13.7.0 / 2019-05-17 2================== 3 4 * deps: finalhandler@1.1.2 5 - Set stricter `Content-Security-Policy` header 6 - Fix 404 output for bad / missing pathnames 7 - deps: encodeurl@~1.0.2 8 - deps: parseurl@~1.3.3 9 - deps: statuses@~1.4.0 10 * deps: parseurl@~1.3.3 11 * perf: remove substr call from FQDN mapping 12 133.6.6 / 2018-02-14 14================== 15 16 * deps: finalhandler@1.1.0 17 - Use `res.headersSent` when available 18 * perf: remove array read-past-end 19 203.6.5 / 2017-09-22 21================== 22 23 * deps: debug@2.6.9 24 * deps: finalhandler@1.0.6 25 - deps: debug@2.6.9 26 273.6.4 / 2017-09-20 28================== 29 30 * deps: finalhandler@1.0.5 31 - deps: parseurl@~1.3.2 32 * deps: parseurl@~1.3.2 33 - perf: reduce overhead for full URLs 34 - perf: unroll the "fast-path" `RegExp` 35 * deps: utils-merge@1.0.1 36 373.6.3 / 2017-08-03 38================== 39 40 * deps: debug@2.6.8 41 * deps: finalhandler@1.0.4 42 - deps: debug@2.6.8 43 443.6.2 / 2017-05-16 45================== 46 47 * deps: finalhandler@1.0.3 48 - deps: debug@2.6.7 49 * deps: debug@2.6.7 50 - deps: ms@2.0.0 51 523.6.1 / 2017-04-19 53================== 54 55 * deps: debug@2.6.3 56 - Fix `DEBUG_MAX_ARRAY_LENGTH` 57 * deps: finalhandler@1.0.1 58 - Fix missing `</html>` in HTML document 59 - deps: debug@2.6.3 60 613.6.0 / 2017-02-17 62================== 63 64 * deps: debug@2.6.1 65 - Allow colors in workers 66 - Deprecated `DEBUG_FD` environment variable set to `3` or higher 67 - Fix error when running under React Native 68 - Use same color for same namespace 69 - deps: ms@0.7.2 70 * deps: finalhandler@1.0.0 71 - Fix exception when `err` cannot be converted to a string 72 - Fully URL-encode the pathname in the 404 73 - Only include the pathname in the 404 message 74 - Send complete HTML document 75 - Set `Content-Security-Policy: default-src 'self'` header 76 - deps: debug@2.6.1 77 783.5.1 / 2017-02-12 79================== 80 81 * deps: finalhandler@0.5.1 82 - Fix exception when `err.headers` is not an object 83 - deps: statuses@~1.3.1 84 - perf: hoist regular expressions 85 - perf: remove duplicate validation path 86 873.5.0 / 2016-09-09 88================== 89 90 * deps: finalhandler@0.5.0 91 - Change invalid or non-numeric status code to 500 92 - Overwrite status message to match set status code 93 - Prefer `err.statusCode` if `err.status` is invalid 94 - Set response headers from `err.headers` object 95 - Use `statuses` instead of `http` module for status messages 96 973.4.1 / 2016-01-23 98================== 99 100 * deps: finalhandler@0.4.1 101 - deps: escape-html@~1.0.3 102 * deps: parseurl@~1.3.1 103 - perf: enable strict mode 104 1053.4.0 / 2015-06-18 106================== 107 108 * deps: debug@~2.2.0 109 - deps: ms@0.7.1 110 * deps: finalhandler@0.4.0 111 - Fix a false-positive when unpiping in Node.js 0.8 112 - Support `statusCode` property on `Error` objects 113 - Use `unpipe` module for unpiping requests 114 - deps: debug@~2.2.0 115 - deps: escape-html@1.0.2 116 - deps: on-finished@~2.3.0 117 - perf: enable strict mode 118 - perf: remove argument reassignment 119 * perf: enable strict mode 120 * perf: remove argument reassignments 121 1223.3.5 / 2015-03-16 123================== 124 125 * deps: debug@~2.1.3 126 - Fix high intensity foreground color for bold 127 - deps: ms@0.7.0 128 * deps: finalhandler@0.3.4 129 - deps: debug@~2.1.3 130 1313.3.4 / 2015-01-07 132================== 133 134 * deps: debug@~2.1.1 135 * deps: finalhandler@0.3.3 136 - deps: debug@~2.1.1 137 - deps: on-finished@~2.2.0 138 1393.3.3 / 2014-11-09 140================== 141 142 * Correctly invoke async callback asynchronously 143 1443.3.2 / 2014-10-28 145================== 146 147 * Fix handling of URLs containing `://` in the path 148 1493.3.1 / 2014-10-22 150================== 151 152 * deps: finalhandler@0.3.2 153 - deps: on-finished@~2.1.1 154 1553.3.0 / 2014-10-17 156================== 157 158 * deps: debug@~2.1.0 159 - Implement `DEBUG_FD` env variable support 160 * deps: finalhandler@0.3.1 161 - Terminate in progress response only on error 162 - Use `on-finished` to determine request status 163 - deps: debug@~2.1.0 164 1653.2.0 / 2014-09-08 166================== 167 168 * deps: debug@~2.0.0 169 * deps: finalhandler@0.2.0 170 - Set `X-Content-Type-Options: nosniff` header 171 - deps: debug@~2.0.0 172 1733.1.1 / 2014-08-10 174================== 175 176 * deps: parseurl@~1.3.0 177 1783.1.0 / 2014-07-22 179================== 180 181 * deps: debug@1.0.4 182 * deps: finalhandler@0.1.0 183 - Respond after request fully read 184 - deps: debug@1.0.4 185 * deps: parseurl@~1.2.0 186 - Cache URLs based on original value 187 - Remove no-longer-needed URL mis-parse work-around 188 - Simplify the "fast-path" `RegExp` 189 * perf: reduce executed logic in routing 190 * perf: refactor location of `try` block 191 1923.0.2 / 2014-07-10 193================== 194 195 * deps: debug@1.0.3 196 - Add support for multiple wildcards in namespaces 197 * deps: parseurl@~1.1.3 198 - faster parsing of href-only URLs 199 2003.0.1 / 2014-06-19 201================== 202 203 * use `finalhandler` for final response handling 204 * deps: debug@1.0.2 205 2063.0.0 / 2014-05-29 207================== 208 209 * No changes 210 2113.0.0-rc.2 / 2014-05-04 212======================= 213 214 * Call error stack even when response has been sent 215 * Prevent default 404 handler after response sent 216 * dep: debug@0.8.1 217 * encode stack in HTML for default error handler 218 * remove `proto` export 219 2203.0.0-rc.1 / 2014-03-06 221======================= 222 223 * move middleware to separate repos 224 * remove docs 225 * remove node patches 226 * remove connect(middleware...) 227 * remove the old `connect.createServer()` method 228 * remove various private `connect.utils` functions 229 * drop node.js 0.8 support 230 2312.30.2 / 2015-07-31 232=================== 233 234 * deps: body-parser@~1.13.3 235 - deps: type-is@~1.6.6 236 * deps: compression@~1.5.2 237 - deps: accepts@~1.2.12 238 - deps: compressible@~2.0.5 239 - deps: vary@~1.0.1 240 * deps: errorhandler@~1.4.2 241 - deps: accepts@~1.2.12 242 * deps: method-override@~2.3.5 243 - deps: vary@~1.0.1 244 - perf: enable strict mode 245 * deps: serve-index@~1.7.2 246 - deps: accepts@~1.2.12 247 - deps: mime-types@~2.1.4 248 * deps: type-is@~1.6.6 249 - deps: mime-types@~2.1.4 250 * deps: vhost@~3.0.1 251 - perf: enable strict mode 252 2532.30.1 / 2015-07-05 254=================== 255 256 * deps: body-parser@~1.13.2 257 - deps: iconv-lite@0.4.11 258 - deps: qs@4.0.0 259 - deps: raw-body@~2.1.2 260 - deps: type-is@~1.6.4 261 * deps: compression@~1.5.1 262 - deps: accepts@~1.2.10 263 - deps: compressible@~2.0.4 264 * deps: errorhandler@~1.4.1 265 - deps: accepts@~1.2.10 266 * deps: qs@4.0.0 267 - Fix dropping parameters like `hasOwnProperty` 268 - Fix various parsing edge cases 269 * deps: morgan@~1.6.1 270 - deps: basic-auth@~1.0.3 271 * deps: pause@0.1.0 272 - Re-emit events with all original arguments 273 - Refactor internals 274 - perf: enable strict mode 275 * deps: serve-index@~1.7.1 276 - deps: accepts@~1.2.10 277 - deps: mime-types@~2.1.2 278 * deps: type-is@~1.6.4 279 - deps: mime-types@~2.1.2 280 - perf: enable strict mode 281 - perf: remove argument reassignment 282 2832.30.0 / 2015-06-18 284=================== 285 286 * deps: body-parser@~1.13.1 287 - Add `statusCode` property on `Error`s, in addition to `status` 288 - Change `type` default to `application/json` for JSON parser 289 - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser 290 - Provide static `require` analysis 291 - Use the `http-errors` module to generate errors 292 - deps: bytes@2.1.0 293 - deps: iconv-lite@0.4.10 294 - deps: on-finished@~2.3.0 295 - deps: raw-body@~2.1.1 296 - deps: type-is@~1.6.3 297 - perf: enable strict mode 298 - perf: remove argument reassignment 299 - perf: remove delete call 300 * deps: bytes@2.1.0 301 - Slight optimizations 302 - Units no longer case sensitive when parsing 303 * deps: compression@~1.5.0 304 - Fix return value from `.end` and `.write` after end 305 - Improve detection of zero-length body without `Content-Length` 306 - deps: accepts@~1.2.9 307 - deps: bytes@2.1.0 308 - deps: compressible@~2.0.3 309 - perf: enable strict mode 310 - perf: remove flush reassignment 311 - perf: simplify threshold detection 312 * deps: cookie@0.1.3 313 - Slight optimizations 314 * deps: cookie-parser@~1.3.5 315 - deps: cookie@0.1.3 316 * deps: csurf@~1.8.3 317 - Add `sessionKey` option 318 - deps: cookie@0.1.3 319 - deps: csrf@~3.0.0 320 * deps: errorhandler@~1.4.0 321 - Add charset to the `Content-Type` header 322 - Support `statusCode` property on `Error` objects 323 - deps: accepts@~1.2.9 324 - deps: escape-html@1.0.2 325 * deps: express-session@~1.11.3 326 - Support an array in `secret` option for key rotation 327 - deps: cookie@0.1.3 328 - deps: crc@3.3.0 329 - deps: debug@~2.2.0 330 - deps: depd@~1.0.1 331 - deps: uid-safe@~2.0.0 332 * deps: finalhandler@0.4.0 333 - Fix a false-positive when unpiping in Node.js 0.8 334 - Support `statusCode` property on `Error` objects 335 - Use `unpipe` module for unpiping requests 336 - deps: escape-html@1.0.2 337 - deps: on-finished@~2.3.0 338 - perf: enable strict mode 339 - perf: remove argument reassignment 340 * deps: fresh@0.3.0 341 - Add weak `ETag` matching support 342 * deps: morgan@~1.6.0 343 - Add `morgan.compile(format)` export 344 - Do not color 1xx status codes in `dev` format 345 - Fix `response-time` token to not include response latency 346 - Fix `status` token incorrectly displaying before response in `dev` format 347 - Fix token return values to be `undefined` or a string 348 - Improve representation of multiple headers in `req` and `res` tokens 349 - Use `res.getHeader` in `res` token 350 - deps: basic-auth@~1.0.2 351 - deps: on-finished@~2.3.0 352 - pref: enable strict mode 353 - pref: reduce function closure scopes 354 - pref: remove dynamic compile on every request for `dev` format 355 - pref: remove an argument reassignment 356 - pref: skip function call without `skip` option 357 * deps: serve-favicon@~2.3.0 358 - Send non-chunked response for `OPTIONS` 359 - deps: etag@~1.7.0 360 - deps: fresh@0.3.0 361 - perf: enable strict mode 362 - perf: remove argument reassignment 363 - perf: remove bitwise operations 364 * deps: serve-index@~1.7.0 365 - Accept `function` value for `template` option 366 - Send non-chunked response for `OPTIONS` 367 - Stat parent directory when necessary 368 - Use `Date.prototype.toLocaleDateString` to format date 369 - deps: accepts@~1.2.9 370 - deps: escape-html@1.0.2 371 - deps: mime-types@~2.1.1 372 - perf: enable strict mode 373 - perf: remove argument reassignment 374 * deps: serve-static@~1.10.0 375 - Add `fallthrough` option 376 - Fix reading options from options prototype 377 - Improve the default redirect response headers 378 - Malformed URLs now `next()` instead of 400 379 - deps: escape-html@1.0.2 380 - deps: send@0.13.0 381 - perf: enable strict mode 382 - perf: remove argument reassignment 383 * deps: type-is@~1.6.3 384 - deps: mime-types@~2.1.1 385 - perf: reduce try block size 386 - perf: remove bitwise operations 387 3882.29.2 / 2015-05-14 389=================== 390 391 * deps: body-parser@~1.12.4 392 - Slight efficiency improvement when not debugging 393 - deps: debug@~2.2.0 394 - deps: depd@~1.0.1 395 - deps: iconv-lite@0.4.8 396 - deps: on-finished@~2.2.1 397 - deps: qs@2.4.2 398 - deps: raw-body@~2.0.1 399 - deps: type-is@~1.6.2 400 * deps: compression@~1.4.4 401 - deps: accepts@~1.2.7 402 - deps: debug@~2.2.0 403 * deps: connect-timeout@~1.6.2 404 - deps: debug@~2.2.0 405 - deps: ms@0.7.1 406 * deps: debug@~2.2.0 407 - deps: ms@0.7.1 408 * deps: depd@~1.0.1 409 * deps: errorhandler@~1.3.6 410 - deps: accepts@~1.2.7 411 * deps: finalhandler@0.3.6 412 - deps: debug@~2.2.0 413 - deps: on-finished@~2.2.1 414 * deps: method-override@~2.3.3 415 - deps: debug@~2.2.0 416 * deps: morgan@~1.5.3 417 - deps: basic-auth@~1.0.1 418 - deps: debug@~2.2.0 419 - deps: depd@~1.0.1 420 - deps: on-finished@~2.2.1 421 * deps: qs@2.4.2 422 - Fix allowing parameters like `constructor` 423 * deps: response-time@~2.3.1 424 - deps: depd@~1.0.1 425 * deps: serve-favicon@~2.2.1 426 - deps: etag@~1.6.0 427 - deps: ms@0.7.1 428 * deps: serve-index@~1.6.4 429 - deps: accepts@~1.2.7 430 - deps: debug@~2.2.0 431 - deps: mime-types@~2.0.11 432 * deps: serve-static@~1.9.3 433 - deps: send@0.12.3 434 * deps: type-is@~1.6.2 435 - deps: mime-types@~2.0.11 436 4372.29.1 / 2015-03-16 438=================== 439 440 * deps: body-parser@~1.12.2 441 - deps: debug@~2.1.3 442 - deps: qs@2.4.1 443 - deps: type-is@~1.6.1 444 * deps: compression@~1.4.3 445 - Fix error when code calls `res.end(str, encoding)` 446 - deps: accepts@~1.2.5 447 - deps: debug@~2.1.3 448 * deps: connect-timeout@~1.6.1 449 - deps: debug@~2.1.3 450 * deps: debug@~2.1.3 451 - Fix high intensity foreground color for bold 452 - deps: ms@0.7.0 453 * deps: errorhandler@~1.3.5 454 - deps: accepts@~1.2.5 455 * deps: express-session@~1.10.4 456 - deps: debug@~2.1.3 457 * deps: finalhandler@0.3.4 458 - deps: debug@~2.1.3 459 * deps: method-override@~2.3.2 460 - deps: debug@~2.1.3 461 * deps: morgan@~1.5.2 462 - deps: debug@~2.1.3 463 * deps: qs@2.4.1 464 - Fix error when parameter `hasOwnProperty` is present 465 * deps: serve-index@~1.6.3 466 - Properly escape file names in HTML 467 - deps: accepts@~1.2.5 468 - deps: debug@~2.1.3 469 - deps: escape-html@1.0.1 470 - deps: mime-types@~2.0.10 471 * deps: serve-static@~1.9.2 472 - deps: send@0.12.2 473 * deps: type-is@~1.6.1 474 - deps: mime-types@~2.0.10 475 4762.29.0 / 2015-02-17 477=================== 478 479 * Use `content-type` to parse `Content-Type` headers 480 * deps: body-parser@~1.12.0 481 - add `debug` messages 482 - accept a function for the `type` option 483 - make internal `extended: true` depth limit infinity 484 - use `content-type` to parse `Content-Type` headers 485 - deps: iconv-lite@0.4.7 486 - deps: raw-body@1.3.3 487 - deps: type-is@~1.6.0 488 * deps: compression@~1.4.1 489 - Prefer `gzip` over `deflate` on the server 490 - deps: accepts@~1.2.4 491 * deps: connect-timeout@~1.6.0 492 - deps: http-errors@~1.3.1 493 * deps: cookie-parser@~1.3.4 494 - deps: cookie-signature@1.0.6 495 * deps: cookie-signature@1.0.6 496 * deps: csurf@~1.7.0 497 - Accept `CSRF-Token` and `XSRF-Token` request headers 498 - Default `cookie.path` to `'/'`, if using cookies 499 - deps: cookie-signature@1.0.6 500 - deps: csrf@~2.0.6 501 - deps: http-errors@~1.3.1 502 * deps: errorhandler@~1.3.4 503 - deps: accepts@~1.2.4 504 * deps: express-session@~1.10.3 505 - deps: cookie-signature@1.0.6 506 - deps: uid-safe@1.1.0 507 * deps: http-errors@~1.3.1 508 - Construct errors using defined constructors from `createError` 509 - Fix error names that are not identifiers 510 - Set a meaningful `name` property on constructed errors 511 * deps: response-time@~2.3.0 512 - Add function argument to support recording of response time 513 * deps: serve-index@~1.6.2 514 - deps: accepts@~1.2.4 515 - deps: http-errors@~1.3.1 516 - deps: mime-types@~2.0.9 517 * deps: serve-static@~1.9.1 518 - deps: send@0.12.1 519 * deps: type-is@~1.6.0 520 - fix argument reassignment 521 - fix false-positives in `hasBody` `Transfer-Encoding` check 522 - support wildcard for both type and subtype (`*/*`) 523 - deps: mime-types@~2.0.9 524 5252.28.3 / 2015-01-31 526=================== 527 528 * deps: compression@~1.3.1 529 - deps: accepts@~1.2.3 530 - deps: compressible@~2.0.2 531 * deps: csurf@~1.6.6 532 - deps: csrf@~2.0.5 533 * deps: errorhandler@~1.3.3 534 - deps: accepts@~1.2.3 535 * deps: express-session@~1.10.2 536 - deps: uid-safe@1.0.3 537 * deps: serve-index@~1.6.1 538 - deps: accepts@~1.2.3 539 - deps: mime-types@~2.0.8 540 * deps: type-is@~1.5.6 541 - deps: mime-types@~2.0.8 542 5432.28.2 / 2015-01-20 544=================== 545 546 * deps: body-parser@~1.10.2 547 - deps: iconv-lite@0.4.6 548 - deps: raw-body@1.3.2 549 * deps: serve-static@~1.8.1 550 - Fix redirect loop in Node.js 0.11.14 551 - Fix root path disclosure 552 - deps: send@0.11.1 553 5542.28.1 / 2015-01-08 555=================== 556 557 * deps: csurf@~1.6.5 558 - deps: csrf@~2.0.4 559 * deps: express-session@~1.10.1 560 - deps: uid-safe@~1.0.2 561 5622.28.0 / 2015-01-05 563=================== 564 565 * deps: body-parser@~1.10.1 566 - Make internal `extended: true` array limit dynamic 567 - deps: on-finished@~2.2.0 568 - deps: type-is@~1.5.5 569 * deps: compression@~1.3.0 570 - Export the default `filter` function for wrapping 571 - deps: accepts@~1.2.2 572 - deps: debug@~2.1.1 573 * deps: connect-timeout@~1.5.0 574 - deps: debug@~2.1.1 575 - deps: http-errors@~1.2.8 576 - deps: ms@0.7.0 577 * deps: csurf@~1.6.4 578 - deps: csrf@~2.0.3 579 - deps: http-errors@~1.2.8 580 * deps: debug@~2.1.1 581 * deps: errorhandler@~1.3.2 582 - Add `log` option 583 - Fix heading content to not include stack 584 - deps: accepts@~1.2.2 585 * deps: express-session@~1.10.0 586 - Add `store.touch` interface for session stores 587 - Fix `MemoryStore` expiration with `resave: false` 588 - deps: debug@~2.1.1 589 * deps: finalhandler@0.3.3 590 - deps: debug@~2.1.1 591 - deps: on-finished@~2.2.0 592 * deps: method-override@~2.3.1 593 - deps: debug@~2.1.1 594 - deps: methods@~1.1.1 595 * deps: morgan@~1.5.1 596 - Add multiple date formats `clf`, `iso`, and `web` 597 - Deprecate `buffer` option 598 - Fix date format in `common` and `combined` formats 599 - Fix token arguments to accept values with `"` 600 - deps: debug@~2.1.1 601 - deps: on-finished@~2.2.0 602 * deps: serve-favicon@~2.2.0 603 - Support query string in the URL 604 - deps: etag@~1.5.1 605 - deps: ms@0.7.0 606 * deps: serve-index@~1.6.0 607 - Add link to root directory 608 - deps: accepts@~1.2.2 609 - deps: batch@0.5.2 610 - deps: debug@~2.1.1 611 - deps: mime-types@~2.0.7 612 * deps: serve-static@~1.8.0 613 - Fix potential open redirect when mounted at root 614 - deps: send@0.11.0 615 * deps: type-is@~1.5.5 616 - deps: mime-types@~2.0.7 617 6182.27.6 / 2014-12-10 619=================== 620 621 * deps: serve-index@~1.5.3 622 - deps: accepts@~1.1.4 623 - deps: http-errors@~1.2.8 624 - deps: mime-types@~2.0.4 625 6262.27.5 / 2014-12-10 627=================== 628 629 * deps: compression@~1.2.2 630 - Fix `.end` to only proxy to `.end` 631 - deps: accepts@~1.1.4 632 * deps: express-session@~1.9.3 633 - Fix error when `req.sessionID` contains a non-string value 634 * deps: http-errors@~1.2.8 635 - Fix stack trace from exported function 636 - Remove `arguments.callee` usage 637 * deps: serve-index@~1.5.2 638 - Fix icon name background alignment on mobile view 639 * deps: type-is@~1.5.4 640 - deps: mime-types@~2.0.4 641 6422.27.4 / 2014-11-23 643=================== 644 645 * deps: body-parser@~1.9.3 646 - deps: iconv-lite@0.4.5 647 - deps: qs@2.3.3 648 - deps: raw-body@1.3.1 649 - deps: type-is@~1.5.3 650 * deps: compression@~1.2.1 651 - deps: accepts@~1.1.3 652 * deps: errorhandler@~1.2.3 653 - deps: accepts@~1.1.3 654 * deps: express-session@~1.9.2 655 - deps: crc@3.2.1 656 * deps: qs@2.3.3 657 - Fix `arrayLimit` behavior 658 * deps: serve-favicon@~2.1.7 659 - Avoid errors from enumerables on `Object.prototype` 660 * deps: serve-index@~1.5.1 661 - deps: accepts@~1.1.3 662 - deps: mime-types@~2.0.3 663 * deps: type-is@~1.5.3 664 - deps: mime-types@~2.0.3 665 6662.27.3 / 2014-11-09 667=================== 668 669 * Correctly invoke async callback asynchronously 670 * deps: csurf@~1.6.3 671 - bump csrf 672 - bump http-errors 673 6742.27.2 / 2014-10-28 675=================== 676 677 * Fix handling of URLs containing `://` in the path 678 * deps: body-parser@~1.9.2 679 - deps: qs@2.3.2 680 * deps: qs@2.3.2 681 - Fix parsing of mixed objects and values 682 6832.27.1 / 2014-10-22 684=================== 685 686 * deps: body-parser@~1.9.1 687 - deps: on-finished@~2.1.1 688 - deps: qs@2.3.0 689 - deps: type-is@~1.5.2 690 * deps: express-session@~1.9.1 691 - Remove unnecessary empty write call 692 * deps: finalhandler@0.3.2 693 - deps: on-finished@~2.1.1 694 * deps: morgan@~1.4.1 695 - deps: on-finished@~2.1.1 696 * deps: qs@2.3.0 697 - Fix parsing of mixed implicit and explicit arrays 698 * deps: serve-static@~1.7.1 699 - deps: send@0.10.1 700 7012.27.0 / 2014-10-16 702=================== 703 704 * Use `http-errors` module for creating errors 705 * Use `utils-merge` module for merging objects 706 * deps: body-parser@~1.9.0 707 - include the charset in "unsupported charset" error message 708 - include the encoding in "unsupported content encoding" error message 709 - deps: depd@~1.0.0 710 * deps: compression@~1.2.0 711 - deps: debug@~2.1.0 712 * deps: connect-timeout@~1.4.0 713 - Create errors with `http-errors` 714 - deps: debug@~2.1.0 715 * deps: debug@~2.1.0 716 - Implement `DEBUG_FD` env variable support 717 * deps: depd@~1.0.0 718 * deps: express-session@~1.9.0 719 - deps: debug@~2.1.0 720 - deps: depd@~1.0.0 721 * deps: finalhandler@0.3.1 722 - Terminate in progress response only on error 723 - Use `on-finished` to determine request status 724 - deps: debug@~2.1.0 725 * deps: method-override@~2.3.0 726 - deps: debug@~2.1.0 727 * deps: morgan@~1.4.0 728 - Add `debug` messages 729 - deps: depd@~1.0.0 730 * deps: response-time@~2.2.0 731 - Add `header` option for custom header name 732 - Add `suffix` option 733 - Change `digits` argument to an `options` argument 734 - deps: depd@~1.0.0 735 * deps: serve-favicon@~2.1.6 736 - deps: etag@~1.5.0 737 * deps: serve-index@~1.5.0 738 - Add `dir` argument to `filter` function 739 - Add icon for mkv files 740 - Create errors with `http-errors` 741 - Fix incorrect 403 on Windows and Node.js 0.11 742 - Lookup icon by mime type for greater icon support 743 - Support using tokens multiple times 744 - deps: accepts@~1.1.2 745 - deps: debug@~2.1.0 746 - deps: mime-types@~2.0.2 747 * deps: serve-static@~1.7.0 748 - deps: send@0.10.0 749 7502.26.6 / 2014-10-15 751=================== 752 753 * deps: compression@~1.1.2 754 - deps: accepts@~1.1.2 755 - deps: compressible@~2.0.1 756 * deps: csurf@~1.6.2 757 - bump http-errors 758 - fix cookie name when using `cookie: true` 759 * deps: errorhandler@~1.2.2 760 - deps: accepts@~1.1.2 761 7622.26.5 / 2014-10-08 763=================== 764 765 * Fix accepting non-object arguments to `logger` 766 * deps: serve-static@~1.6.4 767 - Fix redirect loop when index file serving disabled 768 7692.26.4 / 2014-10-02 770=================== 771 772 * deps: morgan@~1.3.2 773 - Fix `req.ip` integration when `immediate: false` 774 * deps: type-is@~1.5.2 775 - deps: mime-types@~2.0.2 776 7772.26.3 / 2014-09-24 778=================== 779 780 * deps: body-parser@~1.8.4 781 - fix content encoding to be case-insensitive 782 * deps: serve-favicon@~2.1.5 783 - deps: etag@~1.4.0 784 * deps: serve-static@~1.6.3 785 - deps: send@0.9.3 786 7872.26.2 / 2014-09-19 788=================== 789 790 * deps: body-parser@~1.8.3 791 - deps: qs@2.2.4 792 * deps: qs@2.2.4 793 - Fix issue with object keys starting with numbers truncated 794 7952.26.1 / 2014-09-15 796=================== 797 798 * deps: body-parser@~1.8.2 799 - deps: depd@0.4.5 800 * deps: depd@0.4.5 801 * deps: express-session@~1.8.2 802 - Use `crc` instead of `buffer-crc32` for speed 803 - deps: depd@0.4.5 804 * deps: morgan@~1.3.1 805 - Remove un-used `bytes` dependency 806 - deps: depd@0.4.5 807 * deps: serve-favicon@~2.1.4 808 - Fix content headers being sent in 304 response 809 - deps: etag@~1.3.1 810 * deps: serve-static@~1.6.2 811 - deps: send@0.9.2 812 8132.26.0 / 2014-09-08 814=================== 815 816 * deps: body-parser@~1.8.1 817 - add `parameterLimit` option to `urlencoded` parser 818 - change `urlencoded` extended array limit to 100 819 - make empty-body-handling consistent between chunked requests 820 - respond with 415 when over `parameterLimit` in `urlencoded` 821 - deps: media-typer@0.3.0 822 - deps: qs@2.2.3 823 - deps: type-is@~1.5.1 824 * deps: compression@~1.1.0 825 - deps: accepts@~1.1.0 826 - deps: compressible@~2.0.0 827 - deps: debug@~2.0.0 828 * deps: connect-timeout@~1.3.0 829 - deps: debug@~2.0.0 830 * deps: cookie-parser@~1.3.3 831 - deps: cookie-signature@1.0.5 832 * deps: cookie-signature@1.0.5 833 * deps: csurf@~1.6.1 834 - add `ignoreMethods` option 835 - bump cookie-signature 836 - csrf-tokens -> csrf 837 - set `code` property on CSRF token errors 838 * deps: debug@~2.0.0 839 * deps: errorhandler@~1.2.0 840 - Display error using `util.inspect` if no other representation 841 - deps: accepts@~1.1.0 842 * deps: express-session@~1.8.1 843 - Do not resave already-saved session at end of request 844 - Prevent session prototype methods from being overwritten 845 - deps: cookie-signature@1.0.5 846 - deps: debug@~2.0.0 847 * deps: finalhandler@0.2.0 848 - Set `X-Content-Type-Options: nosniff` header 849 - deps: debug@~2.0.0 850 * deps: fresh@0.2.4 851 * deps: media-typer@0.3.0 852 - Throw error when parameter format invalid on parse 853 * deps: method-override@~2.2.0 854 - deps: debug@~2.0.0 855 * deps: morgan@~1.3.0 856 - Assert if `format` is not a function or string 857 * deps: qs@2.2.3 858 - Fix issue where first empty value in array is discarded 859 * deps: serve-favicon@~2.1.3 860 - Accept string for `maxAge` (converted by `ms`) 861 - Use `etag` to generate `ETag` header 862 - deps: fresh@0.2.4 863 * deps: serve-index@~1.2.1 864 - Add `debug` messages 865 - Resolve relative paths at middleware setup 866 - deps: accepts@~1.1.0 867 * deps: serve-static@~1.6.1 868 - Add `lastModified` option 869 - deps: send@0.9.1 870 * deps: type-is@~1.5.1 871 - fix `hasbody` to be true for `content-length: 0` 872 - deps: media-typer@0.3.0 873 - deps: mime-types@~2.0.1 874 * deps: vhost@~3.0.0 875 8762.25.10 / 2014-09-04 877==================== 878 879 * deps: serve-static@~1.5.4 880 - deps: send@0.8.5 881 8822.25.9 / 2014-08-29 883=================== 884 885 * deps: body-parser@~1.6.7 886 - deps: qs@2.2.2 887 * deps: qs@2.2.2 888 8892.25.8 / 2014-08-27 890=================== 891 892 * deps: body-parser@~1.6.6 893 - deps: qs@2.2.0 894 * deps: csurf@~1.4.1 895 * deps: qs@2.2.0 896 - Array parsing fix 897 - Performance improvements 898 8992.25.7 / 2014-08-18 900=================== 901 902 * deps: body-parser@~1.6.5 903 - deps: on-finished@2.1.0 904 * deps: express-session@~1.7.6 905 - Fix exception on `res.end(null)` calls 906 * deps: morgan@~1.2.3 907 - deps: on-finished@2.1.0 908 * deps: serve-static@~1.5.3 909 - deps: send@0.8.3 910 9112.25.6 / 2014-08-14 912=================== 913 914 * deps: body-parser@~1.6.4 915 - deps: qs@1.2.2 916 * deps: qs@1.2.2 917 * deps: serve-static@~1.5.2 918 - deps: send@0.8.2 919 9202.25.5 / 2014-08-11 921=================== 922 923 * Fix backwards compatibility in `logger` 924 9252.25.4 / 2014-08-10 926=================== 927 928 * Fix `query` middleware breaking with argument 929 - It never really took one in the first place 930 * deps: body-parser@~1.6.3 931 - deps: qs@1.2.1 932 * deps: compression@~1.0.11 933 - deps: on-headers@~1.0.0 934 - deps: parseurl@~1.3.0 935 * deps: connect-timeout@~1.2.2 936 - deps: on-headers@~1.0.0 937 * deps: express-session@~1.7.5 938 - Fix parsing original URL 939 - deps: on-headers@~1.0.0 940 - deps: parseurl@~1.3.0 941 * deps: method-override@~2.1.3 942 * deps: on-headers@~1.0.0 943 * deps: parseurl@~1.3.0 944 * deps: qs@1.2.1 945 * deps: response-time@~2.0.1 946 - deps: on-headers@~1.0.0 947 * deps: serve-index@~1.1.6 948 - Fix URL parsing 949 * deps: serve-static@~1.5.1 950 - Fix parsing of weird `req.originalUrl` values 951 - deps: parseurl@~1.3.0 952 = deps: utils-merge@1.0.0 953 9542.25.3 / 2014-08-07 955=================== 956 957 * deps: multiparty@3.3.2 958 - Fix potential double-callback 959 9602.25.2 / 2014-08-07 961=================== 962 963 * deps: body-parser@~1.6.2 964 - deps: qs@1.2.0 965 * deps: qs@1.2.0 966 - Fix parsing array of objects 967 9682.25.1 / 2014-08-06 969=================== 970 971 * deps: body-parser@~1.6.1 972 - deps: qs@1.1.0 973 * deps: qs@1.1.0 974 - Accept urlencoded square brackets 975 - Accept empty values in implicit array notation 976 9772.25.0 / 2014-08-05 978=================== 979 980 * deps: body-parser@~1.6.0 981 - deps: qs@1.0.2 982 * deps: compression@~1.0.10 983 - Fix upper-case Content-Type characters prevent compression 984 - deps: compressible@~1.1.1 985 * deps: csurf@~1.4.0 986 - Support changing `req.session` after `csurf` middleware 987 - Calling `res.csrfToken()` after `req.session.destroy()` will now work 988 * deps: express-session@~1.7.4 989 - Fix `res.end` patch to call correct upstream `res.write` 990 - Fix response end delay for non-chunked responses 991 * deps: qs@1.0.2 992 - Complete rewrite 993 - Limits array length to 20 994 - Limits object depth to 5 995 - Limits parameters to 1,000 996 * deps: serve-static@~1.5.0 997 - Add `extensions` option 998 - deps: send@0.8.1 999 10002.24.3 / 2014-08-04 1001=================== 1002 1003 * deps: serve-index@~1.1.5 1004 - Fix Content-Length calculation for multi-byte file names 1005 - deps: accepts@~1.0.7 1006 * deps: serve-static@~1.4.4 1007 - Fix incorrect 403 on Windows and Node.js 0.11 1008 - deps: send@0.7.4 1009 10102.24.2 / 2014-07-27 1011=================== 1012 1013 * deps: body-parser@~1.5.2 1014 * deps: depd@0.4.4 1015 - Work-around v8 generating empty stack traces 1016 * deps: express-session@~1.7.2 1017 * deps: morgan@~1.2.2 1018 * deps: serve-static@~1.4.2 1019 10202.24.1 / 2014-07-26 1021=================== 1022 1023 * deps: body-parser@~1.5.1 1024 * deps: depd@0.4.3 1025 - Fix exception when global `Error.stackTraceLimit` is too low 1026 * deps: express-session@~1.7.1 1027 * deps: morgan@~1.2.1 1028 * deps: serve-index@~1.1.4 1029 * deps: serve-static@~1.4.1 1030 10312.24.0 / 2014-07-22 1032=================== 1033 1034 * deps: body-parser@~1.5.0 1035 - deps: depd@0.4.2 1036 - deps: iconv-lite@0.4.4 1037 - deps: raw-body@1.3.0 1038 - deps: type-is@~1.3.2 1039 * deps: compression@~1.0.9 1040 - Add `debug` messages 1041 - deps: accepts@~1.0.7 1042 * deps: connect-timeout@~1.2.1 1043 - Accept string for `time` (converted by `ms`) 1044 - deps: debug@1.0.4 1045 * deps: debug@1.0.4 1046 * deps: depd@0.4.2 1047 - Add `TRACE_DEPRECATION` environment variable 1048 - Remove non-standard grey color from color output 1049 - Support `--no-deprecation` argument 1050 - Support `--trace-deprecation` argument 1051 * deps: express-session@~1.7.0 1052 - Improve session-ending error handling 1053 - deps: debug@1.0.4 1054 - deps: depd@0.4.2 1055 * deps: finalhandler@0.1.0 1056 - Respond after request fully read 1057 - deps: debug@1.0.4 1058 * deps: method-override@~2.1.2 1059 - deps: debug@1.0.4 1060 - deps: parseurl@~1.2.0 1061 * deps: morgan@~1.2.0 1062 - Add `:remote-user` token 1063 - Add `combined` log format 1064 - Add `common` log format 1065 - Remove non-standard grey color from `dev` format 1066 * deps: multiparty@3.3.1 1067 * deps: parseurl@~1.2.0 1068 - Cache URLs based on original value 1069 - Remove no-longer-needed URL mis-parse work-around 1070 - Simplify the "fast-path" `RegExp` 1071 * deps: serve-static@~1.4.0 1072 - Add `dotfiles` option 1073 - deps: parseurl@~1.2.0 1074 - deps: send@0.7.0 1075 10762.23.0 / 2014-07-10 1077=================== 1078 1079 * deps: debug@1.0.3 1080 - Add support for multiple wildcards in namespaces 1081 * deps: express-session@~1.6.4 1082 * deps: method-override@~2.1.0 1083 - add simple debug output 1084 - deps: methods@1.1.0 1085 - deps: parseurl@~1.1.3 1086 * deps: parseurl@~1.1.3 1087 - faster parsing of href-only URLs 1088 * deps: serve-static@~1.3.1 1089 - deps: parseurl@~1.1.3 1090 10912.22.0 / 2014-07-03 1092=================== 1093 1094 * deps: csurf@~1.3.0 1095 - Fix `cookie.signed` option to actually sign cookie 1096 * deps: express-session@~1.6.1 1097 - Fix `res.end` patch to return correct value 1098 - Fix `res.end` patch to handle multiple `res.end` calls 1099 - Reject cookies with missing signatures 1100 * deps: multiparty@3.3.0 1101 - Always emit close after all parts ended 1102 - Fix callback hang in node.js 0.8 on errors 1103 * deps: serve-static@~1.3.0 1104 - Accept string for `maxAge` (converted by `ms`) 1105 - Add `setHeaders` option 1106 - Include HTML link in redirect response 1107 - deps: send@0.5.0 1108 11092.21.1 / 2014-06-26 1110=================== 1111 1112 * deps: cookie-parser@1.3.2 1113 - deps: cookie-signature@1.0.4 1114 * deps: cookie-signature@1.0.4 1115 - fix for timing attacks 1116 * deps: express-session@~1.5.2 1117 - deps: cookie-signature@1.0.4 1118 * deps: type-is@~1.3.2 1119 - more mime types 1120 11212.21.0 / 2014-06-20 1122=================== 1123 1124 * deprecate `connect(middleware)` -- use `app.use(middleware)` instead 1125 * deprecate `connect.createServer()` -- use `connect()` instead 1126 * fix `res.setHeader()` patch to work with get -> append -> set pattern 1127 * deps: compression@~1.0.8 1128 * deps: errorhandler@~1.1.1 1129 * deps: express-session@~1.5.0 1130 - Deprecate integration with `cookie-parser` middleware 1131 - Deprecate looking for secret in `req.secret` 1132 - Directly read cookies; `cookie-parser` no longer required 1133 - Directly set cookies; `res.cookie` no longer required 1134 - Generate session IDs with `uid-safe`, faster and even less collisions 1135 * deps: serve-index@~1.1.3 1136 11372.20.2 / 2014-06-19 1138=================== 1139 1140 * deps: body-parser@1.4.3 1141 - deps: type-is@1.3.1 1142 11432.20.1 / 2014-06-19 1144=================== 1145 1146 * deps: type-is@1.3.1 1147 - fix global variable leak 1148 11492.20.0 / 2014-06-19 1150=================== 1151 1152 * deprecate `verify` option to `json` -- use `body-parser` npm module instead 1153 * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead 1154 * deprecate things with `depd` module 1155 * use `finalhandler` for final response handling 1156 * use `media-typer` to parse `content-type` for charset 1157 * deps: body-parser@1.4.2 1158 - check accepted charset in content-type (accepts utf-8) 1159 - check accepted encoding in content-encoding (accepts identity) 1160 - deprecate `urlencoded()` without provided `extended` option 1161 - lazy-load urlencoded parsers 1162 - support gzip and deflate bodies 1163 - set `inflate: false` to turn off 1164 - deps: raw-body@1.2.2 1165 - deps: type-is@1.3.0 1166 - Support all encodings from `iconv-lite` 1167 * deps: connect-timeout@1.1.1 1168 - deps: debug@1.0.2 1169 * deps: cookie-parser@1.3.1 1170 - export parsing functions 1171 - `req.cookies` and `req.signedCookies` are now plain objects 1172 - slightly faster parsing of many cookies 1173 * deps: csurf@1.2.2 1174 * deps: errorhandler@1.1.0 1175 - Display error on console formatted like `throw` 1176 - Escape HTML in stack trace 1177 - Escape HTML in title 1178 - Fix up edge cases with error sent in response 1179 - Set `X-Content-Type-Options: nosniff` header 1180 - Use accepts for negotiation 1181 * deps: express-session@1.4.0 1182 - Add `genid` option to generate custom session IDs 1183 - Add `saveUninitialized` option to control saving uninitialized sessions 1184 - Add `unset` option to control unsetting `req.session` 1185 - Generate session IDs with `rand-token` by default; reduce collisions 1186 - Integrate with express "trust proxy" by default 1187 - deps: buffer-crc32@0.2.3 1188 - deps: debug@1.0.2 1189 * deps: multiparty@3.2.9 1190 * deps: serve-index@1.1.2 1191 - deps: batch@0.5.1 1192 * deps: type-is@1.3.0 1193 - improve type parsing 1194 * deps: vhost@2.0.0 1195 - Accept `RegExp` object for `hostname` 1196 - Provide `req.vhost` object 1197 - Support IPv6 literal in `Host` header 1198 11992.19.6 / 2014-06-11 1200=================== 1201 1202 * deps: body-parser@1.3.1 1203 - deps: type-is@1.2.1 1204 * deps: compression@1.0.7 1205 - use vary module for better `Vary` behavior 1206 - deps: accepts@1.0.3 1207 - deps: compressible@1.1.0 1208 * deps: debug@1.0.2 1209 * deps: serve-index@1.1.1 1210 - deps: accepts@1.0.3 1211 * deps: serve-static@1.2.3 1212 - Do not throw un-catchable error on file open race condition 1213 - deps: send@0.4.3 1214 12152.19.5 / 2014-06-09 1216=================== 1217 1218 * deps: csurf@1.2.1 1219 - refactor to use csrf-tokens@~1.0.2 1220 * deps: debug@1.0.1 1221 * deps: serve-static@1.2.2 1222 - fix "event emitter leak" warnings 1223 - deps: send@0.4.2 1224 * deps: type-is@1.2.1 1225 - Switch dependency from `mime` to `mime-types@1.0.0` 1226 12272.19.4 / 2014-06-05 1228=================== 1229 1230 * deps: errorhandler@1.0.2 1231 - Pass on errors from reading error files 1232 * deps: method-override@2.0.2 1233 - use vary module for better `Vary` behavior 1234 * deps: serve-favicon@2.0.1 1235 - Reduce byte size of `ETag` header 1236 12372.19.3 / 2014-06-03 1238=================== 1239 1240 * deps: compression@1.0.6 1241 - fix listeners for delayed stream creation 1242 - fix regression for certain `stream.pipe(res)` situations 1243 - fix regression when negotiation fails 1244 12452.19.2 / 2014-06-03 1246=================== 1247 1248 * deps: compression@1.0.4 1249 - fix adding `Vary` when value stored as array 1250 - fix back-pressure behavior 1251 - fix length check for `res.end` 1252 12532.19.1 / 2014-06-02 1254=================== 1255 1256 * fix deprecated `utils.escape` 1257 12582.19.0 / 2014-06-02 1259=================== 1260 1261 * deprecate `methodOverride()` -- use `method-override` npm module instead 1262 * deps: body-parser@1.3.0 1263 - add `extended` option to urlencoded parser 1264 * deps: method-override@2.0.1 1265 - set `Vary` header 1266 - deps: methods@1.0.1 1267 * deps: multiparty@3.2.8 1268 * deps: response-time@2.0.0 1269 - add `digits` argument 1270 - do not override existing `X-Response-Time` header 1271 - timer not subject to clock drift 1272 - timer resolution down to nanoseconds 1273 * deps: serve-static@1.2.1 1274 - send max-age in Cache-Control in correct format 1275 - use `escape-html` for escaping 1276 - deps: send@0.4.1 1277 12782.18.0 / 2014-05-29 1279=================== 1280 1281 * deps: compression@1.0.3 1282 * deps: serve-index@1.1.0 1283 - Fix content negotiation when no `Accept` header 1284 - Properly support all HTTP methods 1285 - Support vanilla node.js http servers 1286 - Treat `ENAMETOOLONG` as code 414 1287 - Use accepts for negotiation 1288 * deps: serve-static@1.2.0 1289 - Calculate ETag with md5 for reduced collisions 1290 - Fix wrong behavior when index file matches directory 1291 - Ignore stream errors after request ends 1292 - Skip directories in index file search 1293 - deps: send@0.4.0 1294 12952.17.3 / 2014-05-27 1296=================== 1297 1298 * deps: express-session@1.2.1 1299 - Fix `resave` such that `resave: true` works 1300 13012.17.2 / 2014-05-27 1302=================== 1303 1304 * deps: body-parser@1.2.2 1305 - invoke `next(err)` after request fully read 1306 - deps: raw-body@1.1.6 1307 * deps: method-override@1.0.2 1308 - Handle `req.body` key referencing array or object 1309 - Handle multiple HTTP headers 1310 13112.17.1 / 2014-05-21 1312=================== 1313 1314 * fix `res.charset` appending charset when `content-type` has one 1315 13162.17.0 / 2014-05-20 1317=================== 1318 1319 * deps: express-session@1.2.0 1320 - Add `resave` option to control saving unmodified sessions 1321 * deps: morgan@1.1.1 1322 - "dev" format will use same tokens as other formats 1323 - `:response-time` token is now empty when immediate used 1324 - `:response-time` token is now monotonic 1325 - `:response-time` token has precision to 1 μs 1326 - fix `:status` + immediate output in node.js 0.8 1327 - improve `buffer` option to prevent indefinite event loop holding 1328 - simplify method to get remote address 1329 - deps: bytes@1.0.0 1330 * deps: serve-index@1.0.3 1331 - Fix error from non-statable files in HTML view 1332 13332.16.2 / 2014-05-18 1334=================== 1335 1336 * fix edge-case in `res.appendHeader` that would append in wrong order 1337 * deps: method-override@1.0.1 1338 13392.16.1 / 2014-05-17 1340=================== 1341 1342 * remove usages of `res.headerSent` from core 1343 13442.16.0 / 2014-05-17 1345=================== 1346 1347 * deprecate `res.headerSent` -- use `res.headersSent` 1348 * deprecate `res.on("header")` -- use on-headers module instead 1349 * fix `connect.version` to reflect the actual version 1350 * json: use body-parser 1351 - add `type` option 1352 - fix repeated limit parsing with every request 1353 - improve parser speed 1354 * urlencoded: use body-parser 1355 - add `type` option 1356 - fix repeated limit parsing with every request 1357 * dep: bytes@1.0.0 1358 * add negative support 1359 * dep: cookie-parser@1.1.0 1360 - deps: cookie@0.1.2 1361 * dep: csurf@1.2.0 1362 - add support for double-submit cookie 1363 * dep: express-session@1.1.0 1364 - Add `name` option; replacement for `key` option 1365 - Use `setImmediate` in MemoryStore for node.js >= 0.10 1366 13672.15.0 / 2014-05-04 1368=================== 1369 1370 * Add simple `res.cookie` support 1371 * Add `res.appendHeader` 1372 * Call error stack even when response has been sent 1373 * Patch `res.headerSent` to return Boolean 1374 * Patch `res.headersSent` for node.js 0.8 1375 * Prevent default 404 handler after response sent 1376 * dep: compression@1.0.2 1377 * support headers given to `res.writeHead` 1378 * deps: bytes@0.3.0 1379 * deps: negotiator@0.4.3 1380 * dep: connect-timeout@1.1.0 1381 * Add `req.timedout` property 1382 * Add `respond` option to constructor 1383 * Clear timer on socket destroy 1384 * deps: debug@0.8.1 1385 * dep: debug@^0.8.0 1386 * add `enable()` method 1387 * change from stderr to stdout 1388 * dep: errorhandler@1.0.1 1389 * Clean up error CSS 1390 * Do not respond after headers sent 1391 * dep: express-session@1.0.4 1392 * Remove import of `setImmediate` 1393 * Use `res.cookie()` instead of `res.setHeader()` 1394 * deps: cookie@0.1.2 1395 * deps: debug@0.8.1 1396 * dep: morgan@1.0.1 1397 * Make buffer unique per morgan instance 1398 * deps: bytes@0.3.0 1399 * dep: serve-favicon@2.0.0 1400 * Accept `Buffer` of icon as first argument 1401 * Non-GET and HEAD requests are denied 1402 * Send valid max-age value 1403 * Support conditional requests 1404 * Support max-age=0 1405 * Support OPTIONS method 1406 * Throw if `path` argument is directory 1407 * dep: serve-index@1.0.2 1408 * Add stylesheet option 1409 * deps: negotiator@0.4.3 1410 14112.14.5 / 2014-04-24 1412=================== 1413 1414 * dep: raw-body@1.1.4 1415 * allow true as an option 1416 * deps: bytes@0.3.0 1417 * dep: serve-static@1.1.0 1418 * Accept options directly to `send` module 1419 * deps: send@0.3.0 1420 14212.14.4 / 2014-04-07 1422=================== 1423 1424 * dep: bytes@0.3.0 1425 * added terabyte support 1426 * dep: csurf@1.1.0 1427 * add constant-time string compare 1428 * dep: serve-static@1.0.4 1429 * Resolve relative paths at middleware setup 1430 * Use parseurl to parse the URL from request 1431 * fix node.js 0.8 compatibility with memory session 1432 14332.14.3 / 2014-03-18 1434=================== 1435 1436 * dep: static-favicon@1.0.2 1437 * Fixed content of default icon 1438 14392.14.2 / 2014-03-11 1440=================== 1441 1442 * dep: static-favicon@1.0.1 1443 * Fixed path to default icon 1444 14452.14.1 / 2014-03-06 1446=================== 1447 1448 * dep: fresh@0.2.2 1449 * no real changes 1450 * dep: serve-index@1.0.1 1451 * deps: negotiator@0.4.2 1452 * dep: serve-static@1.0.2 1453 * deps: send@0.2.0 1454 14552.14.0 / 2014-03-05 1456=================== 1457 1458 * basicAuth: use basic-auth-connect 1459 * cookieParser: use cookie-parser 1460 * compress: use compression 1461 * csrf: use csurf 1462 * dep: cookie-signature@1.0.3 1463 * directory: use serve-index 1464 * errorHandler: use errorhandler 1465 * favicon: use static-favicon 1466 * logger: use morgan 1467 * methodOverride: use method-override 1468 * responseTime: use response-time 1469 * session: use express-session 1470 * static: use serve-static 1471 * timeout: use connect-timeout 1472 * vhost: use vhost 1473 14742.13.1 / 2014-03-05 1475=================== 1476 1477 * cookieSession: compare full value rather than crc32 1478 * deps: raw-body@1.1.3 1479 14802.13.0 / 2014-02-14 1481=================== 1482 1483 * fix typo in memory store warning #974 @rvagg 1484 * compress: use compressible 1485 * directory: add template option #990 @gottaloveit @Earl-Brown 1486 * csrf: prevent deprecated warning with old sessions 1487 14882.12.0 / 2013-12-10 1489=================== 1490 1491 * bump qs 1492 * directory: sort folders before files 1493 * directory: add folder icons 1494 * directory: de-duplicate icons, details/mobile views #968 @simov 1495 * errorHandler: end default 404 handler with a newline #972 @rlidwka 1496 * session: remove long cookie expire check #870 @undoZen 1497 14982.11.2 / 2013-12-01 1499=================== 1500 1501 * bump raw-body 1502 15032.11.1 / 2013-11-27 1504=================== 1505 1506 * bump raw-body 1507 * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma 1508 15092.11.0 / 2013-10-29 1510=================== 1511 1512 * update bytes 1513 * update uid2 1514 * update negotiator 1515 * sessions: add rolling session option #944 @ilmeo 1516 * sessions: property set cookies when given FQDN 1517 * cookieSessions: properly set cookies when given FQDN #948 @bmancini55 1518 * proto: fix FQDN mounting when multiple handlers #945 @bmancini55 1519 15202.10.1 / 2013-10-23 1521=================== 1522 1523 * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson) 1524 15252.10.0 / 2013-10-22 1526=================== 1527 1528 * fixed: set headers written by writeHead before emitting 'header' 1529 * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson) 1530 * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson) 1531 * fixed: fix static directory redirect for mount's root #937 (@dougwilson) 1532 * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123) 1533 * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies 1534 * compress: compress checks content-length to check threshold 1535 * compress: expose `res.flush()` for flushing responses 1536 * cookieParser: pass options into node-cookie #803 (@cauldrath) 1537 * errorHandler: replace `\n`s with `<br/>`s in error handler 1538 15392.9.2 / 2013-10-18 1540================== 1541 1542 * warn about multiparty and limit middleware deprecation for v3 1543 * fix fully qualified domain name mounting. #920 (@dougwilson) 1544 * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson) 1545 * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson) 1546 15472.9.1 / 2013-10-15 1548================== 1549 1550 * update multiparty 1551 * compress: Set vary header only if Content-Type passes filter #904 1552 * directory: Fix directory middleware URI escaping #917 (@dougwilson) 1553 * directory: Fix directory seperators for Windows #914 (@dougwilson) 1554 * directory: Keep query string intact during directory redirect #913 (@dougwilson) 1555 * directory: Fix paths in links #730 (@JacksonTian) 1556 * errorHandler: Don't escape text/plain as HTML #875 (@johan) 1557 * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson) 1558 * logger: Log even when connections are aborted #760 (@dylanahsmith) 1559 * methodOverride: Check req.body is an object #907 (@kbjr) 1560 * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson) 1561 * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce) 1562 15632.9.0 / 2013-09-07 1564================== 1565 1566 * multipart: add docs regarding tmpfiles 1567 * multipart: add .name back to file parts 1568 * multipart: use multiparty instead of formidable 1569 15702.8.8 / 2013-09-02 1571================== 1572 1573 * csrf: change to math.random() salt and remove csrfToken() callback 1574 15752.8.7 / 2013-08-28 1576================== 1577 1578 * csrf: prevent salt generation on every request, and add async req.csrfToken(fn) 1579 15802.8.6 / 2013-08-28 1581================== 1582 1583 * csrf: refactor to use HMAC tokens (BREACH attack) 1584 * compress: add compression of SVG and common font files by default. 1585 15862.8.5 / 2013-08-11 1587================== 1588 1589 * add: compress Dart source files by default 1590 * update fresh 1591 15922.8.4 / 2013-07-08 1593================== 1594 1595 * update send 1596 15972.8.3 / 2013-07-04 1598================== 1599 1600 * add a name back to static middleware ("staticMiddleware") 1601 * fix .hasBody() utility to require transfer-encoding or content-length 1602 16032.8.2 / 2013-07-03 1604================== 1605 1606 * update send 1607 * update cookie dep. 1608 * add better debug() for middleware 1609 * add whitelisting of supported methods to methodOverride() 1610 16112.8.1 / 2013-06-27 1612================== 1613 1614 * fix: escape req.method in 404 response 1615 16162.8.0 / 2013-06-26 1617================== 1618 1619 * add `threshold` option to `compress()` to prevent compression of small responses 1620 * add support for vendor JSON mime types in json() 1621 * add X-Forwarded-Proto initial https proxy support 1622 * change static redirect to 303 1623 * change octal escape sequences for strict mode 1624 * change: replace utils.uid() with uid2 lib 1625 * remove other "static" function name. Fixes #794 1626 * fix: hasBody() should return false if Content-Length: 0 1627 16282.7.11 / 2013-06-02 1629================== 1630 1631 * update send 1632 16332.7.10 / 2013-05-21 1634================== 1635 1636 * update qs 1637 * update formidable 1638 * fix: write/end to noop() when request aborted 1639 16402.7.9 / 2013-05-07 1641================== 1642 1643 * update qs 1644 * drop support for node < v0.8 1645 16462.7.8 / 2013-05-03 1647================== 1648 1649 * update qs 1650 16512.7.7 / 2013-04-29 1652================== 1653 1654 * update qs dependency 1655 * remove "static" function name. Closes #794 1656 * update node-formidable 1657 * update buffer-crc32 1658 16592.7.6 / 2013-04-15 1660================== 1661 1662 * revert cookie signature which was creating session race conditions 1663 16642.7.5 / 2013-04-12 1665================== 1666 1667 * update cookie-signature 1668 * limit: do not consume request in node 0.10.x 1669 16702.7.4 / 2013-04-01 1671================== 1672 1673 * session: add long expires check and prevent excess set-cookie 1674 * session: add console.error() of session#save() errors 1675 16762.7.3 / 2013-02-19 1677================== 1678 1679 * add name to compress middleware 1680 * add appending Accept-Encoding to Vary when set but missing 1681 * add tests for csrf middleware 1682 * add 'next' support for connect() server handler 1683 * change utils.uid() to return url-safe chars. Closes #753 1684 * fix treating '.' as a regexp in vhost() 1685 * fix duplicate bytes dep in package.json. Closes #743 1686 * fix #733 - parse x-forwarded-proto in a more generally compatibly way 1687 * revert "add support for `next(status[, msg])`"; makes composition hard 1688 16892.7.2 / 2013-01-04 1690================== 1691 1692 * add support for `next(status[, msg])` back 1693 * add utf-8 meta tag to support foreign characters in filenames/directories 1694 * change `timeout()` 408 to 503 1695 * replace 'node-crc' with 'buffer-crc32', fixes licensing 1696 * fix directory.html IE support 1697 16982.7.1 / 2012-12-05 1699================== 1700 1701 * add directory() tests 1702 * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely) 1703 * fix errorHandler signature 1704 17052.7.0 / 2012-11-13 1706================== 1707 1708 * add support for leading JSON whitespace 1709 * add logging of `req.ip` when present 1710 * add basicAuth support for `:`-delimited string 1711 * update cookie module. Closes #688 1712 17132.6.2 / 2012-11-01 1714================== 1715 1716 * add `debug()` for disconnected session store 1717 * fix session regeneration bug. Closes #681 1718 17192.6.1 / 2012-10-25 1720================== 1721 1722 * add passing of `connect.timeout()` errors to `next()` 1723 * replace signature utils with cookie-signature module 1724 17252.6.0 / 2012-10-09 1726================== 1727 1728 * add `defer` option to `multipart()` [Blake Miner] 1729 * fix mount path case sensitivity. Closes #663 1730 * fix default of ascii encoding from `logger()`, now utf8. Closes #293 1731 17322.5.0 / 2012-09-27 1733================== 1734 1735 * add `err.status = 400` to multipart() errors 1736 * add double-encoding protection to `compress()`. Closes #659 1737 * add graceful handling cookie parsing errors [shtylman] 1738 * fix typo X-Response-time to X-Response-Time 1739 17402.4.6 / 2012-09-18 1741================== 1742 1743 * update qs 1744 17452.4.5 / 2012-09-03 1746================== 1747 1748 * add session store "connect" / "disconnect" support [louischatriot] 1749 * fix `:url` log token 1750 17512.4.4 / 2012-08-21 1752================== 1753 1754 * fix `static()` pause regression from "send" integration 1755 17562.4.3 / 2012-08-07 1757================== 1758 1759 * fix `.write()` encoding for zlib inconstancy. Closes #561 1760 17612.4.2 / 2012-07-25 1762================== 1763 1764 * remove limit default from `urlencoded()` 1765 * remove limit default from `json()` 1766 * remove limit default from `multipart()` 1767 * fix `cookieSession()` clear cookie path / domain bug. Closes #636 1768 17692.4.1 / 2012-07-24 1770================== 1771 1772 * fix `options` mutation in `static()` 1773 17742.4.0 / 2012-07-23 1775================== 1776 1777 * add `connect.timeout()` 1778 * add __GET__ / __HEAD__ check to `directory()`. Closes #634 1779 * add "pause" util dep 1780 * update send dep for normalization bug 1781 17822.3.9 / 2012-07-16 1783================== 1784 1785 * add more descriptive invalid json error message 1786 * update send dep for root normalization regression 1787 * fix staticCache fresh dep 1788 17892.3.8 / 2012-07-12 1790================== 1791 1792 * fix `connect.static()` 404 regression, pass `next()`. Closes #629 1793 17942.3.7 / 2012-07-05 1795================== 1796 1797 * add `json()` utf-8 illustration test. Closes #621 1798 * add "send" dependency 1799 * change `connect.static()` internals to use "send" 1800 * fix `session()` req.session generation with pathname mismatch 1801 * fix `cookieSession()` req.session generation with pathname mismatch 1802 * fix mime export. Closes #618 1803 18042.3.6 / 2012-07-03 1805================== 1806 1807 * Fixed cookieSession() with cookieParser() secret regression. Closes #602 1808 * Fixed set-cookie header fields on cookie.path mismatch. Closes #615 1809 18102.3.5 / 2012-06-28 1811================== 1812 1813 * Remove `logger()` mount check 1814 * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607 1815 * Fixed `staticCache()` when Cookie is present 1816 18172.3.4 / 2012-06-22 1818================== 1819 1820 * Added `err.buf` to urlencoded() and json() 1821 * Update cookie to 0.0.4. Closes #604 1822 * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten] 1823 18242.3.3 / 2012-06-11 1825================== 1826 1827 * Added ETags back to `static()` [timkuijsten] 1828 * Replaced `utils.parseRange()` with `range-parser` module 1829 * Replaced `utils.parseBytes()` with `bytes` module 1830 * Replaced `utils.modified()` with `fresh` module 1831 * Fixed `cookieSession()` regression with invalid cookie signing [shtylman] 1832 18332.3.2 / 2012-06-08 1834================== 1835 1836 * expose mime module 1837 * Update crc dep (which bundled nodeunit) 1838 18392.3.1 / 2012-06-06 1840================== 1841 1842 * Added `secret` option to `cookieSession` middleware [shtylman] 1843 * Added `secret` option to `session` middleware [shtylman] 1844 * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user` 1845 * Performance: improve signed cookie parsing 1846 * Update `cookie` dependency [shtylman] 1847 18482.3.0 / 2012-05-20 1849================== 1850 1851 * Added limit option to `json()` 1852 * Added limit option to `urlencoded()` 1853 * Added limit option to `multipart()` 1854 * Fixed: remove socket error event listener on callback 1855 * Fixed __ENOTDIR__ error on `static` middleware 1856 18572.2.2 / 2012-05-07 1858================== 1859 1860 * Added support to csrf middle for pre-flight CORS requests 1861 * Updated `engines` to allow newer version of node 1862 * Removed duplicate repo prop. Closes #560 1863 18642.2.1 / 2012-04-28 1865================== 1866 1867 * Fixed `static()` redirect when mounted. Closes #554 1868 18692.2.0 / 2012-04-25 1870================== 1871 1872 * Added `make benchmark` 1873 * Perf: memoize url parsing (~20% increase) 1874 * Fixed `connect(fn, fn2, ...)`. Closes #549 1875 18762.1.3 / 2012-04-20 1877================== 1878 1879 * Added optional json() `reviver` function to be passed to JSON.parse [jed] 1880 * Fixed: emit drain in compress middleware [nsabovic] 1881 18822.1.2 / 2012-04-11 1883================== 1884 1885 * Fixed cookieParser() `req.cookies` regression 1886 18872.1.1 / 2012-04-11 1888================== 1889 1890 * Fixed `session()` browser-session length cookies & examples 1891 * Fixed: make `query()` "self-aware" [jed] 1892 18932.1.0 / 2012-04-05 1894================== 1895 1896 * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`) 1897 * Added `urlencoded()` support for GET 1898 * Added `json()` support for GET. Closes #497 1899 * Added `strict` option to `json()` 1900 * Changed: `session()` only set-cookie when modified 1901 * Removed `Session#lastAccess` property. Closes #399 1902 19032.0.3 / 2012-03-20 1904================== 1905 1906 * Added: `cookieSession()` only sets cookie on change. Closes #442 1907 * Added `connect:dispatcher` debug() probes 1908 19092.0.2 / 2012-03-04 1910================== 1911 1912 * Added test for __ENAMETOOLONG__ now that node is fixed 1913 * Fixed static() index "/" check on windows. Closes #498 1914 * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia] 1915 19162.0.1 / 2012-02-29 1917================== 1918 1919 * Added test coverage for `vhost()` middleware 1920 * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov] 1921 * Fixed `static()` Range: respond with 416 when unsatisfiable 1922 * Fixed `vhost()` middleware. Closes #494 1923 19242.0.0 / 2011-10-05 1925================== 1926 1927 * Added `cookieSession()` middleware for cookie-only sessions 1928 * Added `compress()` middleware for gzip / deflate support 1929 * Added `session()` "proxy" setting to trust `X-Forwarded-Proto` 1930 * Added `json()` middleware to parse "application/json" 1931 * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded" 1932 * Added `multipart()` middleware to parse "multipart/form-data" 1933 * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies 1934 * Added signed cookie support to `cookieParser()` 1935 * Added support for JSON-serialized cookies to `cookieParser()` 1936 * Added `err.status` support in Connect's default end-point 1937 * Added X-Cache MISS / HIT to `staticCache()` 1938 * Added public `res.headerSent` checking nodes `res._headerSent` until node does 1939 * Changed `basicAuth()` req.remoteUser to req.user 1940 * Changed: default `session()` to a browser-session cookie. Closes #475 1941 * Changed: no longer lowercase cookie names 1942 * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()` 1943 * Changed: `errorHandler()` is now a development-only middleware 1944 * Changed middleware to `next()` errors when possible so applications can unify logging / handling 1945 * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https 1946 * Removed `.createServer()` (use `connect()`) 1947 * Removed `secret` option from `session()`, use `cookieParser(secret)` 1948 * Removed `connect.session.ignore` array support 1949 * Removed `router()` middleware. Closes #262 1950 * Fixed: set-cookie only once for browser-session cookies 1951 * Fixed FQDN support. dont add leading "/" 1952 * Fixed 404 XSS attack vector. Closes #473 1953 * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point 1954 19551.8.5 / 2011-12-22 1956================== 1957 1958 * Fixed: actually allow empty body for json 1959 19601.8.4 / 2011-12-22 1961================== 1962 1963 * Changed: allow empty body for json/urlencoded requests. Backport for #443 1964 19651.8.3 / 2011-12-16 1966================== 1967 1968 * Fixed `static()` _index.html_ support on windows 1969 19701.8.2 / 2011-12-03 1971================== 1972 1973 * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv] 1974 19751.8.1 / 2011-11-21 1976================== 1977 1978 * Added nesting support for _multipart/form-data_ [jackyz] 1979 19801.8.0 / 2011-11-17 1981================== 1982 1983 * Added _multipart/form-data_ support to `bodyParser()` using formidable 1984 19851.7.3 / 2011-11-11 1986================== 1987 1988 * Fixed `req.body`, always default to {} 1989 * Fixed HEAD support for 404s and 500s 1990 19911.7.2 / 2011-10-24 1992================== 1993 1994 * "node": ">= 0.4.1 < 0.7.0" 1995 * Added `static()` redirect option. Closes #398 1996 * Changed `limit()`: respond with 413 when content-length exceeds the limit 1997 * Removed socket error listener in static(). Closes #389 1998 * Fixed `staticCache()` Age header field 1999 * Fixed race condition causing errors reported in #329. 2000 20011.7.1 / 2011-09-12 2002================== 2003 2004 * Added: make `Store` inherit from `EventEmitter` 2005 * Added session `Store#load(sess, fn)` to fetch a `Session` instance 2006 * Added backpressure support to `staticCache()` 2007 * Changed `res.socket.destroy()` to `req.socket.destroy()` 2008 20091.7.0 / 2011-08-31 2010================== 2011 2012 * Added `staticCache()` middleware, a memory cache for `static()` 2013 * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this) 2014 * Changed: ignore error handling middleware when header is sent 2015 * Changed: dispatcher errors after header is sent destroy the sock 2016 20171.6.4 / 2011-08-26 2018================== 2019 2020 * Revert "Added double-next reporting" 2021 20221.6.3 / 2011-08-26 2023================== 2024 2025 * Added double-`next()` reporting 2026 * Added `immediate` option to `logger()`. Closes #321 2027 * Dependency `qs >= 0.3.1` 2028 20291.6.2 / 2011-08-11 2030================== 2031 2032 * Fixed `connect.static()` null byte vulnerability 2033 * Fixed `connect.directory()` null byte vulnerability 2034 * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289 2035 20361.6.1 / 2011-08-03 2037================== 2038 2039 * Added: allow retval `== null` from logger callback to ignore line 2040 * Added `getOnly` option to `connect.static.send()` 2041 * Added response "header" event allowing augmentation 2042 * Added `X-CSRF-Token` header field check 2043 * Changed dep `qs >= 0.3.0` 2044 * Changed: persist csrf token. Closes #322 2045 * Changed: sort directory middleware files alphabetically 2046 20471.6.0 / 2011-07-10 2048================== 2049 2050 * Added :response-time to "dev" logger format 2051 * Added simple `csrf()` middleware. Closes #315 2052 * Fixed `res._headers` logger regression. Closes #318 2053 * Removed support for multiple middleware being passed to `.use()` 2054 20551.5.2 / 2011-07-06 2056================== 2057 2058 * Added `filter` function option to `directory()` [David Rio Deiros] 2059 * Changed: re-write of the `logger()` middleware, with extensible tokens and formats 2060 * Changed: `static.send()` ".." in path without root considered malicious 2061 * Fixed quotes in docs. Closes #312 2062 * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison] 2063 2064 20651.5.1 / 2011-06-20 2066================== 2067 2068 * Added malicious path check to `directory()` middleware 2069 * Added `utils.forbidden(res)` 2070 * Added `connect.query()` middleware 2071 20721.5.0 / 2011-06-20 2073================== 2074 2075 * Added `connect.directory()` middleware for serving directory listings 2076 20771.4.6 / 2011-06-18 2078================== 2079 2080 * Fixed `connect.static()` root with `..` 2081 * Fixed `connect.static()` __EBADF__ 2082 20831.4.5 / 2011-06-17 2084================== 2085 2086 * Fixed EBADF in `connect.static()`. Closes #297 2087 20881.4.4 / 2011-06-16 2089================== 2090 2091 * Changed `connect.static()` to check resolved dirname. Closes #294 2092 20931.4.3 / 2011-06-06 2094================== 2095 2096 * Fixed fd leak in `connect.static()` when the socket is closed 2097 * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285 2098 20991.4.2 / 2011-05-27 2100================== 2101 2102 * Changed to `devDependencies` 2103 * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen] 2104 * Fixed Win32 support for `static()` 2105 * Fixed monkey-patch issue. Closes #261 2106 21071.4.1 / 2011-05-08 2108================== 2109 2110 * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251 2111 * Fixed `errorHandler` middleware for missing stack traces. [aseemk] 2112#274 2113 21141.4.0 / 2011-04-25 2115================== 2116 2117 * Added route-middleware `next('route')` support to jump passed the route itself 2118 * Added Content-Length support to `limit()` 2119 * Added route-specific middleware support (used to be in express) 2120 * Changed; refactored duplicate session logic 2121 * Changed; prevent redefining `store.generate` per request 2122 * Fixed; `static()` does not set Content-Type when explicitly set [nateps] 2123 * Fixed escape `errorHandler()` {error} contents 2124 * NOTE: `router` will be removed in 2.0 2125 2126 21271.3.0 / 2011-04-06 2128================== 2129 2130 * Added `router.remove(path[, method])` to remove a route 2131 21321.2.3 / 2011-04-05 2133================== 2134 2135 * Fixed basicAuth realm issue when passing strings. Closes #253 2136 21371.2.2 / 2011-04-05 2138================== 2139 2140 * Added `basicAuth(username, password)` support 2141 * Added `errorHandler.title` defaulting to "Connect" 2142 * Changed `errorHandler` css 2143 21441.2.1 / 2011-03-30 2145================== 2146 2147 * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl] 2148 21491.2.0 / 2011-03-30 2150================== 2151 2152 * Added `router.lookup(path[, method])` 2153 * Added `router.match(url[, method])` 2154 * Added basicAuth async support. Closes #223 2155 21561.1.5 / 2011-03-27 2157================== 2158 2159 * Added; allow `logger()` callback function to return an empty string to ignore logging 2160 * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245 2161 21621.1.4 / 2011-03-23 2163================== 2164 2165 * Added `logger()` support for format function 2166 * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x 2167 21681.1.3 / 2011-03-21 2169================== 2170 2171 * Changed; `limit()` now calls `req.destroy()` 2172 21731.1.2 / 2011-03-21 2174================== 2175 2176 * Added request "limit" event to `limit()` middleware 2177 * Changed; `limit()` middleware will `next(err)` on failure 2178 21791.1.1 / 2011-03-18 2180================== 2181 2182 * Fixed session middleware for HTTPS. Closes #241 [reported by mt502] 2183 21841.1.0 / 2011-03-17 2185================== 2186 2187 * Added `Session#reload(fn)` 2188 21891.0.6 / 2011-03-09 2190================== 2191 2192 * Fixed `res.setHeader()` patch, preserve casing 2193 21941.0.5 / 2011-03-09 2195================== 2196 2197 * Fixed; `logger()` using `req.originalUrl` instead of `req.url` 2198 21991.0.4 / 2011-03-09 2200================== 2201 2202 * Added `res.charset` 2203 * Added conditional sessions example 2204 * Added support for `session.ignore` to be replaced. Closes #227 2205 * Fixed `Cache-Control` delimiters. Closes #228 2206 22071.0.3 / 2011-03-03 2208================== 2209 2210 * Fixed; `static.send()` invokes callback with connection error 2211 22121.0.2 / 2011-03-02 2213================== 2214 2215 * Fixed exported connect function 2216 * Fixed package.json; node ">= 0.4.1 < 0.5.0" 2217 22181.0.1 / 2011-03-02 2219================== 2220 2221 * Added `Session#save(fn)`. Closes #213 2222 * Added callback support to `connect.static.send()` for express 2223 * Added `connect.static.send()` "path" option 2224 * Fixed content-type in `static()` for _index.html_ 2225 22261.0.0 / 2011-03-01 2227================== 2228 2229 * Added `stack`, `message`, and `dump` errorHandler option aliases 2230 * Added `req.originalMethod` to methodOverride 2231 * Added `favicon()` maxAge option support 2232 * Added `connect()` alternative to `connect.createServer()` 2233 * Added new [documentation](http://senchalabs.github.com/connect) 2234 * Added Range support to `static()` 2235 * Added HTTPS support 2236 * Rewrote session middleware. The session API now allows for 2237 session-specific cookies, so you may alter each individually. 2238 Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html). 2239 * Added middleware self-awareness. This helps prevent 2240 middleware breakage when used within mounted servers. 2241 For example `cookieParser()` will not parse cookies more 2242 than once even when within a mounted server. 2243 * Added new examples in the `./examples` directory 2244 * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware 2245 * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware 2246 * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware 2247 * Renamed `staticProvider` to `static` 2248 * Renamed `bodyDecoder` to `bodyParser` 2249 * Renamed `cookieDecoder` to `cookieParser` 2250 * Fixed ETag quotes. [reported by papandreou] 2251 * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou] 2252 * Fixed; only set req.originalUrl once. Closes #124 2253 * Fixed symlink support for `static()`. Closes #123 2254 22550.5.10 / 2011-02-14 2256================== 2257 2258 * Fixed SID space issue. Closes #196 2259 * Fixed; proxy `res.end()` to commit session data 2260 * Fixed directory traversal attack in `staticProvider`. Closes #198 2261 22620.5.9 / 2011-02-09 2263================== 2264 2265 * qs >= 0.0.4 2266 22670.5.8 / 2011-02-04 2268================== 2269 2270 * Added `qs` dependency 2271 * Fixed router race-condition causing possible failure 2272 when `next()`ing to one or more routes with parallel 2273 requests 2274 22750.5.7 / 2011-02-01 2276================== 2277 2278 * Added `onvhost()` call so Express (and others) can know when they are 2279 * Revert "Added stylus support" (use the middleware which ships with stylus) 2280 * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly 2281 * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen] 2282 * Fixed `utils.uid()` length error [Jxck] 2283mounted 2284 22850.5.6 / 2011-01-23 2286================== 2287 2288 * Added stylus support to `compiler` 2289 * _favicon.js_ cleanup 2290 * _compiler.js_ cleanup 2291 * _bodyDecoder.js_ cleanup 2292 22930.5.5 / 2011-01-13 2294================== 2295 2296 * Changed; using sha256 HMAC instead of md5. [Paul Querna] 2297 * Changed; generated a longer random UID, without time influence. [Paul Querna] 2298 * Fixed; session middleware throws when secret is not present. [Paul Querna] 2299 23000.5.4 / 2011-01-07 2301================== 2302 2303 * Added; throw when router path or callback is missing 2304 * Fixed; `next(err)` on cookie parse exception instead of ignoring 2305 * Revert "Added utils.pathname(), memoized url.parse(str).pathname" 2306 23070.5.3 / 2011-01-05 2308================== 2309 2310 * Added _docs/api.html_ 2311 * Added `utils.pathname()`, memoized url.parse(str).pathname 2312 * Fixed `session.id` issue. Closes #183 2313 * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179 2314 * Removed bad outdated docs, we need something new / automated eventually 2315 23160.5.2 / 2010-12-28 2317================== 2318 2319 * Added default __OPTIONS__ support to _router_ middleware 2320 23210.5.1 / 2010-12-28 2322================== 2323 2324 * Added `req.session.id` mirroring `req.sessionID` 2325 * Refactored router, exposing `connect.router.methods` 2326 * Exclude non-lib files from npm 2327 * Removed imposed headers `X-Powered-By`, `Server`, etc 2328 23290.5.0 / 2010-12-06 2330================== 2331 2332 * Added _./index.js_ 2333 * Added route segment precondition support and example 2334 * Added named capture group support to router 2335 23360.4.0 / 2010-11-29 2337================== 2338 2339 * Added `basicAuth` middleware 2340 * Added more HTTP methods to the `router` middleware 2341 23420.3.0 / 2010-07-21 2343================== 2344 2345 * Added _staticGzip_ middleware 2346 * Added `connect.utils` to expose utils 2347 * Added `connect.session.Session` 2348 * Added `connect.session.Store` 2349 * Added `connect.session.MemoryStore` 2350 * Added `connect.middleware` to expose the middleware getters 2351 * Added `buffer` option to _logger_ for performance increase 2352 * Added _favicon_ middleware for serving your own favicon or the connect default 2353 * Added option support to _staticProvider_, can now pass _root_ and _lifetime_. 2354 * Added; mounted `Server` instances now have the `route` property exposed for reflection 2355 * Added support for callback as first arg to `Server#use()` 2356 * Added support for `next(true)` in _router_ to bypass match attempts 2357 * Added `Server#listen()` _host_ support 2358 * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance 2359 * Added _methodOverride_ X-HTTP-Method-Override support 2360 * Refactored session internals, adds _secret_ option 2361 * Renamed `lifetime` option to `maxAge` in _staticProvider_ 2362 * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark) 2363 * Removed connect(1) dependency on examples, they can all now run with node(1) 2364 * Remove a typo that was leaking a global. 2365 * Removed `Object.prototype` forEach() and map() methods 2366 * Removed a few utils not used 2367 * Removed `connect.createApp()` 2368 * Removed `res.simpleBody()` 2369 * Removed _format_ middleware 2370 * Removed _flash_ middleware 2371 * Removed _redirect_ middleware 2372 * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc) 2373 * Removed _pubsub_ middleware 2374 * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array 2375 * Changed; _compiler_ no longer 404s 2376 * Changed; _router_ signature now matches connect middleware signature 2377 * Fixed a require in _session_ for default `MemoryStore` 2378 * Fixed nasty request body bug in _router_. Closes #54 2379 * Fixed _less_ support in _compiler_ 2380 * Fixed bug preventing proper bubbling of exceptions in mounted servers 2381 * Fixed bug in `Server#use()` preventing `Server` instances as the first arg 2382 * Fixed **ENOENT** special case, is now treated as any other exception 2383 * Fixed spark env support 2384 23850.2.1 / 2010-07-09 2386================== 2387 2388 * Added support for _router_ `next()` to continue calling matched routes 2389 * Added mime type for _cache.manifest_ files. 2390 * Changed _compiler_ middleware to use async require 2391 * Changed session api, stores now only require `#get()`, and `#set()` 2392 * Fixed _cacheManifest_ by adding `utils.find()` back 2393 23940.2.0 / 2010-07-01 2395================== 2396 2397 * Added calls to `Session()` casts the given object as a `Session` instance 2398 * Added passing of `next()` to _router_ callbacks. Closes #46 2399 * Changed; `MemoryStore#destroy()` removes `req.session` 2400 * Changed `res.redirect("back")` to default to "/" when Referr?er is not present 2401 * Fixed _staticProvider_ urlencoded paths issue. Closes #47 2402 * Fixed _staticProvider_ middleware responding to **GET** requests 2403 * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43 2404 * Fixed _logger_ format option 2405 * Fixed typo in _compiler_ middleware preventing the _dest_ option from working 2406 24070.1.0 / 2010-06-25 2408================== 2409 2410 * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu) 2411 * Added [extended api docs](http://extjs.github.com/Connect/api.html) 2412 * Added docs for several more middleware layers 2413 * Added `connect.Server#use()` 2414 * Added _compiler_ middleware which provides arbitrary static compilation 2415 * Added `req.originalUrl` 2416 * Removed _blog_ example 2417 * Removed _sass_ middleware (use _compiler_) 2418 * Removed _less_ middleware (use _compiler_) 2419 * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc. 2420 * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes 2421 * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39 2422 * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies 2423 * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries 2424 24250.0.6 / 2010-06-22 2426================== 2427 2428 * Added _static_ middleware usage example 2429 * Added support for regular expressions as paths for _router_ 2430 * Added `util.merge()` 2431 * Increased performance of _static_ by ~ 200 rps 2432 * Renamed the _rest_ middleware to _router_ 2433 * Changed _rest_ api to accept a callback function 2434 * Removed _router_ middleware 2435 * Removed _proto.js_, only `Object#forEach()` remains 2436 24370.0.5 / 2010-06-21 2438================== 2439 2440 * Added Server#use() which contains the Layer normalization logic 2441 * Added documentation for several middleware 2442 * Added several new examples 2443 * Added _less_ middleware 2444 * Added _repl_ middleware 2445 * Added _vhost_ middleware 2446 * Added _flash_ middleware 2447 * Added _cookie_ middleware 2448 * Added _session_ middleware 2449 * Added `utils.htmlEscape()` 2450 * Added `utils.base64Decode()` 2451 * Added `utils.base64Encode()` 2452 * Added `utils.uid()` 2453 * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26 2454 * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()` 2455 * Renamed req.redirect() to res.redirect(). Closes #29 2456 * Fixed _sass_ 404 on **ENOENT** 2457 * Fixed +new Date duplication. Closes #24 2458 24590.0.4 / 2010-06-16 2460================== 2461 2462 * Added workerPidfile() to bin/connect 2463 * Added --workers support to bin/connect stop and status commands 2464 * Added _redirect_ middleware 2465 * Added better --config support to bin/connect. All flags can be utilized 2466 * Added auto-detection of _./config.js_ 2467 * Added config example 2468 * Added `net.Server` support to bin/connect 2469 * Writing worker pids relative to `env.pidfile` 2470 * s/parseQuery/parse/g 2471 * Fixed npm support 2472 24730.0.3 / 2010-06-16 2474================== 2475 2476 * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__ 2477 24780.0.2 / 2010-06-15 2479================== 2480 2481 * Added `-V, --version` to bin/connect 2482 * Added `utils.parseCookie()` 2483 * Added `utils.serializeCookie()` 2484 * Added `utils.toBoolean()` 2485 * Added _sass_ middleware 2486 * Added _cookie_ middleware 2487 * Added _format_ middleware 2488 * Added _lint_ middleware 2489 * Added _rest_ middleware 2490 * Added _./package.json_ (npm install connect) 2491 * Added `handleError()` support 2492 * Added `process.connectEnv` 2493 * Added custom log format support to _log_ middleware 2494 * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url") 2495 * Added -w, --workers to bin/connect 2496 * Added bin/connect support for --user NAME and --group NAME 2497 * Fixed url re-writing support 2498 24990.0.1 / 2010-06-03 2500================== 2501 2502 * Initial release 2503 2504