Vous ne pouvez pas sélectionner plus de 25 sujets
Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
4.19.2 / 2024-03-25
- Improved fix for open redirect allow list bypass
4.19.1 / 2024-03-20
- Allow passing non-strings to res.location with new encoding handling checks
4.19.0 / 2024-03-20
- Prevent open redirect allow list bypass due to encodeurl
- deps: cookie@0.6.0
4.18.3 / 2024-02-29
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- deps: cookie@0.6.0
4.18.2 / 2022-10-08
4.18.1 / 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 / 2022-04-25
- Add “root” option to
res.download
- Allow
options
without filename
in res.download
- Deprecate string and non-integer arguments to
res.status
- Fix behavior of
null
/undefined
as maxAge
in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore
Object.prototype
values in settings through app.set
/app.get
- Invoke
default
with same arguments as types in res.format
- Support proper 205 responses using
res.send
- Use
http-errors
for res.format
error
- deps: body-parser@1.20.0
- Fix error message for json parse whitespace in
strict
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
- deps: cookie@0.5.0
- Add
priority
option
- Fix
expires
option to reject invalid dates
- deps: depd@2.0.0
- Replace internal
eval
usage with Function
constructor
- Use instance methods on
process
to check for listeners
- deps: finalhandler@1.2.0
- Remove set content headers that break response
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: on-finished@2.4.1
- Prevent loss of async hooks context
- deps: qs@6.10.3
- deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: serve-static@1.15.0
- deps: statuses@2.0.1
- Remove code 306
- Rename
425 Unordered Collection
to standard 425 Too Early
4.17.3 / 2022-02-16
- deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
- deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
- Fix handling of
__proto__
keys
- pref: remove unnecessary regexp for trust proxy
4.17.2 / 2021-12-16
- Fix handling of
undefined
in res.jsonp
- Fix handling of
undefined
when "json escape"
is enabled
- Fix incorrect middleware execution with unanchored
RegExp
s
- Fix
res.jsonp(obj, status)
deprecation message
- Fix typo in
res.is
JSDoc
- deps: body-parser@1.19.1
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
- deps: cookie@0.4.1
- Fix
maxAge
option to reject invalid values
- deps: proxy-addr@~2.0.7
- Use
req.socket
over deprecated req.connection
- deps: forwarded@0.2.0
- deps: ipaddr.js@1.9.1
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
- deps: serve-static@1.14.2
- deps: setprototypeof@1.2.0
4.17.1 / 2019-05-25
- Revert “Improve error message for
null
/undefined
to res.status
“
4.17.0 / 2019-05-16
- Add
express.raw
to parse bodies into Buffer
- Add
express.text
to parse bodies into string
- Improve error message for non-strings to
res.sendFile
- Improve error message for
null
/undefined
to res.status
- Support multiple hosts in
X-Forwarded-Host
- deps: accepts@~1.3.7
- deps: body-parser@1.19.0
- Add encoding MIK
- Add petabyte (
pb
) support
- Fix parsing array brackets after index
- deps: bytes@3.1.0
- deps: http-errors@1.7.2
- deps: iconv-lite@0.4.24
- deps: qs@6.7.0
- deps: raw-body@2.4.0
- deps: type-is@~1.6.17
- deps: content-disposition@0.5.3
- deps: cookie@0.4.0
- Add
SameSite=None
support
- deps: finalhandler@~1.1.2
- Set stricter
Content-Security-Policy
header
- deps: parseurl@~1.3.3
- deps: statuses@~1.5.0
- deps: parseurl@~1.3.3
- deps: proxy-addr@~2.0.5
- deps: qs@6.7.0
- Fix parsing array brackets after index
- deps: range-parser@~1.2.1
- deps: send@0.17.1
- Set stricter CSP header in redirect & error responses
- deps: http-errors@~1.7.2
- deps: mime@1.6.0
- deps: ms@2.1.1
- deps: range-parser@~1.2.1
- deps: statuses@~1.5.0
- perf: remove redundant
path.normalize
call
- deps: serve-static@1.14.1
- Set stricter CSP header in redirect response
- deps: parseurl@~1.3.3
- deps: send@0.17.1
- deps: setprototypeof@1.1.1
- deps: statuses@~1.5.0
- deps: type-is@~1.6.18
- deps: mime-types@~2.1.24
- perf: prevent internal
throw
on invalid type
4.16.4 / 2018-10-10
- Fix issue where
"Request aborted"
may be logged in res.sendfile
- Fix JSDoc for
Router
constructor
- deps: body-parser@1.18.3
- Fix deprecation warnings on Node.js 10+
- Fix stack trace for strict json parse error
- deps: depd@~1.1.2
- deps: http-errors@~1.6.3
- deps: iconv-lite@0.4.23
- deps: qs@6.5.2
- deps: raw-body@2.3.3
- deps: type-is@~1.6.16
- deps: proxy-addr@~2.0.4
- deps: qs@6.5.2
- deps: safe-buffer@5.1.2
4.16.3 / 2018-03-12
- deps: accepts@~1.3.5
- deps: depd@~1.1.2
- perf: remove argument reassignment
- deps: encodeurl@~1.0.2
- Fix encoding
%
as last character
- deps: finalhandler@1.1.1
- Fix 404 output for bad / missing pathnames
- deps: encodeurl@~1.0.2
- deps: statuses@~1.4.0
- deps: proxy-addr@~2.0.3
- deps: send@0.16.2
- Fix incorrect end tag in default error & redirects
- deps: depd@~1.1.2
- deps: encodeurl@~1.0.2
- deps: statuses@~1.4.0
- deps: serve-static@1.13.2
- Fix incorrect end tag in redirects
- deps: encodeurl@~1.0.2
- deps: send@0.16.2
- deps: statuses@~1.4.0
- deps: type-is@~1.6.16
4.16.2 / 2017-10-09
- Fix
TypeError
in res.send
when given Buffer
and ETag
header set
- perf: skip parsing of entire
X-Forwarded-Proto
header
4.16.1 / 2017-09-29
4.16.0 / 2017-09-28
- Add
"json escape"
setting for res.json
and res.jsonp
- Add
express.json
and express.urlencoded
to parse bodies
- Add
options
argument to res.download
- Improve error message when autoloading invalid view engine
- Improve error messages when non-function provided as middleware
- Skip
Buffer
encoding when not generating ETag for small response
- Use
safe-buffer
for improved Buffer API
- deps: accepts@~1.3.4
- deps: content-type@~1.0.4
- perf: remove argument reassignment
- perf: skip parameter parsing when no parameters
- deps: etag@~1.8.1
- perf: replace regular expression with substring
- deps: finalhandler@1.1.0
- Use
res.headersSent
when available
- deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the “fast-path”
RegExp
- deps: proxy-addr@~2.0.2
- Fix trimming leading / trailing OWS in
X-Forwarded-For
- deps: forwarded@~0.1.2
- deps: ipaddr.js@1.5.2
- perf: reduce overhead when no
X-Forwarded-For
header
- deps: qs@6.5.1
- Fix parsing & compacting very deep objects
- deps: send@0.16.0
- Add 70 new types for file extensions
- Add
immutable
option
- Fix missing
</html>
in default error & redirects
- Set charset as “UTF-8” for .js and .json
- Use instance methods on steam to check for listeners
- deps: mime@1.4.1
- perf: improve path validation speed
- deps: serve-static@1.13.0
- Add 70 new types for file extensions
- Add
immutable
option
- Set charset as “UTF-8” for .js and .json
- deps: send@0.16.0
- deps: setprototypeof@1.1.0
- deps: utils-merge@1.0.1
- deps: vary@~1.1.2
- perf: improve header token parsing speed
- perf: re-use options object when generating ETags
- perf: remove dead
.charset
set in res.jsonp
4.15.5 / 2017-09-24
- deps: debug@2.6.9
- deps: finalhandler@~1.0.6
- deps: debug@2.6.9
- deps: parseurl@~1.3.2
- deps: fresh@0.5.2
- Fix handling of modified headers with invalid dates
- perf: improve ETag match loop
- perf: improve
If-None-Match
token parsing
- deps: send@0.15.6
- Fix handling of modified headers with invalid dates
- deps: debug@2.6.9
- deps: etag@~1.8.1
- deps: fresh@0.5.2
- perf: improve
If-Match
token parsing
- deps: serve-static@1.12.6
- deps: parseurl@~1.3.2
- deps: send@0.15.6
- perf: improve slash collapsing
4.15.4 / 2017-08-06
- deps: debug@2.6.8
- deps: depd@~1.1.1
- Remove unnecessary
Buffer
loading
- deps: finalhandler@~1.0.4
- deps: proxy-addr@~1.1.5
- Fix array argument being altered
- deps: ipaddr.js@1.4.0
- deps: qs@6.5.0
- deps: send@0.15.4
- deps: debug@2.6.8
- deps: depd@~1.1.1
- deps: http-errors@~1.6.2
- deps: serve-static@1.12.4
4.15.3 / 2017-05-16
- Fix error when
res.set
cannot add charset to Content-Type
- deps: debug@2.6.7
- Fix
DEBUG_MAX_ARRAY_LENGTH
- deps: ms@2.0.0
- deps: finalhandler@~1.0.3
- Fix missing
</html>
in HTML document
- deps: debug@2.6.7
- deps: proxy-addr@~1.1.4
- deps: send@0.15.3
- deps: debug@2.6.7
- deps: ms@2.0.0
- deps: serve-static@1.12.3
- deps: type-is@~1.6.15
- deps: vary@~1.1.1
- perf: hoist regular expression
4.15.2 / 2017-03-06
- deps: qs@6.4.0
- Fix regression parsing keys starting with
[
4.15.1 / 2017-03-05
- deps: send@0.15.1
- Fix issue when
Date.parse
does not return NaN
on invalid date
- Fix strict violation in broken environments
- deps: serve-static@1.12.1
- Fix issue when
Date.parse
does not return NaN
on invalid date
- deps: send@0.15.1
4.15.0 / 2017-03-01
- Add debug message when loading view engine
- Add
next("router")
to exit from router
- Fix case where
router.use
skipped requests routes did not
- Remove usage of
res._headers
private field
- Improves compatibility with Node.js 8 nightly
- Skip routing when
req.url
is not set
- Use
%o
in path debug to tell types apart
- Use
Object.create
to setup request & response prototypes
- Use
setprototypeof
module to replace __proto__
setting
- Use
statuses
instead of http
module for status messages
- deps: debug@2.6.1
- Allow colors in workers
- Deprecated
DEBUG_FD
environment variable set to 3
or higher
- Fix error when running under React Native
- Use same color for same namespace
- deps: ms@0.7.2
- deps: etag@~1.8.0
- Use SHA1 instead of MD5 for ETag hashing
- Works with FIPS 140-2 OpenSSL configuration
- deps: finalhandler@~1.0.0
- Fix exception when
err
cannot be converted to a string
- Fully URL-encode the pathname in the 404
- Only include the pathname in the 404 message
- Send complete HTML document
- Set
Content-Security-Policy: default-src 'self'
header
- deps: debug@2.6.1
- deps: fresh@0.5.0
- Fix false detection of
no-cache
request directive
- Fix incorrect result when
If-None-Match
has both *
and ETags
- Fix weak
ETag
matching to match spec
- perf: delay reading header values until needed
- perf: enable strict mode
- perf: hoist regular expressions
- perf: remove duplicate conditional
- perf: remove unnecessary boolean coercions
- perf: skip checking modified time if ETag check failed
- perf: skip parsing
If-None-Match
when no ETag
header
- perf: use
Date.parse
instead of new Date
- deps: qs@6.3.1
- Fix array parsing from skipping empty values
- Fix compacting nested arrays
- deps: send@0.15.0
- Fix false detection of
no-cache
request directive
- Fix incorrect result when
If-None-Match
has both *
and ETags
- Fix weak
ETag
matching to match spec
- Remove usage of
res._headers
private field
- Support
If-Match
and If-Unmodified-Since
headers
- Use
res.getHeaderNames()
when available
- Use
res.headersSent
when available
- deps: debug@2.6.1
- deps: etag@~1.8.0
- deps: fresh@0.5.0
- deps: http-errors@~1.6.1
- deps: serve-static@1.12.0
- Fix false detection of
no-cache
request directive
- Fix incorrect result when
If-None-Match
has both *
and ETags
- Fix weak
ETag
matching to match spec
- Remove usage of
res._headers
private field
- Send complete HTML document in redirect response
- Set default CSP header in redirect response
- Support
If-Match
and If-Unmodified-Since
headers
- Use
res.getHeaderNames()
when available
- Use
res.headersSent
when available
- deps: send@0.15.0
- perf: add fast match path for
*
route
- perf: improve
req.ips
performance
4.14.1 / 2017-01-28
- deps: content-disposition@0.5.2
- deps: finalhandler@0.5.1
- Fix exception when
err.headers
is not an object
- deps: statuses@~1.3.1
- perf: hoist regular expressions
- perf: remove duplicate validation path
- deps: proxy-addr@~1.1.3
- deps: send@0.14.2
- deps: http-errors@~1.5.1
- deps: ms@0.7.2
- deps: statuses@~1.3.1
- deps: serve-static@~1.11.2
- deps: type-is@~1.6.14
4.14.0 / 2016-06-16
- Add
acceptRanges
option to res.sendFile
/res.sendfile
- Add
cacheControl
option to res.sendFile
/res.sendfile
- Add
options
argument to req.range
- Includes the
combine
option
- Encode URL in
res.location
/res.redirect
if not already encoded
- Fix some redirect handling in
res.sendFile
/res.sendfile
- Fix Windows absolute path check using forward slashes
- Improve error with invalid arguments to
req.get()
- Improve performance for
res.json
/res.jsonp
in most cases
- Improve
Range
header handling in res.sendFile
/res.sendfile
- deps: accepts@~1.3.3
- Fix including type extensions in parameters in
Accept
parsing
- Fix parsing
Accept
parameters with quoted equals
- Fix parsing
Accept
parameters with quoted semicolons
- Many performance improvements
- deps: mime-types@~2.1.11
- deps: negotiator@0.6.1
- deps: content-type@~1.0.2
- deps: cookie@0.3.1
- Add
sameSite
option
- Fix cookie
Max-Age
to never be a floating point number
- Improve error message when
encode
is not a function
- Improve error message when
expires
is not a Date
- Throw better error for invalid argument to parse
- Throw on invalid values provided to
serialize
- perf: enable strict mode
- perf: hoist regular expression
- perf: use for loop in parse
- perf: use string concatenation for serialization
- deps: finalhandler@0.5.0
- Change invalid or non-numeric status code to 500
- Overwrite status message to match set status code
- Prefer
err.statusCode
if err.status
is invalid
- Set response headers from
err.headers
object
- Use
statuses
instead of http
module for status messages
- deps: proxy-addr@~1.1.2
- Fix accepting various invalid netmasks
- Fix IPv6-mapped IPv4 validation edge cases
- IPv4 netmasks must be contiguous
- IPv6 addresses cannot be used as a netmask
- deps: ipaddr.js@1.1.1
- deps: qs@6.2.0
- Add
decoder
option in parse
function
- deps: range-parser@~1.2.0
- Add
combine
option to combine overlapping ranges
- Fix incorrectly returning -1 when there is at least one valid range
- perf: remove internal function
- deps: send@0.14.1
- Add
acceptRanges
option
- Add
cacheControl
option
- Attempt to combine multiple ranges into single range
- Correctly inherit from
Stream
class
- Fix
Content-Range
header in 416 responses when using start
/end
options
- Fix
Content-Range
header missing from default 416 responses
- Fix redirect error when
path
contains raw non-URL characters
- Fix redirect when
path
starts with multiple forward slashes
- Ignore non-byte
Range
headers
- deps: http-errors@~1.5.0
- deps: range-parser@~1.2.0
- deps: statuses@~1.3.0
- perf: remove argument reassignment
- deps: serve-static@~1.11.1
- Add
acceptRanges
option
- Add
cacheControl
option
- Attempt to combine multiple ranges into single range
- Fix redirect error when
req.url
contains raw non-URL characters
- Ignore non-byte
Range
headers
- Use status code 301 for redirects
- deps: send@0.14.1
- deps: type-is@~1.6.13
- Fix type error when given invalid type to match against
- deps: mime-types@~2.1.11
- deps: vary@~1.1.0
- Only accept valid field names in the
field
argument
- perf: use strict equality when possible
4.13.4 / 2016-01-21
- deps: content-disposition@0.5.1
- deps: cookie@0.1.5
- Throw on invalid values provided to
serialize
- deps: depd@~1.1.0
- Support web browser loading
- perf: enable strict mode
- deps: escape-html@~1.0.3
- perf: enable strict mode
- perf: optimize string replacement
- perf: use faster string coercion
- deps: finalhandler@0.4.1
- deps: merge-descriptors@1.0.1
- deps: methods@~1.1.2
- deps: parseurl@~1.3.1
- deps: proxy-addr@~1.0.10
- deps: ipaddr.js@1.0.5
- perf: enable strict mode
- deps: range-parser@~1.0.3
- deps: send@0.13.1
- deps: depd@~1.1.0
- deps: destroy@~1.0.4
- deps: escape-html@~1.0.3
- deps: range-parser@~1.0.3
- deps: serve-static@~1.10.2
- deps: escape-html@~1.0.3
- deps: parseurl@~1.3.0
- deps: send@0.13.1
4.13.3 / 2015-08-02
- Fix infinite loop condition using
mergeParams: true
- Fix inner numeric indices incorrectly altering parent
req.params
4.13.2 / 2015-07-31
- deps: accepts@~1.2.12
- deps: array-flatten@1.1.1
- deps: path-to-regexp@0.1.7
- Fix regression with escaped round brackets and matching groups
- deps: type-is@~1.6.6
4.13.1 / 2015-07-05
- deps: accepts@~1.2.10
- deps: qs@4.0.0
- Fix dropping parameters like
hasOwnProperty
- Fix various parsing edge cases
- deps: type-is@~1.6.4
- deps: mime-types@~2.1.2
- perf: enable strict mode
- perf: remove argument reassignment
4.13.0 / 2015-06-20
- Add settings to debug output
- Fix
res.format
error when only default
provided
- Fix issue where
next('route')
in app.param
would incorrectly skip values
- Fix hiding platform issues with
decodeURIComponent
- Fix using
*
before params in routes
- Fix using capture groups before params in routes
- Simplify
res.cookie
to call res.append
- Use
array-flatten
module for flattening arrays
- deps: accepts@~1.2.9
- deps: mime-types@~2.1.1
- perf: avoid argument reassignment & argument slice
- perf: avoid negotiator recursive construction
- perf: enable strict mode
- perf: remove unnecessary bitwise operator
- deps: cookie@0.1.3
- perf: deduce the scope of try-catch deopt
- perf: remove argument reassignments
- deps: escape-html@1.0.2
- deps: etag@~1.7.0
- Always include entity length in ETags for hash length extensions
- Generate non-Stats ETags using MD5 only (no longer CRC32)
- Improve stat performance by removing hashing
- Improve support for JXcore
- Remove base64 padding in ETags to shorten
- Support “fake” stats objects in environments without fs
- Use MD5 instead of MD4 in weak ETags over 1KB
- deps: finalhandler@0.4.0
- Fix a false-positive when unpiping in Node.js 0.8
- Support
statusCode
property on Error
objects
- Use
unpipe
module for unpiping requests
- deps: escape-html@1.0.2
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove argument reassignment
- deps: fresh@0.3.0
- Add weak
ETag
matching support
- deps: on-finished@~2.3.0
- Add defined behavior for HTTP
CONNECT
requests
- Add defined behavior for HTTP
Upgrade
requests
- deps: ee-first@1.1.1
- deps: path-to-regexp@0.1.6
- deps: send@0.13.0
- Allow Node.js HTTP server to set
Date
response header
- Fix incorrectly removing
Content-Location
on 304 response
- Improve the default redirect response headers
- Send appropriate headers on default error response
- Use
http-errors
for standard emitted errors
- Use
statuses
instead of http
module for status messages
- deps: escape-html@1.0.2
- deps: etag@~1.7.0
- deps: fresh@0.3.0
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove unnecessary array allocations
- deps: serve-static@~1.10.0
- Add
fallthrough
option
- Fix reading options from options prototype
- Improve the default redirect response headers
- Malformed URLs now
next()
instead of 400
- deps: escape-html@1.0.2
- deps: send@0.13.0
- perf: enable strict mode
- perf: remove argument reassignment
- deps: type-is@~1.6.3
- deps: mime-types@~2.1.1
- perf: reduce try block size
- perf: remove bitwise operations
- perf: enable strict mode
- perf: isolate
app.render
try block
- perf: remove argument reassignments in application
- perf: remove argument reassignments in request prototype
- perf: remove argument reassignments in response prototype
- perf: remove argument reassignments in routing
- perf: remove argument reassignments in
View
- perf: skip attempting to decode zero length string
- perf: use saved reference to
http.STATUS_CODES
4.12.4 / 2015-05-17
- deps: accepts@~1.2.7
- deps: mime-types@~2.0.11
- deps: negotiator@0.5.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- Improve support for JXcore
- Support “fake” stats objects in environments without
fs
- deps: finalhandler@0.3.6
- deps: debug@~2.2.0
- deps: on-finished@~2.2.1
- deps: on-finished@~2.2.1
- Fix
isFinished(req)
when data buffered
- deps: proxy-addr@~1.0.8
- deps: qs@2.4.2
- Fix allowing parameters like
constructor
- deps: send@0.12.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- deps: ms@0.7.1
- deps: on-finished@~2.2.1
- deps: serve-static@~1.9.3
- deps: type-is@~1.6.2
4.12.3 / 2015-03-17
- deps: accepts@~1.2.5
- deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
- deps: finalhandler@0.3.4
- deps: proxy-addr@~1.0.7
- deps: qs@2.4.1
- Fix error when parameter
hasOwnProperty
is present
- deps: send@0.12.2
- Throw errors early for invalid
extensions
or index
options
- deps: debug@~2.1.3
- deps: serve-static@~1.9.2
- deps: type-is@~1.6.1
4.12.2 / 2015-03-02
- Fix regression where
"Request aborted"
is logged using res.sendFile
4.12.1 / 2015-03-01
- Fix constructing application with non-configurable prototype properties
- Fix
ECONNRESET
errors from res.sendFile
usage
- Fix
req.host
when using “trust proxy” hops count
- Fix
req.protocol
/req.secure
when using “trust proxy” hops count
- Fix wrong
code
on aborted connections from res.sendFile
- deps: merge-descriptors@1.0.0
4.12.0 / 2015-02-23
- Fix
"trust proxy"
setting to inherit when app is mounted
- Generate
ETag
s for all request responses
- No longer restricted to only responses for
GET
and HEAD
requests
- Use
content-type
to parse Content-Type
headers
- deps: accepts@~1.2.4
- Fix preference sorting to be stable for long acceptable lists
- deps: mime-types@~2.0.9
- deps: negotiator@0.5.1
- deps: cookie-signature@1.0.6
- deps: send@0.12.1
- Always read the stat size from the file
- Fix mutating passed-in
options
- deps: mime@1.3.4
- deps: serve-static@~1.9.1
- deps: type-is@~1.6.0
- fix argument reassignment
- fix false-positives in
hasBody
Transfer-Encoding
check
- support wildcard for both type and subtype (
*/*
)
- deps: mime-types@~2.0.9
4.11.2 / 2015-02-01
- Fix
res.redirect
double-calling res.end
for HEAD
requests
- deps: accepts@~1.2.3
- deps: proxy-addr@~1.0.6
- deps: type-is@~1.5.6
4.11.1 / 2015-01-20
- deps: send@0.11.1
- deps: serve-static@~1.8.1
- Fix redirect loop in Node.js 0.11.14
- Fix root path disclosure
- deps: send@0.11.1
4.11.0 / 2015-01-13
- Add
res.append(field, val)
to append headers
- Deprecate leading
:
in name
for app.param(name, fn)
- Deprecate
req.param()
-- use req.params
, req.body
, or req.query
instead
- Deprecate
app.param(fn)
- Fix
OPTIONS
responses to include the HEAD
method properly
- Fix
res.sendFile
not always detecting aborted connection
- Match routes iteratively to prevent stack overflows
- deps: accepts@~1.2.2
- deps: mime-types@~2.0.7
- deps: negotiator@0.5.0
- deps: send@0.11.0
- deps: debug@~2.1.1
- deps: etag@~1.5.1
- deps: ms@0.7.0
- deps: on-finished@~2.2.0
- deps: serve-static@~1.8.0
4.10.8 / 2015-01-13
- Fix crash from error within
OPTIONS
response handler
- deps: proxy-addr@~1.0.5
4.10.7 / 2015-01-04
- Fix
Allow
header for OPTIONS
to not contain duplicate methods
- Fix incorrect “Request aborted” for
res.sendFile
when HEAD
or 304
- deps: debug@~2.1.1
- deps: finalhandler@0.3.3
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0
- deps: methods@~1.1.1
- deps: on-finished@~2.2.0
- deps: serve-static@~1.7.2
- Fix potential open redirect when mounted at root
- deps: type-is@~1.5.5
4.10.6 / 2014-12-12
- Fix exception in
req.fresh
/req.stale
without response headers
4.10.5 / 2014-12-10
- Fix
res.send
double-calling res.end
for HEAD
requests
- deps: accepts@~1.1.4
- deps: type-is@~1.5.4
4.10.4 / 2014-11-24
- Fix
res.sendfile
logging standard write errors
4.10.3 / 2014-11-23
- Fix
res.sendFile
logging standard write errors
- deps: etag@~1.5.1
- deps: proxy-addr@~1.0.4
- deps: qs@2.3.3
4.10.2 / 2014-11-09
- Correctly invoke async router callback asynchronously
- deps: accepts@~1.1.3
- deps: type-is@~1.5.3
4.10.1 / 2014-10-28
- Fix handling of URLs containing
://
in the path
- deps: qs@2.3.2
- Fix parsing of mixed objects and values
4.10.0 / 2014-10-23
- Add support for
app.set('views', array)
- Views are looked up in sequence in array of directories
- Fix
res.send(status)
to mention res.sendStatus(status)
- Fix handling of invalid empty URLs
- Use
content-disposition
module for res.attachment
/res.download
- Sends standards-compliant
Content-Disposition
header
- Full Unicode support
- Use
path.resolve
in view lookup
- deps: debug@~2.1.0
- Implement
DEBUG_FD
env variable support
- deps: depd@~1.0.0
- deps: etag@~1.5.0
- Improve string performance
- Slightly improve speed for weak ETags over 1KB
- deps: finalhandler@0.3.2
- Terminate in progress response only on error
- Use
on-finished
to determine request status
- deps: debug@~2.1.0
- deps: on-finished@~2.1.1
- deps: on-finished@~2.1.1
- Fix handling of pipelined requests
- deps: qs@2.3.0
- Fix parsing of mixed implicit and explicit arrays
- deps: send@0.10.1
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: etag@~1.5.0
- deps: on-finished@~2.1.1
- deps: serve-static@~1.7.1
4.9.8 / 2014-10-17
- Fix
res.redirect
body when redirect status specified
- deps: accepts@~1.1.2
- Fix error when media type has invalid parameter
- deps: negotiator@0.4.9
4.9.7 / 2014-10-10
- Fix using same param name in array of paths
4.9.6 / 2014-10-08
- deps: accepts@~1.1.1
- deps: mime-types@~2.0.2
- deps: negotiator@0.4.8
- deps: serve-static@~1.6.4
- Fix redirect loop when index file serving disabled
- deps: type-is@~1.5.2
4.9.5 / 2014-09-24
- deps: etag@~1.4.0
- deps: proxy-addr@~1.0.3
- deps: send@0.9.3
- deps: serve-static@~1.6.3
4.9.4 / 2014-09-19
- deps: qs@2.2.4
- Fix issue with object keys starting with numbers truncated
4.9.3 / 2014-09-18
- deps: proxy-addr@~1.0.2
- Fix a global leak when multiple subnets are trusted
- deps: ipaddr.js@0.1.3
4.9.2 / 2014-09-17
- Fix regression for empty string
path
in app.use
- Fix
router.use
to accept array of middleware without path
- Improve error message for bad
app.use
arguments
4.9.1 / 2014-09-16
- Fix
app.use
to accept array of middleware without path
- deps: depd@0.4.5
- deps: etag@~1.3.1
- deps: send@0.9.2
- deps: depd@0.4.5
- deps: etag@~1.3.1
- deps: range-parser@~1.0.2
- deps: serve-static@~1.6.2
4.9.0 / 2014-09-08
- Add
res.sendStatus
- Invoke callback for sendfile when client aborts
- Applies to
res.sendFile
, res.sendfile
, and res.download
err
will be populated with request aborted error
- Support IP address host in
req.subdomains
- Use
etag
to generate ETag
headers
- deps: accepts@~1.1.0
- deps: cookie-signature@1.0.5
- deps: debug@~2.0.0
- deps: finalhandler@0.2.0
- Set
X-Content-Type-Options: nosniff
header
- deps: debug@~2.0.0
- deps: fresh@0.2.4
- deps: media-typer@0.3.0
- Throw error when parameter format invalid on parse
- deps: qs@2.2.3
- Fix issue where first empty value in array is discarded
- deps: range-parser@~1.0.2
- deps: send@0.9.1
- Add
lastModified
option
- Use
etag
to generate ETag
header
- deps: debug@~2.0.0
- deps: fresh@0.2.4
- deps: serve-static@~1.6.1
- Add
lastModified
option
- deps: send@0.9.1
- deps: type-is@~1.5.1
- fix
hasbody
to be true for content-length: 0
- deps: media-typer@0.3.0
- deps: mime-types@~2.0.1
- deps: vary@~1.0.0
- Accept valid
Vary
header string as field
4.8.8 / 2014-09-04
- deps: send@0.8.5
- Fix a path traversal issue when using
root
- Fix malicious path detection for empty string path
- deps: serve-static@~1.5.4
4.8.7 / 2014-08-29
- deps: qs@2.2.2
- Remove unnecessary cloning
4.8.6 / 2014-08-27
- deps: qs@2.2.0
- Array parsing fix
- Performance improvements
4.8.5 / 2014-08-18
- deps: send@0.8.3
- deps: destroy@1.0.3
- deps: on-finished@2.1.0
- deps: serve-static@~1.5.3
4.8.4 / 2014-08-14
- deps: qs@1.2.2
- deps: send@0.8.2
- Work around
fd
leak in Node.js 0.10 for fs.ReadStream
- deps: serve-static@~1.5.2
4.8.3 / 2014-08-10
- deps: parseurl@~1.3.0
- deps: qs@1.2.1
- deps: serve-static@~1.5.1
- Fix parsing of weird
req.originalUrl
values
- deps: parseurl@~1.3.0
- deps: utils-merge@1.0.0
4.8.2 / 2014-08-07
- deps: qs@1.2.0
- Fix parsing array of objects
4.8.1 / 2014-08-06
- fix incorrect deprecation warnings on
res.download
- deps: qs@1.1.0
- Accept urlencoded square brackets
- Accept empty values in implicit array notation
4.8.0 / 2014-08-05
- add
res.sendFile
- accepts a file system path instead of a URL
- requires an absolute path or
root
option specified
- deprecate
res.sendfile
-- use res.sendFile
instead
- support mounted app as any argument to
app.use()
- deps: qs@1.0.2
- Complete rewrite
- Limits array length to 20
- Limits object depth to 5
- Limits parameters to 1,000
- deps: send@0.8.1
- deps: serve-static@~1.5.0
- Add
extensions
option
- deps: send@0.8.1
4.7.4 / 2014-08-04
- fix
res.sendfile
regression for serving directory index files
- deps: send@0.7.4
- Fix incorrect 403 on Windows and Node.js 0.11
- Fix serving index files without root dir
- deps: serve-static@~1.4.4
4.7.3 / 2014-08-04
- deps: send@0.7.3
- Fix incorrect 403 on Windows and Node.js 0.11
- deps: serve-static@~1.4.3
- Fix incorrect 403 on Windows and Node.js 0.11
- deps: send@0.7.3
4.7.2 / 2014-07-27
- deps: depd@0.4.4
- Work-around v8 generating empty stack traces
- deps: send@0.7.2
- deps: serve-static@~1.4.2
4.7.1 / 2014-07-26
- deps: depd@0.4.3
- Fix exception when global
Error.stackTraceLimit
is too low
- deps: send@0.7.1
- deps: serve-static@~1.4.1
4.7.0 / 2014-07-25
- fix
req.protocol
for proxy-direct connections
- configurable query parser with
app.set('query parser', parser)
app.set('query parser', 'extended')
parse with “qs” module
app.set('query parser', 'simple')
parse with “querystring” core module
app.set('query parser', false)
disable query string parsing
app.set('query parser', true)
enable simple parsing
- deprecate
res.json(status, obj)
-- use res.status(status).json(obj)
instead
- deprecate
res.jsonp(status, obj)
-- use res.status(status).jsonp(obj)
instead
- deprecate
res.send(status, body)
-- use res.status(status).send(body)
instead
- deps: debug@1.0.4
- deps: depd@0.4.2
- Add
TRACE_DEPRECATION
environment variable
- Remove non-standard grey color from color output
- Support
--no-deprecation
argument
- Support
--trace-deprecation
argument
- deps: finalhandler@0.1.0
- Respond after request fully read
- deps: debug@1.0.4
- deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the “fast-path”
RegExp
- deps: send@0.7.0
- Add
dotfiles
option
- Cap
maxAge
value to 1 year
- deps: debug@1.0.4
- deps: depd@0.4.2
- deps: serve-static@~1.4.0
- deps: parseurl@~1.2.0
- deps: send@0.7.0
- perf: prevent multiple
Buffer
creation in res.send
4.6.1 / 2014-07-12
- fix
subapp.mountpath
regression for app.use(subapp)
4.6.0 / 2014-07-11
- accept multiple callbacks to
app.use()
- add explicit “Rosetta Flash JSONP abuse” protection
- previous versions are not vulnerable; this is just explicit protection
- catch errors in multiple
req.param(name, fn)
handlers
- deprecate
res.redirect(url, status)
-- use res.redirect(status, url)
instead
- fix
res.send(status, num)
to send num
as json (not error)
- remove unnecessary escaping when
res.jsonp
returns JSON response
- support non-string
path
in app.use(path, fn)
- supports array of paths
- supports
RegExp
- router: fix optimization on router exit
- router: refactor location of
try
blocks
- router: speed up standard
app.use(fn)
- deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
- deps: finalhandler@0.0.3
- deps: methods@1.1.0
- deps: parseurl@~1.1.3
- faster parsing of href-only URLs
- deps: path-to-regexp@0.1.3
- deps: send@0.6.0
- deps: serve-static@~1.3.2
- deps: parseurl@~1.1.3
- deps: send@0.6.0
- perf: fix arguments reassign deopt in some
res
methods
4.5.1 / 2014-07-06
- fix routing regression when altering
req.method
4.5.0 / 2014-07-04
- add deprecation message to non-plural
req.accepts*
- add deprecation message to
res.send(body, status)
- add deprecation message to
res.vary()
- add
headers
option to res.sendfile
- use to set headers on successful file transfer
- add
mergeParams
option to Router
- merges
req.params
from parent routes
- add
req.hostname
-- correct name for what req.host
returns
- deprecate things with
depd
module
- deprecate
req.host
-- use req.hostname
instead
- fix behavior when handling request without routes
- fix handling when
route.all
is only route
- invoke
router.param()
only when route matches
- restore
req.params
after invoking router
- use
finalhandler
for final response handling
- use
media-typer
to alter content-type charset
- deps: accepts@~1.0.7
- deps: send@0.5.0
- Accept string for
maxage
(converted by ms
)
- Include link in default redirect response
- deps: serve-static@~1.3.0
- Accept string for
maxAge
(converted by ms
)
- Add
setHeaders
option
- Include HTML link in redirect response
- deps: send@0.5.0
- deps: type-is@~1.3.2
4.4.5 / 2014-06-26
- deps: cookie-signature@1.0.4
4.4.4 / 2014-06-20
- fix
res.attachment
Unicode filenames in Safari
- fix “trim prefix” debug message in
express:router
- deps: accepts@~1.0.5
- deps: buffer-crc32@0.2.3
4.4.3 / 2014-06-11
- fix persistence of modified
req.params[name]
from app.param()
- deps: accepts@1.0.3
- deps: debug@1.0.2
- deps: send@0.4.3
- Do not throw uncatchable error on file open race condition
- Use
escape-html
for HTML escaping
- deps: debug@1.0.2
- deps: finished@1.2.2
- deps: fresh@0.2.2
- deps: serve-static@1.2.3
- Do not throw uncatchable error on file open race condition
- deps: send@0.4.3
4.4.2 / 2014-06-09
- fix catching errors from top-level handlers
- use
vary
module for res.vary
- deps: debug@1.0.1
- deps: proxy-addr@1.0.1
- deps: send@0.4.2
- fix “event emitter leak” warnings
- deps: debug@1.0.1
- deps: finished@1.2.1
- deps: serve-static@1.2.2
- fix “event emitter leak” warnings
- deps: send@0.4.2
- deps: type-is@1.2.1
4.4.1 / 2014-06-02
- deps: methods@1.0.1
- deps: send@0.4.1
- Send
max-age
in Cache-Control
in correct format
- deps: serve-static@1.2.1
- use
escape-html
for escaping
- deps: send@0.4.1
4.4.0 / 2014-05-30
- custom etag control with
app.set('etag', val)
app.set('etag', function(body, encoding){ return '"etag"' })
custom etag generation
app.set('etag', 'weak')
weak tag
app.set('etag', 'strong')
strong etag
app.set('etag', false)
turn off
app.set('etag', true)
standard etag
- mark
res.send
ETag as weak and reduce collisions
- update accepts to 1.0.2
- Fix interpretation when header not in request
- update send to 0.4.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: debug@0.8.1
- update serve-static to 1.2.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: send@0.4.0
4.3.2 / 2014-05-28
- fix handling of errors from
router.param()
callbacks
4.3.1 / 2014-05-23
- revert “fix behavior of multiple
app.VERB
for the same path”
- this caused a regression in the order of route execution
4.3.0 / 2014-05-21
- add
req.baseUrl
to access the path stripped from req.url
in routes
- fix behavior of multiple
app.VERB
for the same path
- fix issue routing requests among sub routers
- invoke
router.param()
only when necessary instead of every match
- proper proxy trust with
app.set('trust proxy', trust)
app.set('trust proxy', 1)
trust first hop
app.set('trust proxy', 'loopback')
trust loopback addresses
app.set('trust proxy', '10.0.0.1')
trust single IP
app.set('trust proxy', '10.0.0.1/16')
trust subnet
app.set('trust proxy', '10.0.0.1, 10.0.0.2')
trust list
app.set('trust proxy', false)
turn off
app.set('trust proxy', true)
trust everything
- set proper
charset
in Content-Type
for res.send
- update type-is to 1.2.0
4.2.0 / 2014-05-11
- deprecate
app.del()
-- use app.delete()
instead
- deprecate
res.json(obj, status)
-- use res.json(status, obj)
instead
- the edge-case
res.json(status, num)
requires res.status(status).json(num)
- deprecate
res.jsonp(obj, status)
-- use res.jsonp(status, obj)
instead
- the edge-case
res.jsonp(status, num)
requires res.status(status).jsonp(num)
- fix
req.next
when inside router instance
- include
ETag
header in HEAD
requests
- keep previous
Content-Type
for res.jsonp
- support PURGE method
- add
app.purge
- add
router.purge
- include PURGE in
app.all
- update debug to 0.8.0
- add
enable()
method
- change from stderr to stdout
- update methods to 1.0.0
4.1.2 / 2014-05-08
- fix
req.host
for IPv6 literals
- fix
res.jsonp
error if callback param is object
4.1.1 / 2014-04-27
- fix package.json to reflect supported node version
4.1.0 / 2014-04-24
- pass options from
res.sendfile
to send
- preserve casing of headers in
res.header
and res.set
- support unicode file names in
res.attachment
and res.download
- update accepts to 1.0.1
- update cookie to 0.1.2
- Fix for maxAge == 0
- made compat with expires field
- update send to 0.3.0
- Accept API options in options object
- Coerce option types
- Control whether to generate etags
- Default directory access to 403 when index disabled
- Fix sending files with dots without root set
- Include file path in etag
- Make “Can’t set headers after they are sent.” catchable
- Send full entity-body for multi range requests
- Set etags to “weak”
- Support “If-Range” header
- Support multiple index paths
- deps: mime@1.2.11
- update serve-static to 1.1.0
- Accept options directly to
send
module
- Resolve relative paths at middleware setup
- Use parseurl to parse the URL from request
- deps: send@0.3.0
- update type-is to 1.1.0
- add non-array values support
- add
multipart
as a shorthand
4.0.0 / 2014-04-09
- remove:
- node 0.8 support
- connect and connect’s patches except for charset handling
- express(1) - moved to express-generator
express.createServer()
- it has been deprecated for a long time. Use express()
app.configure
- use logic in your own app code
app.router
- is removed
req.auth
- use basic-auth
instead
req.accepted*
- use req.accepts*()
instead
res.location
- relative URL resolution is removed
res.charset
- include the charset in the content type when using res.set()
- all bundled middleware except
static
- change:
app.route
-> app.mountpath
when mounting an express app in another express app
json spaces
no longer enabled by default in development
req.accepts*
-> req.accepts*s
- i.e. req.acceptsEncoding
-> req.acceptsEncodings
req.params
is now an object instead of an array
res.locals
is no longer a function. It is a plain js object. Treat it as such.
res.headerSent
-> res.headersSent
to match node.js ServerResponse object
- refactor:
- add:
app.router()
- returns the app Router instance
app.route()
- Proxy to the app’s Router#route()
method to create a new route
- Router & Route - public API
3.21.2 / 2015-07-31
- deps: connect@2.30.2
- deps: body-parser@~1.13.3
- deps: compression@~1.5.2
- deps: errorhandler@~1.4.2
- deps: method-override@~2.3.5
- deps: serve-index@~1.7.2
- deps: type-is@~1.6.6
- deps: vhost@~3.0.1
- deps: vary@~1.0.1
- Fix setting empty header from empty
field
- perf: enable strict mode
- perf: remove argument reassignments
3.21.1 / 2015-07-05
- deps: basic-auth@~1.0.3
- deps: connect@2.30.1
- deps: body-parser@~1.13.2
- deps: compression@~1.5.1
- deps: errorhandler@~1.4.1
- deps: morgan@~1.6.1
- deps: pause@0.1.0
- deps: qs@4.0.0
- deps: serve-index@~1.7.1
- deps: type-is@~1.6.4
3.21.0 / 2015-06-18
- deps: basic-auth@1.0.2
- perf: enable strict mode
- perf: hoist regular expression
- perf: parse with regular expressions
- perf: remove argument reassignment
- deps: connect@2.30.0
- deps: body-parser@~1.13.1
- deps: bytes@2.1.0
- deps: compression@~1.5.0
- deps: cookie@0.1.3
- deps: cookie-parser@~1.3.5
- deps: csurf@~1.8.3
- deps: errorhandler@~1.4.0
- deps: express-session@~1.11.3
- deps: finalhandler@0.4.0
- deps: fresh@0.3.0
- deps: morgan@~1.6.0
- deps: serve-favicon@~2.3.0
- deps: serve-index@~1.7.0
- deps: serve-static@~1.10.0
- deps: type-is@~1.6.3
- deps: cookie@0.1.3
- perf: deduce the scope of try-catch deopt
- perf: remove argument reassignments
- deps: escape-html@1.0.2
- deps: etag@~1.7.0
- Always include entity length in ETags for hash length extensions
- Generate non-Stats ETags using MD5 only (no longer CRC32)
- Improve stat performance by removing hashing
- Improve support for JXcore
- Remove base64 padding in ETags to shorten
- Support “fake” stats objects in environments without fs
- Use MD5 instead of MD4 in weak ETags over 1KB
- deps: fresh@0.3.0
- Add weak
ETag
matching support
- deps: mkdirp@0.5.1
- Work in global strict mode
- deps: send@0.13.0
- Allow Node.js HTTP server to set
Date
response header
- Fix incorrectly removing
Content-Location
on 304 response
- Improve the default redirect response headers
- Send appropriate headers on default error response
- Use
http-errors
for standard emitted errors
- Use
statuses
instead of http
module for status messages
- deps: escape-html@1.0.2
- deps: etag@~1.7.0
- deps: fresh@0.3.0
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove unnecessary array allocations
3.20.3 / 2015-05-17
- deps: connect@2.29.2
- deps: body-parser@~1.12.4
- deps: compression@~1.4.4
- deps: connect-timeout@~1.6.2
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: errorhandler@~1.3.6
- deps: finalhandler@0.3.6
- deps: method-override@~2.3.3
- deps: morgan@~1.5.3
- deps: qs@2.4.2
- deps: response-time@~2.3.1
- deps: serve-favicon@~2.2.1
- deps: serve-index@~1.6.4
- deps: serve-static@~1.9.3
- deps: type-is@~1.6.2
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: proxy-addr@~1.0.8
- deps: send@0.12.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- deps: ms@0.7.1
- deps: on-finished@~2.2.1
3.20.2 / 2015-03-16
- deps: connect@2.29.1
- deps: body-parser@~1.12.2
- deps: compression@~1.4.3
- deps: connect-timeout@~1.6.1
- deps: debug@~2.1.3
- deps: errorhandler@~1.3.5
- deps: express-session@~1.10.4
- deps: finalhandler@0.3.4
- deps: method-override@~2.3.2
- deps: morgan@~1.5.2
- deps: qs@2.4.1
- deps: serve-index@~1.6.3
- deps: serve-static@~1.9.2
- deps: type-is@~1.6.1
- deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
- deps: merge-descriptors@1.0.0
- deps: proxy-addr@~1.0.7
- deps: send@0.12.2
- Throw errors early for invalid
extensions
or index
options
- deps: debug@~2.1.3
3.20.1 / 2015-02-28
- Fix
req.host
when using “trust proxy” hops count
- Fix
req.protocol
/req.secure
when using “trust proxy” hops count
3.20.0 / 2015-02-18
- Fix
"trust proxy"
setting to inherit when app is mounted
- Generate
ETag
s for all request responses
- No longer restricted to only responses for
GET
and HEAD
requests
- Use
content-type
to parse Content-Type
headers
- deps: connect@2.29.0
- Use
content-type
to parse Content-Type
headers
- deps: body-parser@~1.12.0
- deps: compression@~1.4.1
- deps: connect-timeout@~1.6.0
- deps: cookie-parser@~1.3.4
- deps: cookie-signature@1.0.6
- deps: csurf@~1.7.0
- deps: errorhandler@~1.3.4
- deps: express-session@~1.10.3
- deps: http-errors@~1.3.1
- deps: response-time@~2.3.0
- deps: serve-index@~1.6.2
- deps: serve-static@~1.9.1
- deps: type-is@~1.6.0
- deps: cookie-signature@1.0.6
- deps: send@0.12.1
- Always read the stat size from the file
- Fix mutating passed-in
options
- deps: mime@1.3.4
3.19.2 / 2015-02-01
- deps: connect@2.28.3
- deps: compression@~1.3.1
- deps: csurf@~1.6.6
- deps: errorhandler@~1.3.3
- deps: express-session@~1.10.2
- deps: serve-index@~1.6.1
- deps: type-is@~1.5.6
- deps: proxy-addr@~1.0.6
3.19.1 / 2015-01-20
3.19.0 / 2015-01-09
- Fix
OPTIONS
responses to include the HEAD
method property
- Use
readline
for prompt in express(1)
- deps: commander@2.6.0
- deps: connect@2.28.1
- deps: body-parser@~1.10.1
- deps: compression@~1.3.0
- deps: connect-timeout@~1.5.0
- deps: csurf@~1.6.4
- deps: debug@~2.1.1
- deps: errorhandler@~1.3.2
- deps: express-session@~1.10.1
- deps: finalhandler@0.3.3
- deps: method-override@~2.3.1
- deps: morgan@~1.5.1
- deps: serve-favicon@~2.2.0
- deps: serve-index@~1.6.0
- deps: serve-static@~1.8.0
- deps: type-is@~1.5.5
- deps: debug@~2.1.1
- deps: methods@~1.1.1
- deps: proxy-addr@~1.0.5
- deps: send@0.11.0
- deps: debug@~2.1.1
- deps: etag@~1.5.1
- deps: ms@0.7.0
- deps: on-finished@~2.2.0
3.18.6 / 2014-12-12
- Fix exception in
req.fresh
/req.stale
without response headers
3.18.5 / 2014-12-11
- deps: connect@2.27.6
- deps: compression@~1.2.2
- deps: express-session@~1.9.3
- deps: http-errors@~1.2.8
- deps: serve-index@~1.5.3
- deps: type-is@~1.5.4
3.18.4 / 2014-11-23
- deps: connect@2.27.4
- deps: body-parser@~1.9.3
- deps: compression@~1.2.1
- deps: errorhandler@~1.2.3
- deps: express-session@~1.9.2
- deps: qs@2.3.3
- deps: serve-favicon@~2.1.7
- deps: serve-static@~1.5.1
- deps: type-is@~1.5.3
- deps: etag@~1.5.1
- deps: proxy-addr@~1.0.4
3.18.3 / 2014-11-09
- deps: connect@2.27.3
- Correctly invoke async callback asynchronously
- deps: csurf@~1.6.3
3.18.2 / 2014-10-28
- deps: connect@2.27.2
- Fix handling of URLs containing
://
in the path
- deps: body-parser@~1.9.2
- deps: qs@2.3.2
3.18.1 / 2014-10-22
- Fix internal
utils.merge
deprecation warnings
- deps: connect@2.27.1
- deps: body-parser@~1.9.1
- deps: express-session@~1.9.1
- deps: finalhandler@0.3.2
- deps: morgan@~1.4.1
- deps: qs@2.3.0
- deps: serve-static@~1.7.1
- deps: send@0.10.1
3.18.0 / 2014-10-17
- Use
content-disposition
module for res.attachment
/res.download
- Sends standards-compliant
Content-Disposition
header
- Full Unicode support
- Use
etag
module to generate ETag
headers
- deps: connect@2.27.0
- Use
http-errors
module for creating errors
- Use
utils-merge
module for merging objects
- deps: body-parser@~1.9.0
- deps: compression@~1.2.0
- deps: connect-timeout@~1.4.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: express-session@~1.9.0
- deps: finalhandler@0.3.1
- deps: method-override@~2.3.0
- deps: morgan@~1.4.0
- deps: response-time@~2.2.0
- deps: serve-favicon@~2.1.6
- deps: serve-index@~1.5.0
- deps: serve-static@~1.7.0
- deps: debug@~2.1.0
- Implement
DEBUG_FD
env variable support
- deps: depd@~1.0.0
- deps: send@0.10.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: etag@~1.5.0
3.17.8 / 2014-10-15
- deps: connect@2.26.6
- deps: compression@~1.1.2
- deps: csurf@~1.6.2
- deps: errorhandler@~1.2.2
3.17.7 / 2014-10-08
- deps: connect@2.26.5
- Fix accepting non-object arguments to
logger
- deps: serve-static@~1.6.4
3.17.6 / 2014-10-02
- deps: connect@2.26.4
- deps: morgan@~1.3.2
- deps: type-is@~1.5.2
3.17.5 / 2014-09-24
- deps: connect@2.26.3
- deps: body-parser@~1.8.4
- deps: serve-favicon@~2.1.5
- deps: serve-static@~1.6.3
- deps: proxy-addr@~1.0.3
- deps: send@0.9.3
3.17.4 / 2014-09-19
- deps: connect@2.26.2
- deps: body-parser@~1.8.3
- deps: qs@2.2.4
3.17.3 / 2014-09-18
- deps: proxy-addr@~1.0.2
- Fix a global leak when multiple subnets are trusted
- deps: ipaddr.js@0.1.3
3.17.2 / 2014-09-15
- Use
crc
instead of buffer-crc32
for speed
- deps: connect@2.26.1
- deps: body-parser@~1.8.2
- deps: depd@0.4.5
- deps: express-session@~1.8.2
- deps: morgan@~1.3.1
- deps: serve-favicon@~2.1.3
- deps: serve-static@~1.6.2
- deps: depd@0.4.5
- deps: send@0.9.2
- deps: depd@0.4.5
- deps: etag@~1.3.1
- deps: range-parser@~1.0.2
3.17.1 / 2014-09-08
- Fix error in
req.subdomains
on empty host
3.17.0 / 2014-09-08
- Support
X-Forwarded-Host
in req.subdomains
- Support IP address host in
req.subdomains
- deps: connect@2.26.0
- deps: body-parser@~1.8.1
- deps: compression@~1.1.0
- deps: connect-timeout@~1.3.0
- deps: cookie-parser@~1.3.3
- deps: cookie-signature@1.0.5
- deps: csurf@~1.6.1
- deps: debug@~2.0.0
- deps: errorhandler@~1.2.0
- deps: express-session@~1.8.1
- deps: finalhandler@0.2.0
- deps: fresh@0.2.4
- deps: media-typer@0.3.0
- deps: method-override@~2.2.0
- deps: morgan@~1.3.0
- deps: qs@2.2.3
- deps: serve-favicon@~2.1.3
- deps: serve-index@~1.2.1
- deps: serve-static@~1.6.1
- deps: type-is@~1.5.1
- deps: vhost@~3.0.0
- deps: cookie-signature@1.0.5
- deps: debug@~2.0.0
- deps: fresh@0.2.4
- deps: media-typer@0.3.0
- Throw error when parameter format invalid on parse
- deps: range-parser@~1.0.2
- deps: send@0.9.1
- Add
lastModified
option
- Use
etag
to generate ETag
header
- deps: debug@~2.0.0
- deps: fresh@0.2.4
- deps: vary@~1.0.0
- Accept valid
Vary
header string as field
3.16.10 / 2014-09-04
- deps: connect@2.25.10
- deps: serve-static@~1.5.4
- deps: send@0.8.5
- Fix a path traversal issue when using
root
- Fix malicious path detection for empty string path
3.16.9 / 2014-08-29
- deps: connect@2.25.9
- deps: body-parser@~1.6.7
- deps: qs@2.2.2
3.16.8 / 2014-08-27
- deps: connect@2.25.8
- deps: body-parser@~1.6.6
- deps: csurf@~1.4.1
- deps: qs@2.2.0
3.16.7 / 2014-08-18
- deps: connect@2.25.7
- deps: body-parser@~1.6.5
- deps: express-session@~1.7.6
- deps: morgan@~1.2.3
- deps: serve-static@~1.5.3
- deps: send@0.8.3
- deps: destroy@1.0.3
- deps: on-finished@2.1.0
3.16.6 / 2014-08-14
- deps: connect@2.25.6
- deps: body-parser@~1.6.4
- deps: qs@1.2.2
- deps: serve-static@~1.5.2
- deps: send@0.8.2
- Work around
fd
leak in Node.js 0.10 for fs.ReadStream
3.16.5 / 2014-08-11
3.16.4 / 2014-08-10
- Fix original URL parsing in
res.location
- deps: connect@2.25.4
- Fix
query
middleware breaking with argument
- deps: body-parser@~1.6.3
- deps: compression@~1.0.11
- deps: connect-timeout@~1.2.2
- deps: express-session@~1.7.5
- deps: method-override@~2.1.3
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- deps: qs@1.2.1
- deps: response-time@~2.0.1
- deps: serve-index@~1.1.6
- deps: serve-static@~1.5.1
- deps: parseurl@~1.3.0
3.16.3 / 2014-08-07
3.16.2 / 2014-08-07
- deps: connect@2.25.2
- deps: body-parser@~1.6.2
- deps: qs@1.2.0
3.16.1 / 2014-08-06
- deps: connect@2.25.1
- deps: body-parser@~1.6.1
- deps: qs@1.1.0
3.16.0 / 2014-08-05
- deps: connect@2.25.0
- deps: body-parser@~1.6.0
- deps: compression@~1.0.10
- deps: csurf@~1.4.0
- deps: express-session@~1.7.4
- deps: qs@1.0.2
- deps: serve-static@~1.5.0
- deps: send@0.8.1
3.15.3 / 2014-08-04
- fix
res.sendfile
regression for serving directory index files
- deps: connect@2.24.3
- deps: serve-index@~1.1.5
- deps: serve-static@~1.4.4
- deps: send@0.7.4
- Fix incorrect 403 on Windows and Node.js 0.11
- Fix serving index files without root dir
3.15.2 / 2014-07-27
- deps: connect@2.24.2
- deps: body-parser@~1.5.2
- deps: depd@0.4.4
- deps: express-session@~1.7.2
- deps: morgan@~1.2.2
- deps: serve-static@~1.4.2
- deps: depd@0.4.4
- Work-around v8 generating empty stack traces
- deps: send@0.7.2
3.15.1 / 2014-07-26
- deps: connect@2.24.1
- deps: body-parser@~1.5.1
- deps: depd@0.4.3
- deps: express-session@~1.7.1
- deps: morgan@~1.2.1
- deps: serve-index@~1.1.4
- deps: serve-static@~1.4.1
- deps: depd@0.4.3
- Fix exception when global
Error.stackTraceLimit
is too low
- deps: send@0.7.1
3.15.0 / 2014-07-22
- Fix
req.protocol
for proxy-direct connections
- Pass options from
res.sendfile
to send
- deps: connect@2.24.0
- deps: body-parser@~1.5.0
- deps: compression@~1.0.9
- deps: connect-timeout@~1.2.1
- deps: debug@1.0.4
- deps: depd@0.4.2
- deps: express-session@~1.7.0
- deps: finalhandler@0.1.0
- deps: method-override@~2.1.2
- deps: morgan@~1.2.0
- deps: multiparty@3.3.1
- deps: parseurl@~1.2.0
- deps: serve-static@~1.4.0
- deps: debug@1.0.4
- deps: depd@0.4.2
- Add
TRACE_DEPRECATION
environment variable
- Remove non-standard grey color from color output
- Support
--no-deprecation
argument
- Support
--trace-deprecation
argument
- deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the “fast-path”
RegExp
- deps: send@0.7.0
- Add
dotfiles
option
- Cap
maxAge
value to 1 year
- deps: debug@1.0.4
- deps: depd@0.4.2
3.14.0 / 2014-07-11
- add explicit “Rosetta Flash JSONP abuse” protection
- previous versions are not vulnerable; this is just explicit protection
- deprecate
res.redirect(url, status)
-- use res.redirect(status, url)
instead
- fix
res.send(status, num)
to send num
as json (not error)
- remove unnecessary escaping when
res.jsonp
returns JSON response
- deps: basic-auth@1.0.0
- support empty password
- support empty username
- deps: connect@2.23.0
- deps: debug@1.0.3
- deps: express-session@~1.6.4
- deps: method-override@~2.1.0
- deps: parseurl@~1.1.3
- deps: serve-static@~1.3.1
- deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
- deps: methods@1.1.0
- add
CONNECT
- deps: parseurl@~1.1.3
- faster parsing of href-only URLs
3.13.0 / 2014-07-03
- add deprecation message to
app.configure
- add deprecation message to
req.auth
- use
basic-auth
to parse Authorization
header
- deps: connect@2.22.0
- deps: csurf@~1.3.0
- deps: express-session@~1.6.1
- deps: multiparty@3.3.0
- deps: serve-static@~1.3.0
- deps: send@0.5.0
- Accept string for
maxage
(converted by ms
)
- Include link in default redirect response
3.12.1 / 2014-06-26
- deps: connect@2.21.1
- deps: cookie-parser@1.3.2
- deps: cookie-signature@1.0.4
- deps: express-session@~1.5.2
- deps: type-is@~1.3.2
- deps: cookie-signature@1.0.4
3.12.0 / 2014-06-21
- use
media-typer
to alter content-type charset
- deps: connect@2.21.0
- deprecate
connect(middleware)
-- use app.use(middleware)
instead
- deprecate
connect.createServer()
-- use connect()
instead
- fix
res.setHeader()
patch to work with get -> append -> set pattern
- deps: compression@~1.0.8
- deps: errorhandler@~1.1.1
- deps: express-session@~1.5.0
- deps: serve-index@~1.1.3
3.11.0 / 2014-06-19
- deprecate things with
depd
module
- deps: buffer-crc32@0.2.3
- deps: connect@2.20.2
- deprecate
verify
option to json
-- use body-parser
npm module instead
- deprecate
verify
option to urlencoded
-- use body-parser
npm module instead
- deprecate things with
depd
module
- use
finalhandler
for final response handling
- use
media-typer
to parse content-type
for charset
- deps: body-parser@1.4.3
- deps: connect-timeout@1.1.1
- deps: cookie-parser@1.3.1
- deps: csurf@1.2.2
- deps: errorhandler@1.1.0
- deps: express-session@1.4.0
- deps: multiparty@3.2.9
- deps: serve-index@1.1.2
- deps: type-is@1.3.1
- deps: vhost@2.0.0
3.10.5 / 2014-06-11
- deps: connect@2.19.6
- deps: body-parser@1.3.1
- deps: compression@1.0.7
- deps: debug@1.0.2
- deps: serve-index@1.1.1
- deps: serve-static@1.2.3
- deps: debug@1.0.2
- deps: send@0.4.3
- Do not throw uncatchable error on file open race condition
- Use
escape-html
for HTML escaping
- deps: debug@1.0.2
- deps: finished@1.2.2
- deps: fresh@0.2.2
3.10.4 / 2014-06-09
- deps: connect@2.19.5
- fix “event emitter leak” warnings
- deps: csurf@1.2.1
- deps: debug@1.0.1
- deps: serve-static@1.2.2
- deps: type-is@1.2.1
- deps: debug@1.0.1
- deps: send@0.4.2
- fix “event emitter leak” warnings
- deps: finished@1.2.1
- deps: debug@1.0.1
3.10.3 / 2014-06-05
- use
vary
module for res.vary
- deps: connect@2.19.4
- deps: errorhandler@1.0.2
- deps: method-override@2.0.2
- deps: serve-favicon@2.0.1
- deps: debug@1.0.0
3.10.2 / 2014-06-03
3.10.1 / 2014-06-03
3.10.0 / 2014-06-02
- deps: connect@2.19.1
- deprecate
methodOverride()
-- use method-override
npm module instead
- deps: body-parser@1.3.0
- deps: method-override@2.0.1
- deps: multiparty@3.2.8
- deps: response-time@2.0.0
- deps: serve-static@1.2.1
- deps: methods@1.0.1
- deps: send@0.4.1
- Send
max-age
in Cache-Control
in correct format
3.9.0 / 2014-05-30
- custom etag control with
app.set('etag', val)
app.set('etag', function(body, encoding){ return '"etag"' })
custom etag generation
app.set('etag', 'weak')
weak tag
app.set('etag', 'strong')
strong etag
app.set('etag', false)
turn off
app.set('etag', true)
standard etag
- Include ETag in HEAD requests
- mark
res.send
ETag as weak and reduce collisions
- update connect to 2.18.0
- deps: compression@1.0.3
- deps: serve-index@1.1.0
- deps: serve-static@1.2.0
- update send to 0.4.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: debug@0.8.1
3.8.1 / 2014-05-27
- update connect to 2.17.3
- deps: body-parser@1.2.2
- deps: express-session@1.2.1
- deps: method-override@1.0.2
3.8.0 / 2014-05-21
- keep previous
Content-Type
for res.jsonp
- set proper
charset
in Content-Type
for res.send
- update connect to 2.17.1
- fix
res.charset
appending charset when content-type
has one
- deps: express-session@1.2.0
- deps: morgan@1.1.1
- deps: serve-index@1.0.3
3.7.0 / 2014-05-18
- proper proxy trust with
app.set('trust proxy', trust)
app.set('trust proxy', 1)
trust first hop
app.set('trust proxy', 'loopback')
trust loopback addresses
app.set('trust proxy', '10.0.0.1')
trust single IP
app.set('trust proxy', '10.0.0.1/16')
trust subnet
app.set('trust proxy', '10.0.0.1, 10.0.0.2')
trust list
app.set('trust proxy', false)
turn off
app.set('trust proxy', true)
trust everything
- update connect to 2.16.2
- deprecate
res.headerSent
-- use res.headersSent
- deprecate
res.on("header")
-- use on-headers module instead
- fix edge-case in
res.appendHeader
that would append in wrong order
- json: use body-parser
- urlencoded: use body-parser
- dep: bytes@1.0.0
- dep: cookie-parser@1.1.0
- dep: csurf@1.2.0
- dep: express-session@1.1.0
- dep: method-override@1.0.1
3.6.0 / 2014-05-09
- deprecate
app.del()
-- use app.delete()
instead
- deprecate
res.json(obj, status)
-- use res.json(status, obj)
instead
- the edge-case
res.json(status, num)
requires res.status(status).json(num)
- deprecate
res.jsonp(obj, status)
-- use res.jsonp(status, obj)
instead
- the edge-case
res.jsonp(status, num)
requires res.status(status).jsonp(num)
- support PURGE method
- add
app.purge
- add
router.purge
- include PURGE in
app.all
- update connect to 2.15.0
- Add
res.appendHeader
- Call error stack even when response has been sent
- Patch
res.headerSent
to return Boolean
- Patch
res.headersSent
for node.js 0.8
- Prevent default 404 handler after response sent
- dep: compression@1.0.2
- dep: connect-timeout@1.1.0
- dep: debug@^0.8.0
- dep: errorhandler@1.0.1
- dep: express-session@1.0.4
- dep: morgan@1.0.1
- dep: serve-favicon@2.0.0
- dep: serve-index@1.0.2
- update debug to 0.8.0
- add
enable()
method
- change from stderr to stdout
- update methods to 1.0.0
- update mkdirp to 0.5.0
3.5.3 / 2014-05-08
- fix
req.host
for IPv6 literals
- fix
res.jsonp
error if callback param is object
3.5.2 / 2014-04-24
- update connect to 2.14.5
- update cookie to 0.1.2
- update mkdirp to 0.4.0
- update send to 0.3.0
3.5.1 / 2014-03-25
- pin less-middleware in generated app
3.5.0 / 2014-03-06
3.4.8 / 2014-01-13
3.4.7 / 2013-12-10
3.4.6 / 2013-12-01
- update connect (raw-body)
3.4.5 / 2013-11-27
- update connect
- res.location: remove leading ./ #1802 @kapouer
- res.redirect: fix `res.redirect(‘toString’) #1829 @michaelficarra
- res.send: always send ETag when content-length > 0
- router: add Router.all() method
3.4.4 / 2013-10-29
- update connect
- update supertest
- update methods
- express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
3.4.3 / 2013-10-23
3.4.2 / 2013-10-18
- update connect
- downgrade commander
3.4.1 / 2013-10-15
- update connect
- update commander
- jsonp: check if callback is a function
- router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
- res.format: now includes charset @1747 (@sorribas)
- res.links: allow multiple calls @1746 (@sorribas)
3.4.0 / 2013-09-07
- add res.vary(). Closes #1682
- update connect
3.3.8 / 2013-09-02
3.3.7 / 2013-08-28
3.3.6 / 2013-08-27
- Revert “remove charset from json responses. Closes #1631” (causes issues in some clients)
- add: req.accepts take an argument list
3.3.4 / 2013-07-08
3.3.3 / 2013-07-04
3.3.2 / 2013-07-03
- update connect
- update send
- remove .version export
3.3.1 / 2013-06-27
3.3.0 / 2013-06-26
- update connect
- add support for multiple X-Forwarded-Proto values. Closes #1646
- change: remove charset from json responses. Closes #1631
- change: return actual booleans from req.accept* functions
- fix jsonp callback array throw
3.2.6 / 2013-06-02
3.2.5 / 2013-05-21
- update connect
- update node-cookie
- add: throw a meaningful error when there is no default engine
- change generation of ETags with res.send() to GET requests only. Closes #1619
3.2.4 / 2013-05-09
- fix
req.subdomains
when no Host is present
- fix
req.host
when no Host is present, return undefined
3.2.3 / 2013-05-07
3.2.2 / 2013-05-03
3.2.1 / 2013-04-29
- add app.VERB() paths array deprecation warning
- update connect
- update qs and remove all ~ semver crap
- fix: accept number as value of Signed Cookie
3.2.0 / 2013-04-15
- add “view” constructor setting to override view behaviour
- add req.acceptsEncoding(name)
- add req.acceptedEncodings
- revert cookie signature change causing session race conditions
- fix sorting of Accept values of the same quality
3.1.2 / 2013-04-12
- add support for custom Accept parameters
- update cookie-signature
3.1.1 / 2013-04-01
- add X-Forwarded-Host support to
req.host
- fix relative redirects
- update mkdirp
- update buffer-crc32
- remove legacy app.configure() method from app template.
3.1.0 / 2013-01-25
- add support for leading “.” in “view engine” setting
- add array support to
res.set()
- add node 0.8.x to travis.yml
- add “subdomain offset” setting for tweaking
req.subdomains
- add
res.location(url)
implementing res.redirect()
-like setting of Location
- use app.get() for x-powered-by setting for inheritance
- fix colons in passwords for
req.auth
3.0.6 / 2013-01-04
- add http verb methods to Router
- update connect
- fix mangling of the
res.cookie()
options object
- fix jsonp whitespace escape. Closes #1132
3.0.5 / 2012-12-19
- add throwing when a non-function is passed to a route
- fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
- revert “add ‘etag’ option”
3.0.4 / 2012-12-05
- add ‘etag’ option to disable
res.send()
Etags
- add escaping of urls in text/plain in
res.redirect()
for old browsers interpreting as html
- change crc32 module for a more liberal license
- update connect
3.0.3 / 2012-11-13
- update connect
- update cookie module
- fix cookie max-age
3.0.2 / 2012-11-08
- add OPTIONS to cors example. Closes #1398
- fix route chaining regression. Closes #1397
3.0.1 / 2012-11-01
3.0.0 / 2012-10-23
- add
make clean
- add “Basic” check to req.auth
- add
req.auth
test coverage
- add cb && cb(payload) to
res.jsonp()
. Closes #1374
- add backwards compat for
res.redirect()
status. Closes #1336
- add support for
res.json()
to retain previously defined Content-Types. Closes #1349
- update connect
- change
res.redirect()
to utilize a pathname-relative Location again. Closes #1382
- remove non-primitive string support for
res.send()
- fix view-locals example. Closes #1370
- fix route-separation example
3.0.0rc5 / 2012-09-18
- update connect
- add redis search example
- add static-files example
- add “x-powered-by” setting (
app.disable('x-powered-by')
)
- add “application/octet-stream” redirect Accept test case. Closes #1317
3.0.0rc4 / 2012-08-30
- add
res.jsonp()
. Closes #1307
- add “verbose errors” option to error-pages example
- add another route example to express(1) so people are not so confused
- add redis online user activity tracking example
- update connect dep
- fix etag quoting. Closes #1310
- fix error-pages 404 status
- fix jsonp callback char restrictions
- remove old OPTIONS default response
3.0.0rc3 / 2012-08-13
- update connect dep
- fix signed cookies to work with
connect.cookieParser()
(“s:” prefix was missing) [tnydwrds]
- fix
res.render()
clobbering of “locals”
3.0.0rc2 / 2012-08-03
- add CORS example
- update connect dep
- deprecate
.createServer()
& remove old stale examples
- fix: escape
res.redirect()
link
- fix vhost example
3.0.0rc1 / 2012-07-24
- add more examples to view-locals
- add scheme-relative redirects (
res.redirect("//foo.com")
) support
- update cookie dep
- update connect dep
- update send dep
- fix
express(1)
-h flag, use -H for hogan. Closes #1245
- fix
res.sendfile()
socket error handling regression
3.0.0beta7 / 2012-07-16
- update connect dep for
send()
root normalization regression
3.0.0beta6 / 2012-07-13
- add
err.view
property for view errors. Closes #1226
- add “jsonp callback name” setting
- add support for “/foo/:bar*” non-greedy matches
- change
res.sendfile()
to use send()
module
- change
res.send
to use “response-send” module
- remove
app.locals.use
and res.locals.use
, use regular middleware
3.0.0beta5 / 2012-07-03
- add “make check” support
- add route-map example
- add
res.json(obj, status)
support back for BC
- add “methods” dep, remove internal methods module
- update connect dep
- update auth example to utilize cores pbkdf2
- updated tests to use “supertest”
3.0.0beta4 / 2012-06-25
- Added
req.auth
- Added
req.range(size)
- Added
res.links(obj)
- Added
res.send(body, status)
support back for backwards compat
- Added
.default()
support to res.format()
- Added 2xx / 304 check to
req.fresh
- Revert “Added + support to the router”
- Fixed
res.send()
freshness check, respect res.statusCode
3.0.0beta3 / 2012-06-15
- Added hogan
--hjs
to express(1) [nullfirm]
- Added another example to content-negotiation
- Added
fresh
dep
- Changed:
res.send()
always checks freshness
- Fixed: expose connects mime module. Closes #1165
3.0.0beta2 / 2012-06-06
- Added
+
support to the router
- Added
req.host
- Changed
req.param()
to check route first
- Update connect dep
3.0.0beta1 / 2012-06-01
- Added
res.format()
callback to override default 406 behaviour
- Fixed
res.redirect()
406. Closes #1154
3.0.0alpha5 / 2012-05-30
- Added
req.ip
- Added
{ signed: true }
option to res.cookie()
- Removed
res.signedCookie()
- Changed: dont reverse
req.ips
- Fixed “trust proxy” setting check for
req.ips
3.0.0alpha4 / 2012-05-09
- Added: allow
[]
in jsonp callback. Closes #1128
- Added
PORT
env var support in generated template. Closes #1118 [benatkin]
- Updated: connect 2.2.2
3.0.0alpha3 / 2012-05-04
- Added public
app.routes
. Closes #887
- Added view-locals example
- Added mvc example
- Added
res.locals.use()
. Closes #1120
- Added conditional-GET support to
res.send()
- Added: coerce
res.set()
values to strings
- Changed: moved
static()
in generated apps below router
- Changed:
res.send()
only set ETag when not previously set
- Changed connect 2.2.1 dep
- Changed:
make test
now runs unit / acceptance tests
- Fixed req/res proto inheritance
3.0.0alpha2 / 2012-04-26
- Added
make benchmark
back
- Added
res.send()
support for String
objects
- Added client-side data exposing example
- Added
res.header()
and req.header()
aliases for BC
- Added
express.createServer()
for BC
- Perf: memoize parsed urls
- Perf: connect 2.2.0 dep
- Changed: make
expressInit()
middleware self-aware
- Fixed: use app.get() for all core settings
- Fixed redis session example
- Fixed session example. Closes #1105
- Fixed generated express dep. Closes #1078
3.0.0alpha1 / 2012-04-15
- Added
app.locals.use(callback)
- Added
app.locals
object
- Added
app.locals(obj)
- Added
res.locals
object
- Added
res.locals(obj)
- Added
res.format()
for content-negotiation
- Added
app.engine()
- Added
res.cookie()
JSON cookie support
- Added “trust proxy” setting
- Added
req.subdomains
- Added
req.protocol
- Added
req.secure
- Added
req.path
- Added
req.ips
- Added
req.fresh
- Added
req.stale
- Added comma-delimited / array support for
req.accepts()
- Added debug instrumentation
- Added
res.set(obj)
- Added
res.set(field, value)
- Added
res.get(field)
- Added
app.get(setting)
. Closes #842
- Added
req.acceptsLanguage()
- Added
req.acceptsCharset()
- Added
req.accepted
- Added
req.acceptedLanguages
- Added
req.acceptedCharsets
- Added “json replacer” setting
- Added “json spaces” setting
- Added X-Forwarded-Proto support to
res.redirect()
. Closes #92
- Added
--less
support to express(1)
- Added
express.response
prototype
- Added
express.request
prototype
- Added
express.application
prototype
- Added
app.path()
- Added
app.render()
- Added
res.type()
to replace res.contentType()
- Changed:
res.redirect()
to add relative support
- Changed: enable “jsonp callback” by default
- Changed: renamed “case sensitive routes” to “case sensitive routing”
- Rewrite of all tests with mocha
- Removed “root” setting
- Removed
res.redirect('home')
support
- Removed
req.notify()
- Removed
app.register()
- Removed
app.redirect()
- Removed
app.is()
- Removed
app.helpers()
- Removed
app.dynamicHelpers()
- Fixed
res.sendfile()
with non-GET. Closes #723
- Fixed express(1) public dir for windows. Closes #866
2.5.9/ 2012-04-02
- Added support for PURGE request method [pbuyle]
- Fixed
express(1)
generated app app.address()
before listening
[mmalecki]
2.5.8 / 2012-02-08
- Update mkdirp dep. Closes #991
2.5.7 / 2012-02-06
- Fixed
app.all
duplicate DELETE requests [mscdex]
2.5.6 / 2012-01-13
- Updated hamljs dev dep. Closes #953
2.5.5 / 2012-01-08
- Fixed: set
filename
on cached templates [matthewleon]
2.5.4 / 2012-01-02
- Fixed
express(1)
eol on 0.4.x. Closes #947
2.5.3 / 2011-12-30
- Fixed
req.is()
when a charset is present
2.5.2 / 2011-12-10
- Fixed: express(1) LF -> CRLF for windows
2.5.1 / 2011-11-17
- Changed: updated connect to 1.8.x
- Removed sass.js support from express(1)
2.5.0 / 2011-10-24
- Added ./routes dir for generated app by default
- Added npm install reminder to express(1) app gen
- Added 0.5.x support
- Removed
make test-cov
since it wont work with node 0.5.x
- Fixed express(1) public dir for windows. Closes #866
2.4.7 / 2011-10-05
- Added mkdirp to express(1). Closes #795
- Added simple json-config example
- Added shorthand for the parsed request’s pathname via
req.path
- Changed connect dep to 1.7.x to fix npm issue…
- Fixed
res.redirect()
HEAD support. [reported by xerox]
- Fixed
req.flash()
, only escape args
- Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
2.4.6 / 2011-08-22
- Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
2.4.5 / 2011-08-19
- Added support for routes to handle errors. Closes #809
- Added
app.routes.all()
. Closes #803
- Added “basepath” setting to work in conjunction with reverse proxies etc.
- Refactored
Route
to use a single array of callbacks
- Added support for multiple callbacks for
app.param()
. Closes #801
Closes #805
- Changed: removed .call(self) for route callbacks
- Dependency:
qs >= 0.3.1
- Fixed
res.redirect()
on windows due to join()
usage. Closes #808
2.4.4 / 2011-08-05
- Fixed
res.header()
intention of a set, even when undefined
- Fixed
*
, value no longer required
- Fixed
res.send(204)
support. Closes #771
2.4.3 / 2011-07-14
- Added docs for
status
option special-case. Closes #739
- Fixed
options.filename
, exposing the view path to template engines
2.4.2. / 2011-07-06
- Revert “removed jsonp stripping” for XSS
2.4.1 / 2011-07-06
- Added
res.json()
JSONP support. Closes #737
- Added extending-templates example. Closes #730
- Added “strict routing” setting for trailing slashes
- Added support for multiple envs in
app.configure()
calls. Closes #735
- Changed:
res.send()
using res.json()
- Changed: when cookie
path === null
don’t default it
- Changed; default cookie path to “home” setting. Closes #731
- Removed pids/logs creation from express(1)
2.4.0 / 2011-06-28
- Added chainable
res.status(code)
- Added
res.json()
, an explicit version of res.send(obj)
- Added simple web-service example
2.3.12 / 2011-06-22
- #express is now on freenode! come join!
- Added
req.get(field, param)
- Added links to Japanese documentation, thanks @hideyukisaito!
- Added; the
express(1)
generated app outputs the env
- Added
content-negotiation
example
- Dependency: connect >= 1.5.1 < 2.0.0
- Fixed view layout bug. Closes #720
- Fixed; ignore body on 304. Closes #701
2.3.11 / 2011-06-04
- Added
npm test
- Removed generation of dummy test file from
express(1)
- Fixed;
express(1)
adds express as a dep
- Fixed; prune on
prepublish
2.3.10 / 2011-05-27
- Added
req.route
, exposing the current route
- Added package.json generation support to
express(1)
- Fixed call to
app.param()
function for optional params. Closes #682
2.3.9 / 2011-05-25
- Fixed bug-ish with
../' in
res.partial()` calls
2.3.8 / 2011-05-24
2.3.7 / 2011-05-23
- Added route
Collection
, ex: app.get('/user/:id').remove();
- Added support for
app.param(fn)
to define param logic
- Removed
app.param()
support for callback with return value
- Removed module.parent check from express(1) generated app. Closes #670
- Refactored router. Closes #639
2.3.6 / 2011-05-20
- Changed; using devDependencies instead of git submodules
- Fixed redis session example
- Fixed markdown example
- Fixed view caching, should not be enabled in development
2.3.5 / 2011-05-20
- Added export
.view
as alias for .View
2.3.4 / 2011-05-08
- Added
./examples/say
- Fixed
res.sendfile()
bug preventing the transfer of files with spaces
2.3.3 / 2011-05-03
- Added “case sensitive routes” option.
- Changed; split methods supported per rfc [slaskis]
- Fixed route-specific middleware when using the same callback function several times
2.3.2 / 2011-04-27
2.3.1 / 2011-04-26
- Added
app.match()
as app.match.all()
- Added
app.lookup()
as app.lookup.all()
- Added
app.remove()
for app.remove.all()
- Added
app.remove.VERB()
- Fixed template caching collision issue. Closes #644
- Moved router over from connect and started refactor
2.3.0 / 2011-04-25
- Added options support to
res.clearCookie()
- Added
res.helpers()
as alias of res.locals()
- Added; json defaults to UTF-8 with
res.send()
. Closes #632. [Daniel * Dependency connect >= 1.4.0
- Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
- Renamed “cache views” to “view cache”. Closes #628
- Fixed caching of views when using several apps. Closes #637
- Fixed gotcha invoking
app.param()
callbacks once per route middleware.
Closes #638
- Fixed partial lookup precedence. Closes #631
Shaw]
2.2.2 / 2011-04-12
- Added second callback support for
res.download()
connection errors
- Fixed
filename
option passing to template engine
2.2.1 / 2011-04-04
- Added
layout(path)
helper to change the layout within a view. Closes #610
Fixed partial()
collection object support.
Previously only anything with .length
would work.
When .length
is present one must still be aware of holes,
however now { collection: {foo: 'bar'}}
is valid, exposes
keyInCollection
and keysInCollection
.
Performance improved with better view caching
Removed request
and response
locals
Changed; errorHandler page title is now Express
instead of Connect
2.2.0 / 2011-03-30
- Added
app.lookup.VERB()
, ex app.lookup.put('/user/:id')
. Closes #606
- Added
app.match.VERB()
, ex app.match.put('/user/12')
. Closes #606
- Added
app.VERB(path)
as alias of app.lookup.VERB()
.
- Dependency
connect >= 1.2.0
2.1.1 / 2011-03-29
- Added; expose
err.view
object when failing to locate a view
- Fixed
res.partial()
call next(err)
when no callback is given [reported by aheckmann]
- Fixed;
res.send(undefined)
responds with 204 [aheckmann]
2.1.0 / 2011-03-24
- Added
<root>/_?<name>
partial lookup support. Closes #447
- Added
request
, response
, and app
local variables
- Added
settings
local variable, containing the app’s settings
- Added
req.flash()
exception if req.session
is not available
- Added
res.send(bool)
support (json response)
- Fixed stylus example for latest version
- Fixed; wrap try/catch around
res.render()
2.0.0 / 2011-03-17
- Fixed up index view path alternative.
- Changed;
res.locals()
without object returns the locals
2.0.0rc3 / 2011-03-17
- Added
res.locals(obj)
to compliment res.local(key, val)
- Added
res.partial()
callback support
- Fixed recursive error reporting issue in
res.render()
2.0.0rc2 / 2011-03-17
- Changed;
partial()
“locals” are now optional
- Fixed
SlowBuffer
support. Closes #584 [reported by tyrda01]
- Fixed .filename view engine option [reported by drudge]
- Fixed blog example
- Fixed
{req,res}.app
reference when mounting [Ben Weaver]
2.0.0rc / 2011-03-14
- Fixed; expose
HTTPSServer
constructor
- Fixed express(1) default test charset. Closes #579 [reported by secoif]
- Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
2.0.0beta3 / 2011-03-09
- Added support for
res.contentType()
literal
The original res.contentType('.json')
,
res.contentType('application/json')
, and res.contentType('json')
will work now.
- Added
res.render()
status option support back
- Added charset option for
res.render()
- Added
.charset
support (via connect 1.0.4)
- Added view resolution hints when in development and a lookup fails
- Added layout lookup support relative to the page view.
For example while rendering
./views/user/index.jade
if you create
./views/user/layout.jade
it will be used in favour of the root layout.
- Fixed
res.redirect()
. RFC states absolute url [reported by unlink]
- Fixed; default
res.send()
string charset to utf8
- Removed
Partial
constructor (not currently used)
2.0.0beta2 / 2011-03-07
- Added res.render()
.locals
support back to aid in migration process
- Fixed flash example
2.0.0beta / 2011-03-03
- Added HTTPS support
- Added
res.cookie()
maxAge support
- Added
req.header()
Referrer / Referer special-case, either works
- Added mount support for
res.redirect()
, now respects the mount-point
- Added
union()
util, taking place of merge(clone())
combo
- Added stylus support to express(1) generated app
- Added secret to session middleware used in examples and generated app
- Added
res.local(name, val)
for progressive view locals
- Added default param support to
req.param(name, default)
- Added
app.disabled()
and app.enabled()
- Added
app.register()
support for omitting leading “.”, either works
- Added
res.partial()
, using the same interface as partial()
within a view. Closes #539
- Added
app.param()
to map route params to async/sync logic
- Added; aliased
app.helpers()
as app.locals()
. Closes #481
- Added extname with no leading “.” support to
res.contentType()
- Added
cache views
setting, defaulting to enabled in “production” env
- Added index file partial resolution, eg: partial(‘user’) may try views/user/index.jade.
- Added
req.accepts()
support for extensions
- Changed;
res.download()
and res.sendfile()
now utilize Connect’s
static file server connect.static.send()
.
- Changed; replaced
connect.utils.mime()
with npm mime module
- Changed; allow
req.query
to be pre-defined (via middleware or other parent
- Changed view partial resolution, now relative to parent view
- Changed view engine signature. no longer
engine.render(str, options, callback)
, now engine.compile(str, options) -> Function
, the returned function accepts fn(locals)
.
- Fixed
req.param()
bug returning Array.prototype methods. Closes #552
- Fixed; using
Stream#pipe()
instead of sys.pump()
in res.sendfile()
- Fixed; using qs module instead of querystring
- Fixed; strip unsafe chars from jsonp callbacks
- Removed “stream threshold” setting
1.0.8 / 2011-03-01
- Allow
req.query
to be pre-defined (via middleware or other parent app)
- “connect”: “>= 0.5.0 < 1.0.0”. Closes #547
- Removed the long deprecated EXPRESS_ENV support
1.0.7 / 2011-02-07
- Fixed
render()
setting inheritance.
Mounted apps would not inherit “view engine”
1.0.6 / 2011-02-07
- Fixed
view engine
setting bug when period is in dirname
1.0.5 / 2011-02-05
- Added secret to generated app
session()
call
1.0.4 / 2011-02-05
- Added
qs
dependency to package.json
- Fixed namespaced
require()
s for latest connect support
1.0.3 / 2011-01-13
- Remove unsafe characters from JSONP callback names [Ryan Grove]
1.0.2 / 2011-01-10
- Removed nested require, using
connect.router
1.0.1 / 2010-12-29
- Fixed for middleware stacked via
createServer()
previously the foo
middleware passed to createServer(foo)
would not have access to Express methods such as res.send()
or props like req.query
etc.
1.0.0 / 2010-11-16
- Added; deduce partial object names from the last segment.
For example by default
partial('forum/post', postObject)
will
give you the post object, providing a meaningful default.
- Added http status code string representation to
res.redirect()
body
- Added;
res.redirect()
supporting text/plain and text/html via Accept.
- Added
req.is()
to aid in content negotiation
- Added partial local inheritance [suggested by masylum]. Closes #102
providing access to parent template locals.
- Added -s, --session[s] flag to express(1) to add session related middleware
- Added --template flag to express(1) to specify the
template engine to use.
- Added --css flag to express(1) to specify the
stylesheet engine to use (or just plain css by default).
- Added
app.all()
support [thanks aheckmann]
- Added partial direct object support.
You may now
partial('user', user)
providing the “user” local,
vs previously partial('user', { object: user })
.
- Added route-separation example since many people question ways
to do this with CommonJS modules. Also view the blog example for
an alternative.
- Performance; caching view path derived partial object names
- Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
- Fixed jsonp support; text/javascript as per mailinglist discussion
1.0.0rc4 / 2010-10-14
- Added _NODEENV support, _EXPRESSENV is deprecated and will be removed in 1.0.0
- Added route-middleware support (very helpful, see the docs)
- Added jsonp callback setting to enable/disable jsonp autowrapping [Dav Glass]
- Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
- Added
partial()
support for array-like collections. Closes #434
- Added support for swappable querystring parsers
- Added session usage docs. Closes #443
- Added dynamic helper caching. Closes #439 [suggested by maritz]
- Added authentication example
- Added basic Range support to
res.sendfile()
(and res.download()
etc)
- Changed;
express(1)
generated app using 2 spaces instead of 4
- Default env to “development” again [aheckmann]
- Removed context option is no more, use “scope”
- Fixed; exposing ./support libs to examples so they can run without installs
- Fixed mvc example
1.0.0rc3 / 2010-09-20
- Added confirmation for
express(1)
app generation. Closes #391
- Added extending of flash formatters via
app.flashFormatters
- Added flash formatter support. Closes #411
- Added streaming support to
res.sendfile()
using sys.pump()
when >= “stream threshold”
- Added stream threshold setting for
res.sendfile()
- Added
res.send()
HEAD support
- Added
res.clearCookie()
- Added
res.cookie()
- Added
res.render()
headers option
- Added
res.redirect()
response bodies
- Added
res.render()
status option support. Closes #425 [thanks aheckmann]
- Fixed
res.sendfile()
responding with 403 on malicious path
- Fixed
res.download()
bug; when an error occurs remove Content-Disposition
- Fixed; mounted apps settings now inherit from parent app [aheckmann]
- Fixed; stripping Content-Length / Content-Type when 204
- Fixed
res.send()
204. Closes #419
- Fixed multiple Set-Cookie headers via
res.header()
. Closes #402
- Fixed bug messing with error handlers when
listenFD()
is called instead of listen()
. [thanks guillermo]
1.0.0rc2 / 2010-08-17
- Added
app.register()
for template engine mapping. Closes #390
- Added
res.render()
callback support as second argument (no options)
- Added callback support to
res.download()
- Added callback support for
res.sendfile()
- Added support for middleware access via
express.middlewareName()
vs connect.middlewareName()
- Added “partials” setting to docs
- Added default expresso tests to
express(1)
generated app. Closes #384
- Fixed
res.sendfile()
error handling, defer via next()
- Fixed
res.render()
callback when a layout is used [thanks guillermo]
- Fixed;
make install
creating ~/.node_libraries when not present
- Fixed issue preventing error handlers from being defined anywhere. Closes #387
1.0.0rc / 2010-07-28
- Added mounted hook. Closes #369
Added connect dependency to package.json
Removed “reload views” setting and support code
development env never caches, production always caches.
Removed param in route callbacks, signature is now
simply (req, res, next), previously (req, res, params, next).
Use req.params for path captures, req.query for GET params.
Fixed “home” setting
Fixed middleware/router precedence issue. Closes #366
Fixed; configure() callbacks called immediately. Closes #368
1.0.0beta2 / 2010-07-23
- Added more examples
- Added; exporting
Server
constructor
- Added
Server#helpers()
for view locals
- Added
Server#dynamicHelpers()
for dynamic view locals. Closes #349
- Added support for absolute view paths
- Added; home setting defaults to
Server#route
for mounted apps. Closes #363
- Added Guillermo Rauch to the contributor list
- Added support for “as” for non-collection partials. Closes #341
- Fixed install.sh, ensuring _~/.nodelibraries exists. Closes #362 [thanks jf]
- Fixed
res.render()
exceptions, now passed to next()
when no callback is given [thanks guillermo]
- Fixed instanceof
Array
checks, now Array.isArray()
- Fixed express(1) expansion of public dirs. Closes #348
- Fixed middleware precedence. Closes #345
- Fixed view watcher, now async [thanks aheckmann]
1.0.0beta / 2010-07-15
- Re-write
- much faster
- much lighter
- Check ExpressJS.com for migration guide and updated docs
0.14.0 / 2010-06-15
- Utilize relative requires
- Added Static bufferSize option [aheckmann]
- Fixed caching of view and partial subdirectories [aheckmann]
- Fixed mime.type() comments now that “.ext” is not supported
- Updated haml submodule
- Updated class submodule
- Removed bin/express
0.13.0 / 2010-06-01
- Added node v0.1.97 compatibility
- Added support for deleting cookies via Request#cookie(‘key’, null)
- Updated haml submodule
- Fixed not-found page, now using charset utf-8
- Fixed show-exceptions page, now using charset utf-8
- Fixed view support due to fs.readFile Buffers
- Changed; mime.type() no longer accepts “.type” due to node extname() changes
0.12.0 / 2010-05-22
- Added node v0.1.96 compatibility
- Added view
helpers
export which act as additional local variables
- Updated haml submodule
- Changed ETag; removed inode, modified time only
- Fixed LF to CRLF for setting multiple cookies
- Fixed cookie compilation; values are now urlencoded
- Fixed cookies parsing; accepts quoted values and url escaped cookies
0.11.0 / 2010-05-06
- Added support for layouts using different engines
- this.render(‘page.html.haml’, { layout: ‘super-cool-layout.html.ejs’ })
- this.render(‘page.html.haml’, { layout: ‘foo’ }) // assumes ‘foo.html.haml’
- this.render(‘page.html.haml’, { layout: false }) // no layout
- Updated ext submodule
- Updated haml submodule
- Fixed EJS partial support by passing along the context. Issue #307
0.10.1 / 2010-05-03
0.10.0 / 2010-04-30
- Added charset support via Request#charset (automatically assigned to ‘UTF-8’ when respond()’s
encoding is set to ‘utf8’ or ‘utf-8’).
- Added “encoding” option to Request#render(). Closes #299
- Added “dump exceptions” setting, which is enabled by default.
- Added simple ejs template engine support
- Added error response support for text/plain, application/json. Closes #297
- Added callback function param to Request#error()
- Added Request#sendHead()
- Added Request#stream()
- Added support for Request#respond(304, null) for empty response bodies
- Added ETag support to Request#sendfile()
- Added options to Request#sendfile(), passed to fs.createReadStream()
- Added filename arg to Request#download()
- Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
- Performance enhanced by preventing several calls to toLowerCase() in Router#match()
- Changed; Request#sendfile() now streams
- Changed; Renamed Request#halt() to Request#respond(). Closes #289
- Changed; Using sys.inspect() instead of JSON.encode() for error output
- Changed; run() returns the http.Server instance. Closes #298
- Changed; Defaulting Server#host to null (INADDR_ANY)
- Changed; Logger “common” format scale of 0.4f
- Removed Logger “request” format
- Fixed; Catching ENOENT in view caching, preventing error when “views/partials” is not found
- Fixed several issues with http client
- Fixed Logger Content-Length output
- Fixed bug preventing Opera from retaining the generated session id. Closes #292
0.9.0 / 2010-04-14
- Added DSL level error() route support
- Added DSL level notFound() route support
- Added Request#error()
- Added Request#notFound()
- Added Request#render() callback function. Closes #258
- Added “max upload size” setting
- Added “magic” variables to collection partials (__index__, __length__, __isFirst__, __isLast__). Closes #254
- Added haml.js submodule; removed haml-js
- Added callback function support to Request#halt() as 3rd/4th arg
- Added preprocessing of route param wildcards using param(). Closes #251
- Added view partial support (with collections etc.)
- Fixed bug preventing falsey params (such as ?page=0). Closes #286
- Fixed setting of multiple cookies. Closes #199
- Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
- Changed; session cookie is now httpOnly
- Changed; Request is no longer global
- Changed; Event is no longer global
- Changed; “sys” module is no longer global
- Changed; moved Request#download to Static plugin where it belongs
- Changed; Request instance created before body parsing. Closes #262
- Changed; Pre-caching views in memory when “cache view contents” is enabled. Closes #253
- Changed; Pre-caching view partials in memory when “cache view partials” is enabled
- Updated support to node --version 0.1.90
- Updated dependencies
- Removed set(“session cookie”) in favour of use(Session, { cookie: { … }})
- Removed utils.mixin(); use Object#mergeDeep()
0.8.0 / 2010-03-19
- Added coffeescript example app. Closes #242
- Changed; cache api now async friendly. Closes #240
- Removed deprecated ‘express/static’ support. Use ‘express/plugins/static’
0.7.6 / 2010-03-19
- Added Request#isXHR. Closes #229
- Added
make install
(for the executable)
- Added
express
executable for setting up simple app templates
- Added “GET /public/*” to Static plugin, defaulting to /public
- Added Static plugin
- Fixed; Request#render() only calls cache.get() once
- Fixed; Namespacing View caches with “view:”
- Fixed; Namespacing Static caches with “static:”
- Fixed; Both example apps now use the Static plugin
- Fixed set(“views”). Closes #239
- Fixed missing space for combined log format
- Deprecated Request#sendfile() and ‘express/static’
- Removed Server#running
0.7.5 / 2010-03-16
- Added Request#flash() support without args, now returns all flashes
- Updated ext submodule
0.7.4 / 2010-03-16
- Fixed session reaper
- Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
0.7.3 / 2010-03-16
- Added package.json
- Fixed requiring of haml / sass due to kiwi removal
0.7.2 / 2010-03-16
- Fixed GIT submodules (HAH!)
0.7.1 / 2010-03-16
- Changed; Express now using submodules again until a PM is adopted
- Changed; chat example using millisecond conversions from ext
0.7.0 / 2010-03-15
- Added Request#pass() support (finds the next matching route, or the given path)
- Added Logger plugin (default “common” format replaces CommonLogger)
- Removed Profiler plugin
- Removed CommonLogger plugin
0.6.0 / 2010-03-11
- Added seed.yml for kiwi package management support
Added HTTP client query string support when method is GET. Closes #205
Added support for arbitrary view engines.
For example “foo.engine.html” will now require(‘engine’),
the exports from this module are cached after the first require().
Added async plugin support
Removed usage of RESTful route funcs as http client
get() etc, use http.get() and friends
Removed custom exceptions
0.5.0 / 2010-03-10
- Added ext dependency (library of js extensions)
- Removed extname() / basename() utils. Use path module
- Removed toArray() util. Use arguments.values
- Removed escapeRegexp() util. Use RegExp.escape()
- Removed process.mixin() dependency. Use utils.mixin()
- Removed Collection
- Removed ElementCollection
- Shameless self promotion of ebook “Advanced JavaScript” (http://dev-mag.com) ;)
0.4.0 / 2010-02-11
- Added flash() example to sample upload app
- Added high level restful http client module (express/http)
- Changed; RESTful route functions double as HTTP clients. Closes #69
- Changed; throwing error when routes are added at runtime
- Changed; defaulting render() context to the current Request. Closes #197
- Updated haml submodule
0.3.0 / 2010-02-11
- Updated haml / sass submodules. Closes #200
- Added flash message support. Closes #64
- Added accepts() now allows multiple args. fixes #117
- Added support for plugins to halt. Closes #189
- Added alternate layout support. Closes #119
- Removed Route#run(). Closes #188
- Fixed broken specs due to use(Cookie) missing
0.2.1 / 2010-02-05
- Added “plot” format option for Profiler (for gnuplot processing)
- Added request number to Profiler plugin
- Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
- Fixed issue with routes not firing when not files are present. Closes #184
- Fixed process.Promise -> events.Promise
0.2.0 / 2010-02-03
- Added parseParam() support for name[] etc. (allows for file inputs with “multiple” attr) Closes #180
- Added Both Cache and Session option “reapInterval” may be “reapEvery”. Closes #174
- Added expiration support to cache api with reaper. Closes #133
- Added cache Store.Memory#reap()
- Added Cache; cache api now uses first class Cache instances
- Added abstract session Store. Closes #172
- Changed; cache Memory.Store#get() utilizing Collection
- Renamed MemoryStore -> Store.Memory
- Fixed use() of the same plugin several time will always use latest options. Closes #176
0.1.0 / 2010-02-03
- Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
- Updated node support to 0.1.27 Closes #169
- Updated dirname(__filename) -> __dirname
- Updated libxmljs support to v0.2.0
- Added session support with memory store / reaping
- Added quick uid() helper
- Added multi-part upload support
- Added Sass.js support / submodule
- Added production env caching view contents and static files
- Added static file caching. Closes #136
- Added cache plugin with memory stores
- Added support to StaticFile so that it works with non-textual files.
- Removed dirname() helper
- Removed several globals (now their modules must be required)
0.0.2 / 2010-01-10
- Added view benchmarks; currently haml vs ejs
- Added Request#attachment() specs. Closes #116
- Added use of node’s parseQuery() util. Closes #123
- Added
make init
for submodules
- Updated Haml
- Updated sample chat app to show messages on load
- Updated libxmljs parseString -> parseHtmlString
- Fixed
make init
to work with older versions of git
- Fixed specs can now run independent specs for those who can’t build deps. Closes #127
- Fixed issues introduced by the node url module changes. Closes 126.
- Fixed two assertions failing due to Collection#keys() returning strings
- Fixed faulty Collection#toArray() spec due to keys() returning strings
- Fixed
make test
now builds libxmljs.node before testing
0.0.1 / 2010-01-03