2 / 2011-12-10
2705==================
2706
* Fixed: express(1) LF -> CRLF for windows
2708
5.1 / 2011-11-17
2710==================
2711
* Changed: updated connect to 1.8.x
* Removed sass.js support from express(1)
2714
5.0 / 2011-10-24
2716==================
2717
* Added ./routes dir for generated app by default
* Added npm install reminder to express(1) app gen
* Added 0.5.x support
* Removed `make test-cov` since it wont work with node 0.5.x
* Fixed express(1) public dir for windows. Closes #866
2723
4.7 / 2011-10-05
2725==================
2726
* Added mkdirp to express(1). Closes #795
* Added simple _json-config_ example
* Added  shorthand for the parsed request's pathname via `req.path`
* Changed connect dep to 1.7.x to fix npm issue...
* Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
* Fixed `req.flash()`, only escape args
* Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
2734
4.6 / 2011-08-22
2736==================
2737
* Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
2739
4.5 / 2011-08-19
2741==================
2742
* Added support for routes to handle errors. Closes #809
* Added `app.routes.all()`. Closes #803
* Added "basepath" setting to work in conjunction with reverse proxies etc.
* Refactored `Route` to use a single array of callbacks
* Added support for multiple callbacks for `app.param()`. Closes #801
2748Closes #805
* Changed: removed .call(self) for route callbacks
* Dependency: `qs >= 0.3.1`
* Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
2752
4.4 / 2011-08-05
2754==================
2755
* Fixed `res.header()` intention of a set, even when `undefined`
* Fixed `*`, value no longer required
* Fixed `res.send(204)` support. Closes #771
2759
4.3 / 2011-07-14
2761==================
2762
* Added docs for `status` option special-case. Closes #739
* Fixed `options.filename`, exposing the view path to template engines
2765
4.2. / 2011-07-06
2767==================
2768
* Revert "removed jsonp stripping" for XSS
2770
4.1 / 2011-07-06
2772==================
2773
* Added `res.json()` JSONP support. Closes #737
* Added _extending-templates_ example. Closes #730
* Added "strict routing" setting for trailing slashes
* Added support for multiple envs in `app.configure()` calls. Closes #735
* Changed: `res.send()` using `res.json()`
* Changed: when cookie `path === null` don't default it
* Changed; default cookie path to "home" setting. Closes #731
* Removed _pids/logs_ creation from express(1)
2782
4.0 / 2011-06-28
2784==================
2785
* Added chainable `res.status(code)`
* Added `res.json()`, an explicit version of `res.send(obj)`
* Added simple web-service example
2789
3.12 / 2011-06-22
2791==================
2792
* \#express is now on freenode! come join!
* Added `req.get(field, param)`
* Added links to Japanese documentation, thanks @hideyukisaito!
* Added; the `express(1)` generated app outputs the env
* Added `content-negotiation` example
* Dependency: connect >= 1.5.1 < 2.0.0
* Fixed view layout bug. Closes #720
* Fixed; ignore body on 304. Closes #701
2801
3.11 / 2011-06-04
2803==================
2804
* Added `npm test`
* Removed generation of dummy test file from `express(1)`
* Fixed; `express(1)` adds express as a dep
* Fixed; prune on `prepublish`
2809
3.10 / 2011-05-27
2811==================
2812
* Added `req.route`, exposing the current route
* Added _package.json_ generation support to `express(1)`
* Fixed call to `app.param()` function for optional params. Closes #682
2816
3.9 / 2011-05-25
2818==================
2819
* Fixed bug-ish with `../' in `res.partial()` calls
2821
3.8 / 2011-05-24
2823==================
2824
* Fixed `app.options()`
2826
3.7 / 2011-05-23
2828==================
2829
* Added route `Collection`, ex: `app.get('/user/:id').remove();`
* Added support for `app.param(fn)` to define param logic
* Removed `app.param()` support for callback with return value
* Removed module.parent check from express(1) generated app. Closes #670
* Refactored router. Closes #639
2835
3.6 / 2011-05-20
2837==================
2838
* Changed; using devDependencies instead of git submodules
* Fixed redis session example
* Fixed markdown example
* Fixed view caching, should not be enabled in development
2843
3.5 / 2011-05-20
2845==================
2846
* Added export `.view` as alias for `.View`
2848
3.4 / 2011-05-08
2850==================
2851
* Added `./examples/say`
* Fixed `res.sendfile()` bug preventing the transfer of files with spaces
2854
3.3 / 2011-05-03
2856==================
2857
* Added "case sensitive routes" option.
* Changed; split methods supported per rfc [slaskis]
* Fixed route-specific middleware when using the same callback function several times
2861
3.2 / 2011-04-27
2863==================
2864
* Fixed view hints
2866
3.1 / 2011-04-26
2868==================
2869
* Added `app.match()` as `app.match.all()`
* Added `app.lookup()` as `app.lookup.all()`
* Added `app.remove()` for `app.remove.all()`
* Added `app.remove.VERB()`
* Fixed template caching collision issue. Closes #644
* Moved router over from connect and started refactor
2876
3.0 / 2011-04-25
2878==================
2879
* Added options support to `res.clearCookie()`
* Added `res.helpers()` as alias of `res.locals()`
* Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel   * Dependency `connect >= 1.4.0`
* Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
* Renamed "cache views" to "view cache". Closes #628
* Fixed caching of views when using several apps. Closes #637
* Fixed gotcha invoking `app.param()` callbacks once per route middleware.
2887Closes #638
* Fixed partial lookup precedence. Closes #631
2889Shaw]
2890
2.2 / 2011-04-12
2892==================
2893
* Added second callback support for `res.download()` connection errors
* Fixed `filename` option passing to template engine
2896
2.1 / 2011-04-04
2898==================
2899
* Added `layout(path)` helper to change the layout within a view. Closes #610
* Fixed `partial()` collection object support.
  Previously only anything with `.length` would work.
  When `.length` is present one must still be aware of holes,
  however now `{ collection: {foo: 'bar'}}` is valid, exposes
  `keyInCollection` and `keysInCollection`.
2906
* Performance improved with better view caching
* Removed `request` and `response` locals
* Changed; errorHandler page title is now `Express` instead of `Connect`
2910
2.0 / 2011-03-30
2912==================
2913
* Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
* Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
* Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
* Dependency `connect >= 1.2.0`
2918
1.1 / 2011-03-29
2920==================
2921
* Added; expose `err.view` object when failing to locate a view
* Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
* Fixed; `res.send(undefined)` responds with 204 [aheckmann]
2925
1.0 / 2011-03-24
2927==================
2928
* Added `<root>/_?<name>` partial lookup support. Closes #447
* Added `request`, `response`, and `app` local variables
* Added `settings` local variable, containing the app's settings
* Added `req.flash()` exception if `req.session` is not available
* Added `res.send(bool)` support (json response)
* Fixed stylus example for latest version
* Fixed; wrap try/catch around `res.render()`
2936
0.0 / 2011-03-17
2938==================
2939
* Fixed up index view path alternative.
* Changed; `res.locals()` without object returns the locals
2942
0.0rc3 / 2011-03-17
2944==================
2945
* Added `res.locals(obj)` to compliment `res.local(key, val)`
* Added `res.partial()` callback support
* Fixed recursive error reporting issue in `res.render()`
2949
0.0rc2 / 2011-03-17
2951==================
2952
* Changed; `partial()` "locals" are now optional
* Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
* Fixed .filename view engine option [reported by drudge]
* Fixed blog example
* Fixed `{req,res}.app` reference when mounting [Ben Weaver]
2958
0.0rc / 2011-03-14
2960==================
2961
* Fixed; expose `HTTPSServer` constructor
* Fixed express(1) default test charset. Closes #579 [reported by secoif]
* Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
2965
0.0beta3 / 2011-03-09
2967==================
2968
* Added support for `res.contentType()` literal
  The original `res.contentType('.json')`,
  `res.contentType('application/json')`, and `res.contentType('json')`
  will work now.
* Added `res.render()` status option support back
* Added charset option for `res.render()`
* Added `.charset` support (via connect 1.0.4)
* Added view resolution hints when in development and a lookup fails
* Added layout lookup support relative to the page view.
  For example while rendering `./views/user/index.jade` if you create
  `./views/user/layout.jade` it will be used in favour of the root layout.
* Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
* Fixed; default `res.send()` string charset to utf8
* Removed `Partial` constructor (not currently used)
2983
0.0beta2 / 2011-03-07
2985==================
2986
* Added res.render() `.locals` support back to aid in migration process
* Fixed flash example
2989
0.0beta / 2011-03-03
2991==================
2992
* Added HTTPS support
* Added `res.cookie()` maxAge support
* Added `req.header()` _Referrer_ / _Referer_ special-case, either works
* Added mount support for `res.redirect()`, now respects the mount-point
* Added `union()` util, taking place of `merge(clone())` combo
* Added stylus support to express(1) generated app
* Added secret to session middleware used in examples and generated app
* Added `res.local(name, val)` for progressive view locals
* Added default param support to `req.param(name, default)`
* Added `app.disabled()` and `app.enabled()`
* Added `app.register()` support for omitting leading ".", either works
* Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
* Added `app.param()` to map route params to async/sync logic
* Added; aliased `app.helpers()` as `app.locals()`. Closes #481
* Added extname with no leading "." support to `res.contentType()`
* Added `cache views` setting, defaulting to enabled in "production" env
* Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
* Added `req.accepts()` support for extensions
* Changed; `res.download()` and `res.sendfile()` now utilize Connect's
  static file server `connect.static.send()`.
* Changed; replaced `connect.utils.mime()` with npm _mime_ module
* Changed; allow `req.query` to be pre-defined (via middleware or other parent
* Changed view partial resolution, now relative to parent view
* Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
* Fixed `req.param()` bug returning Array.prototype methods. Closes #552
* Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
* Fixed; using _qs_ module instead of _querystring_
* Fixed; strip unsafe chars from jsonp callbacks
* Removed "stream threshold" setting
3022
0.8 / 2011-03-01
3024==================
3025
* Allow `req.query` to be pre-defined (via middleware or other parent app)
* "connect": ">= 0.5.0 < 1.0.0". Closes #547
* Removed the long deprecated __EXPRESS_ENV__ support
3029
0.7 / 2011-02-07
3031==================
3032
* Fixed `render()` setting inheritance.
  Mounted apps would not inherit "view engine"
3035
0.6 / 2011-02-07
3037==================
3038
* Fixed `view engine` setting bug when period is in dirname
3040
0.5 / 2011-02-05
3042==================
3043
* Added secret to generated app `session()` call
3045
0.4 / 2011-02-05
3047==================
3048
* Added `qs` dependency to _package.json_
* Fixed namespaced `require()`s for latest connect support
3051
0.3 / 2011-01-13
3053==================
3054
* Remove unsafe characters from JSONP callback names [Ryan Grove]
3056
0.2 / 2011-01-10
3058==================
3059
* Removed nested require, using `connect.router`
3061
0.1 / 2010-12-29
3063==================
3064
* Fixed for middleware stacked via `createServer()`
  previously the `foo` middleware passed to `createServer(foo)`
  would not have access to Express methods such as `res.send()`
  or props like `req.query` etc.
3069
0.0 / 2010-11-16
3071==================
3072
* Added; deduce partial object names from the last segment.
  For example by default `partial('forum/post', postObject)` will
  give you the _post_ object, providing a meaningful default.
* Added http status code string representation to `res.redirect()` body
* Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
* Added `req.is()` to aid in content negotiation
* Added partial local inheritance [suggested by masylum]. Closes #102
  providing access to parent template locals.
* Added _-s, --session[s]_ flag to express(1) to add session related middleware
* Added _--template_ flag to express(1) to specify the
  template engine to use.
* Added _--css_ flag to express(1) to specify the
  stylesheet engine to use (or just plain css by default).
* Added `app.all()` support [thanks aheckmann]
* Added partial direct object support.
  You may now `partial('user', user)` providing the "user" local,
  vs previously `partial('user', { object: user })`.
* Added _route-separation_ example since many people question ways
  to do this with CommonJS modules. Also view the _blog_ example for
  an alternative.
* Performance; caching view path derived partial object names
* Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
* Fixed jsonp support; _text/javascript_ as per mailinglist discussion
3096
0.0rc4 / 2010-10-14
3098==================
3099
* Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
* Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
* Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
* Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
* Added `partial()` support for array-like collections. Closes #434
* Added support for swappable querystring parsers
* Added session usage docs. Closes #443
* Added dynamic helper caching. Closes #439 [suggested by maritz]
* Added authentication example
* Added basic Range support to `res.sendfile()` (and `res.download()` etc)
* Changed; `express(1)` generated app using 2 spaces instead of 4
* Default env to "development" again [aheckmann]
* Removed _context_ option is no more, use "scope"
* Fixed; exposing _./support_ libs to examples so they can run without installs
* Fixed mvc example
3115
0.0rc3 / 2010-09-20
3117==================
3118
* Added confirmation for `express(1)` app generation. Closes #391
* Added extending of flash formatters via `app.flashFormatters`
* Added flash formatter support. Closes #411
* Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
* Added _stream threshold_ setting for `res.sendfile()`
* Added `res.send()` __HEAD__ support
* Added `res.clearCookie()`
* Added `res.cookie()`
* Added `res.render()` headers option
* Added `res.redirect()` response bodies
* Added `res.render()` status option support. Closes #425 [thanks aheckmann]
* Fixed `res.sendfile()` responding with 403 on malicious path
* Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
* Fixed; mounted apps settings now inherit from parent app [aheckmann]
* Fixed; stripping Content-Length / Content-Type when 204
* Fixed `res.send()` 204. Closes #419
* Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
* Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
3137
3138
0.0rc2 / 2010-08-17
3140==================
3141
* Added `app.register()` for template engine mapping. Closes #390
* Added `res.render()` callback support as second argument (no options)
* Added callback support to `res.download()`
* Added callback support for `res.sendfile()`
* Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
* Added "partials" setting to docs
* Added default expresso tests to `express(1)` generated app. Closes #384
* Fixed `res.sendfile()` error handling, defer via `next()`
* Fixed `res.render()` callback when a layout is used [thanks guillermo]
* Fixed; `make install` creating ~/.node_libraries when not present
* Fixed issue preventing error handlers from being defined anywhere. Closes #387
3153
0.0rc / 2010-07-28
3155==================
3156
* Added mounted hook. Closes #369
* Added connect dependency to _package.json_
3159
* Removed "reload views" setting and support code
  development env never caches, production always caches.
3162
* Removed _param_ in route callbacks, signature is now
  simply (req, res, next), previously (req, res, params, next).
  Use _req.params_ for path captures, _req.query_ for GET params.
3166
* Fixed "home" setting
* Fixed middleware/router precedence issue. Closes #366
* Fixed; _configure()_ callbacks called immediately. Closes #368
3170
0.0beta2 / 2010-07-23
3172==================
3173
* Added more examples
* Added; exporting `Server` constructor
* Added `Server#helpers()` for view locals
* Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
* Added support for absolute view paths
* Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
* Added Guillermo Rauch to the contributor list
* Added support for "as" for non-collection partials. Closes #341
* Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
* Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
* Fixed instanceof `Array` checks, now `Array.isArray()`
* Fixed express(1) expansion of public dirs. Closes #348
* Fixed middleware precedence. Closes #345
* Fixed view watcher, now async [thanks aheckmann]
3188
0.0beta / 2010-07-15
3190==================
3191
* Re-write
  - much faster
  - much lighter
  - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
3196
14.0 / 2010-06-15
3198==================
3199
* Utilize relative requires
* Added Static bufferSize option [aheckmann]
* Fixed caching of view and partial subdirectories [aheckmann]
* Fixed mime.type() comments now that ".ext" is not supported
* Updated haml submodule
* Updated class submodule
* Removed bin/express
3207
13.0 / 2010-06-01
3209==================
3210
* Added node v0.1.97 compatibility
* Added support for deleting cookies via Request#cookie('key', null)
* Updated haml submodule
* Fixed not-found page, now using using charset utf-8
* Fixed show-exceptions page, now using using charset utf-8
* Fixed view support due to fs.readFile Buffers
* Changed; mime.type() no longer accepts ".type" due to node extname() changes
3218
12.0 / 2010-05-22
3220==================
3221
* Added node v0.1.96 compatibility
* Added view `helpers` export which act as additional local variables
* Updated haml submodule
* Changed ETag; removed inode, modified time only
* Fixed LF to CRLF for setting multiple cookies
* Fixed cookie compilation; values are now urlencoded
* Fixed cookies parsing; accepts quoted values and url escaped cookies
3229
11.0 / 2010-05-06
3231==================
3232
* Added support for layouts using different engines
  - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
  - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
  - this.render('page.html.haml', { layout: false }) // no layout
* Updated ext submodule
* Updated haml submodule
* Fixed EJS partial support by passing along the context. Issue #307
3240
10.1 / 2010-05-03
3242==================
3243
* Fixed binary uploads.
3245
10.0 / 2010-04-30
3247==================
3248
* Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
  encoding is set to 'utf8' or 'utf-8'.
* Added "encoding" option to Request#render(). Closes #299
* Added "dump exceptions" setting, which is enabled by default.
* Added simple ejs template engine support
* Added error response support for text/plain, application/json. Closes #297
* Added callback function param to Request#error()
* Added Request#sendHead()
* Added Request#stream()
* Added support for Request#respond(304, null) for empty response bodies
* Added ETag support to Request#sendfile()
* Added options to Request#sendfile(), passed to fs.createReadStream()
* Added filename arg to Request#download()
* Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
* Performance enhanced by preventing several calls to toLowerCase() in Router#match()
* Changed; Request#sendfile() now streams
* Changed; Renamed Request#halt() to Request#respond(). Closes #289
* Changed; Using sys.inspect() instead of JSON.encode() for error output
* Changed; run() returns the http.Server instance. Closes #298
* Changed; Defaulting Server#host to null (INADDR_ANY)
* Changed; Logger "common" format scale of 0.4f
* Removed Logger "request" format
* Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
* Fixed several issues with http client
* Fixed Logger Content-Length output
* Fixed bug preventing Opera from retaining the generated session id. Closes #292
3275
9.0 / 2010-04-14
3277==================
3278
* Added DSL level error() route support
* Added DSL level notFound() route support
* Added Request#error()
* Added Request#notFound()
* Added Request#render() callback function. Closes #258
* Added "max upload size" setting
* Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
* Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
* Added callback function support to Request#halt() as 3rd/4th arg
* Added preprocessing of route param wildcards using param(). Closes #251
* Added view partial support (with collections etc)
* Fixed bug preventing falsey params (such as ?page=0). Closes #286
* Fixed setting of multiple cookies. Closes #199
* Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
* Changed; session cookie is now httpOnly
* Changed; Request is no longer global
* Changed; Event is no longer global
* Changed; "sys" module is no longer global
* Changed; moved Request#download to Static plugin where it belongs
* Changed; Request instance created before body parsing. Closes #262
* Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
* Changed; Pre-caching view partials in memory when "cache view partials" is enabled
* Updated support to node --version 0.1.90
* Updated dependencies
* Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
* Removed utils.mixin(); use Object#mergeDeep()
3305
8.0 / 2010-03-19
3307==================
3308
* Added coffeescript example app. Closes #242
* Changed; cache api now async friendly. Closes #240
* Removed deprecated 'express/static' support. Use 'express/plugins/static'
3312
7.6 / 2010-03-19
3314==================
3315
* Added Request#isXHR. Closes #229
* Added `make install` (for the executable)
* Added `express` executable for setting up simple app templates
* Added "GET /public/*" to Static plugin, defaulting to <root>/public
* Added Static plugin
* Fixed; Request#render() only calls cache.get() once
* Fixed; Namespacing View caches with "view:"
* Fixed; Namespacing Static caches with "static:"
* Fixed; Both example apps now use the Static plugin
* Fixed set("views"). Closes #239
* Fixed missing space for combined log format
* Deprecated Request#sendfile() and 'express/static'
* Removed Server#running
3329
7.5 / 2010-03-16
3331==================
3332
* Added Request#flash() support without args, now returns all flashes
* Updated ext submodule
3335
7.4 / 2010-03-16
3337==================
3338
* Fixed session reaper
* Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
3341
7.3 / 2010-03-16
3343==================
3344
* Added package.json
* Fixed requiring of haml / sass due to kiwi removal
3347
7.2 / 2010-03-16
3349==================
3350
* Fixed GIT submodules (HAH!)
3352
7.1 / 2010-03-16
3354==================
3355
* Changed; Express now using submodules again until a PM is adopted
* Changed; chat example using millisecond conversions from ext
3358
7.0 / 2010-03-15
3360==================
3361
* Added Request#pass() support (finds the next matching route, or the given path)
* Added Logger plugin (default "common" format replaces CommonLogger)
* Removed Profiler plugin
* Removed CommonLogger plugin
3366
6.0 / 2010-03-11
3368==================
3369
* Added seed.yml for kiwi package management support
* Added HTTP client query string support when method is GET. Closes #205
3372
* Added support for arbitrary view engines.
  For example "foo.engine.html" will now require('engine'),
  the exports from this module are cached after the first require().
3376
* Added async plugin support
3378
* Removed usage of RESTful route funcs as http client
  get() etc, use http.get() and friends
3381
* Removed custom exceptions
3383
5.0 / 2010-03-10
3385==================
3386
* Added ext dependency (library of js extensions)
* Removed extname() / basename() utils. Use path module
* Removed toArray() util. Use arguments.values
* Removed escapeRegexp() util. Use RegExp.escape()
* Removed process.mixin() dependency. Use utils.mixin()
* Removed Collection
* Removed ElementCollection
* Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com)  ;)
3395
4.0 / 2010-02-11
3397==================
3398
* Added flash() example to sample upload app
* Added high level restful http client module (express/http)
* Changed; RESTful route functions double as HTTP clients. Closes #69
* Changed; throwing error when routes are added at runtime
* Changed; defaulting render() context to the current Request. Closes #197
* Updated haml submodule
3405
3.0 / 2010-02-11
3407==================
3408
* Updated haml / sass submodules. Closes #200
* Added flash message support. Closes #64
* Added accepts() now allows multiple args. fixes #117
* Added support for plugins to halt. Closes #189
* Added alternate layout support. Closes #119
* Removed Route#run(). Closes #188
* Fixed broken specs due to use(Cookie) missing
3416
2.1 / 2010-02-05
3418==================
3419
* Added "plot" format option for Profiler (for gnuplot processing)
* Added request number to Profiler plugin
* Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
* Fixed issue with routes not firing when not files are present. Closes #184
* Fixed process.Promise -> events.Promise
3425
2.0 / 2010-02-03
3427==================
3428
* Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
* Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
* Added expiration support to cache api with reaper. Closes #133
* Added cache Store.Memory#reap()
* Added Cache; cache api now uses first class Cache instances
* Added abstract session Store. Closes #172
* Changed; cache Memory.Store#get() utilizing Collection
* Renamed MemoryStore -> Store.Memory
* Fixed use() of the same plugin several time will always use latest options. Closes #176
3438
1.0 / 2010-02-03
3440==================
3441
* Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
* Updated node support to 0.1.27 Closes #169
* Updated dirname(__filename) -> __dirname
* Updated libxmljs support to v0.2.0
* Added session support with memory store / reaping
* Added quick uid() helper
* Added multi-part upload support
* Added Sass.js support / submodule
* Added production env caching view contents and static files
* Added static file caching. Closes #136
* Added cache plugin with memory stores
* Added support to StaticFile so that it works with non-textual files.
* Removed dirname() helper
* Removed several globals (now their modules must be required)
3456
0.2 / 2010-01-10
3458==================
3459
* Added view benchmarks; currently haml vs ejs
* Added Request#attachment() specs. Closes #116
* Added use of node's parseQuery() util. Closes #123
* Added `make init` for submodules
* Updated Haml
* Updated sample chat app to show messages on load
* Updated libxmljs parseString -> parseHtmlString
* Fixed `make init` to work with older versions of git
* Fixed specs can now run independent specs for those who can't build deps. Closes #127
* Fixed issues introduced by the node url module changes. Closes 126.
* Fixed two assertions failing due to Collection#keys() returning strings
* Fixed faulty Collection#toArray() spec due to keys() returning strings
* Fixed `make test` now builds libxmljs.node before testing
3473
0.1 / 2010-01-03
3475==================
3476
* Initial release