4 * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
6 - deps: mime-types@~2.0.8
7 * deps: proxy-addr@~1.0.6
8 - deps: ipaddr.js@0.1.8
10 - deps: mime-types@~2.0.8
16 - Fix root path disclosure
17 * deps: serve-static@~1.8.1
18 - Fix redirect loop in Node.js 0.11.14
19 - Fix root path disclosure
25 * Add `res.append(field, val)` to append headers
26 * Deprecate leading `:` in `name` for `app.param(name, fn)`
27 * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
28 * Deprecate `app.param(fn)`
29 * Fix `OPTIONS` responses to include the `HEAD` method properly
30 * Fix `res.sendFile` not always detecting aborted connection
31 * Match routes iteratively to prevent stack overflows
32 * deps: accepts@~1.2.2
33 - deps: mime-types@~2.0.7
34 - deps: negotiator@0.5.0
39 - deps: on-finished@~2.2.0
40 * deps: serve-static@~1.8.0
46 * Fix crash from error within `OPTIONS` response handler
47 * deps: proxy-addr@~1.0.5
48 - deps: ipaddr.js@0.1.6
53 * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
54 * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
56 * deps: finalhandler@0.3.3
58 - deps: on-finished@~2.2.0
59 * deps: methods@~1.1.1
60 * deps: on-finished@~2.2.0
61 * deps: serve-static@~1.7.2
62 - Fix potential open redirect when mounted at root
63 * deps: type-is@~1.5.5
64 - deps: mime-types@~2.0.7
69 * Fix exception in `req.fresh`/`req.stale` without response headers
74 * Fix `res.send` double-calling `res.end` for `HEAD` requests
75 * deps: accepts@~1.1.4
76 - deps: mime-types@~2.0.4
77 * deps: type-is@~1.5.4
78 - deps: mime-types@~2.0.4
83 * Fix `res.sendfile` logging standard write errors
88 * Fix `res.sendFile` logging standard write errors
90 * deps: proxy-addr@~1.0.4
91 - deps: ipaddr.js@0.1.5
93 - Fix `arrayLimit` behavior
98 * Correctly invoke async router callback asynchronously
99 * deps: accepts@~1.1.3
100 - deps: mime-types@~2.0.3
101 * deps: type-is@~1.5.3
102 - deps: mime-types@~2.0.3
107 * Fix handling of URLs containing `://` in the path
109 - Fix parsing of mixed objects and values
114 * Add support for `app.set('views', array)`
115 - Views are looked up in sequence in array of directories
116 * Fix `res.send(status)` to mention `res.sendStatus(status)`
117 * Fix handling of invalid empty URLs
118 * Use `content-disposition` module for `res.attachment`/`res.download`
119 - Sends standards-compliant `Content-Disposition` header
120 - Full Unicode support
121 * Use `path.resolve` in view lookup
123 - Implement `DEBUG_FD` env variable support
126 - Improve string performance
127 - Slightly improve speed for weak ETags over 1KB
128 * deps: finalhandler@0.3.2
129 - Terminate in progress response only on error
130 - Use `on-finished` to determine request status
132 - deps: on-finished@~2.1.1
133 * deps: on-finished@~2.1.1
134 - Fix handling of pipelined requests
136 - Fix parsing of mixed implicit and explicit arrays
141 - deps: on-finished@~2.1.1
142 * deps: serve-static@~1.7.1
148 * Fix `res.redirect` body when redirect status specified
149 * deps: accepts@~1.1.2
150 - Fix error when media type has invalid parameter
151 - deps: negotiator@0.4.9
156 * Fix using same param name in array of paths
161 * deps: accepts@~1.1.1
162 - deps: mime-types@~2.0.2
163 - deps: negotiator@0.4.8
164 * deps: serve-static@~1.6.4
165 - Fix redirect loop when index file serving disabled
166 * deps: type-is@~1.5.2
167 - deps: mime-types@~2.0.2
173 * deps: proxy-addr@~1.0.3
174 - Use `forwarded` npm module
177 * deps: serve-static@~1.6.3
184 - Fix issue with object keys starting with numbers truncated
189 * deps: proxy-addr@~1.0.2
190 - Fix a global leak when multiple subnets are trusted
191 - deps: ipaddr.js@0.1.3
196 * Fix regression for empty string `path` in `app.use`
197 * Fix `router.use` to accept array of middleware without path
198 * Improve error message for bad `app.use` arguments
203 * Fix `app.use` to accept array of middleware without path
209 - deps: range-parser@~1.0.2
210 * deps: serve-static@~1.6.2
216 * Add `res.sendStatus`
217 * Invoke callback for sendfile when client aborts
218 - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
219 - `err` will be populated with request aborted error
220 * Support IP address host in `req.subdomains`
221 * Use `etag` to generate `ETag` headers
222 * deps: accepts@~1.1.0
223 - update `mime-types`
224 * deps: cookie-signature@1.0.5
226 * deps: finalhandler@0.2.0
227 - Set `X-Content-Type-Options: nosniff` header
230 * deps: media-typer@0.3.0
231 - Throw error when parameter format invalid on parse
233 - Fix issue where first empty value in array is discarded
234 * deps: range-parser@~1.0.2
236 - Add `lastModified` option
237 - Use `etag` to generate `ETag` header
240 * deps: serve-static@~1.6.1
241 - Add `lastModified` option
243 * deps: type-is@~1.5.1
244 - fix `hasbody` to be true for `content-length: 0`
245 - deps: media-typer@0.3.0
246 - deps: mime-types@~2.0.1
248 - Accept valid `Vary` header string as `field`
254 - Fix a path traversal issue when using `root`
255 - Fix malicious path detection for empty string path
256 * deps: serve-static@~1.5.4
263 - Remove unnecessary cloning
270 - Performance improvements
276 - deps: destroy@1.0.3
277 - deps: on-finished@2.1.0
278 * deps: serve-static@~1.5.3
286 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
287 * deps: serve-static@~1.5.2
293 * deps: parseurl@~1.3.0
295 * deps: serve-static@~1.5.1
296 - Fix parsing of weird `req.originalUrl` values
297 - deps: parseurl@~1.3.0
298 - deps: utils-merge@1.0.0
304 - Fix parsing array of objects
309 * fix incorrect deprecation warnings on `res.download`
311 - Accept urlencoded square brackets
312 - Accept empty values in implicit array notation
318 - accepts a file system path instead of a URL
319 - requires an absolute path or `root` option specified
320 * deprecate `res.sendfile` -- use `res.sendFile` instead
321 * support mounted app as any argument to `app.use()`
324 - Limits array length to 20
325 - Limits object depth to 5
326 - Limits parameters to 1,000
328 - Add `extensions` option
329 * deps: serve-static@~1.5.0
330 - Add `extensions` option
336 * fix `res.sendfile` regression for serving directory index files
338 - Fix incorrect 403 on Windows and Node.js 0.11
339 - Fix serving index files without root dir
340 * deps: serve-static@~1.4.4
347 - Fix incorrect 403 on Windows and Node.js 0.11
348 * deps: serve-static@~1.4.3
349 - Fix incorrect 403 on Windows and Node.js 0.11
356 - Work-around v8 generating empty stack traces
359 * deps: serve-static@~1.4.2
365 - Fix exception when global `Error.stackTraceLimit` is too low
368 * deps: serve-static@~1.4.1
373 * fix `req.protocol` for proxy-direct connections
374 * configurable query parser with `app.set('query parser', parser)`
375 - `app.set('query parser', 'extended')` parse with "qs" module
376 - `app.set('query parser', 'simple')` parse with "querystring" core module
377 - `app.set('query parser', false)` disable query string parsing
378 - `app.set('query parser', true)` enable simple parsing
379 * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
380 * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
381 * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
384 - Add `TRACE_DEPRECATION` environment variable
385 - Remove non-standard grey color from color output
386 - Support `--no-deprecation` argument
387 - Support `--trace-deprecation` argument
388 * deps: finalhandler@0.1.0
389 - Respond after request fully read
391 * deps: parseurl@~1.2.0
392 - Cache URLs based on original value
393 - Remove no-longer-needed URL mis-parse work-around
394 - Simplify the "fast-path" `RegExp`
396 - Add `dotfiles` option
397 - Cap `maxAge` value to 1 year
400 * deps: serve-static@~1.4.0
401 - deps: parseurl@~1.2.0
403 * perf: prevent multiple `Buffer` creation in `res.send`
408 * fix `subapp.mountpath` regression for `app.use(subapp)`
413 * accept multiple callbacks to `app.use()`
414 * add explicit "Rosetta Flash JSONP abuse" protection
415 - previous versions are not vulnerable; this is just explicit protection
416 * catch errors in multiple `req.param(name, fn)` handlers
417 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
418 * fix `res.send(status, num)` to send `num` as json (not error)
419 * remove unnecessary escaping when `res.jsonp` returns JSON response
420 * support non-string `path` in `app.use(path, fn)`
421 - supports array of paths
423 * router: fix optimization on router exit
424 * router: refactor location of `try` blocks
425 * router: speed up standard `app.use(fn)`
427 - Add support for multiple wildcards in namespaces
428 * deps: finalhandler@0.0.3
430 * deps: methods@1.1.0
432 * deps: parseurl@~1.1.3
433 - faster parsing of href-only URLs
434 * deps: path-to-regexp@0.1.3
437 * deps: serve-static@~1.3.2
438 - deps: parseurl@~1.1.3
440 * perf: fix arguments reassign deopt in some `res` methods
445 * fix routing regression when altering `req.method`
450 * add deprecation message to non-plural `req.accepts*`
451 * add deprecation message to `res.send(body, status)`
452 * add deprecation message to `res.vary()`
453 * add `headers` option to `res.sendfile`
454 - use to set headers on successful file transfer
455 * add `mergeParams` option to `Router`
456 - merges `req.params` from parent routes
457 * add `req.hostname` -- correct name for what `req.host` returns
458 * deprecate things with `depd` module
459 * deprecate `req.host` -- use `req.hostname` instead
460 * fix behavior when handling request without routes
461 * fix handling when `route.all` is only route
462 * invoke `router.param()` only when route matches
463 * restore `req.params` after invoking router
464 * use `finalhandler` for final response handling
465 * use `media-typer` to alter content-type charset
466 * deps: accepts@~1.0.7
468 - Accept string for `maxage` (converted by `ms`)
469 - Include link in default redirect response
470 * deps: serve-static@~1.3.0
471 - Accept string for `maxAge` (converted by `ms`)
472 - Add `setHeaders` option
473 - Include HTML link in redirect response
475 * deps: type-is@~1.3.2
480 * deps: cookie-signature@1.0.4
481 - fix for timing attacks
486 * fix `res.attachment` Unicode filenames in Safari
487 * fix "trim prefix" debug message in `express:router`
488 * deps: accepts@~1.0.5
489 * deps: buffer-crc32@0.2.3
494 * fix persistence of modified `req.params[name]` from `app.param()`
495 * deps: accepts@1.0.3
496 - deps: negotiator@0.4.6
499 - Do not throw un-catchable error on file open race condition
500 - Use `escape-html` for HTML escaping
502 - deps: finished@1.2.2
504 * deps: serve-static@1.2.3
505 - Do not throw un-catchable error on file open race condition
511 * fix catching errors from top-level handlers
512 * use `vary` module for `res.vary`
514 * deps: proxy-addr@1.0.1
516 - fix "event emitter leak" warnings
518 - deps: finished@1.2.1
519 * deps: serve-static@1.2.2
520 - fix "event emitter leak" warnings
522 * deps: type-is@1.2.1
527 * deps: methods@1.0.1
529 - Send `max-age` in `Cache-Control` in correct format
530 * deps: serve-static@1.2.1
531 - use `escape-html` for escaping
537 * custom etag control with `app.set('etag', val)`
538 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
539 - `app.set('etag', 'weak')` weak tag
540 - `app.set('etag', 'strong')` strong etag
541 - `app.set('etag', false)` turn off
542 - `app.set('etag', true)` standard etag
543 * mark `res.send` ETag as weak and reduce collisions
544 * update accepts to 1.0.2
545 - Fix interpretation when header not in request
546 * update send to 0.4.0
547 - Calculate ETag with md5 for reduced collisions
548 - Ignore stream errors after request ends
550 * update serve-static to 1.2.0
551 - Calculate ETag with md5 for reduced collisions
552 - Ignore stream errors after request ends
558 * fix handling of errors from `router.param()` callbacks
563 * revert "fix behavior of multiple `app.VERB` for the same path"
564 - this caused a regression in the order of route execution
569 * add `req.baseUrl` to access the path stripped from `req.url` in routes
570 * fix behavior of multiple `app.VERB` for the same path
571 * fix issue routing requests among sub routers
572 * invoke `router.param()` only when necessary instead of every match
573 * proper proxy trust with `app.set('trust proxy', trust)`
574 - `app.set('trust proxy', 1)` trust first hop
575 - `app.set('trust proxy', 'loopback')` trust loopback addresses
576 - `app.set('trust proxy', '10.0.0.1')` trust single IP
577 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
578 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
579 - `app.set('trust proxy', false)` turn off
580 - `app.set('trust proxy', true)` trust everything
581 * set proper `charset` in `Content-Type` for `res.send`
582 * update type-is to 1.2.0
583 - support suffix matching
588 * deprecate `app.del()` -- use `app.delete()` instead
589 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
590 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
591 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
592 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
593 * fix `req.next` when inside router instance
594 * include `ETag` header in `HEAD` requests
595 * keep previous `Content-Type` for `res.jsonp`
596 * support PURGE method
599 - include PURGE in `app.all`
600 * update debug to 0.8.0
601 - add `enable()` method
602 - change from stderr to stdout
603 * update methods to 1.0.0
609 * fix `req.host` for IPv6 literals
610 * fix `res.jsonp` error if callback param is object
615 * fix package.json to reflect supported node version
620 * pass options from `res.sendfile` to `send`
621 * preserve casing of headers in `res.header` and `res.set`
622 * support unicode file names in `res.attachment` and `res.download`
623 * update accepts to 1.0.1
624 - deps: negotiator@0.4.0
625 * update cookie to 0.1.2
626 - Fix for maxAge == 0
627 - made compat with expires field
628 * update send to 0.3.0
629 - Accept API options in options object
630 - Coerce option types
631 - Control whether to generate etags
632 - Default directory access to 403 when index disabled
633 - Fix sending files with dots without root set
634 - Include file path in etag
635 - Make "Can't set headers after they are sent." catchable
636 - Send full entity-body for multi range requests
637 - Set etags to "weak"
638 - Support "If-Range" header
639 - Support multiple index paths
641 * update serve-static to 1.1.0
642 - Accept options directly to `send` module
643 - Resolve relative paths at middleware setup
644 - Use parseurl to parse the URL from request
646 * update type-is to 1.1.0
647 - add non-array values support
648 - add `multipart` as a shorthand
655 - connect and connect's patches except for charset handling
656 - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
657 - `express.createServer()` - it has been deprecated for a long time. Use `express()`
658 - `app.configure` - use logic in your own app code
659 - `app.router` - is removed
660 - `req.auth` - use `basic-auth` instead
661 - `req.accepted*` - use `req.accepts*()` instead
662 - `res.location` - relative URL resolution is removed
663 - `res.charset` - include the charset in the content type when using `res.set()`
664 - all bundled middleware except `static`
666 - `app.route` -> `app.mountpath` when mounting an express app in another express app
667 - `json spaces` no longer enabled by default in development
668 - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
669 - `req.params` is now an object instead of an array
670 - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
671 - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
673 - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
674 - `req.is` with [type-is](https://github.com/expressjs/type-is)
675 - [path-to-regexp](https://github.com/component/path-to-regexp)
677 - `app.router()` - returns the app Router instance
678 - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
679 - Router & Route - public API
684 * deps: connect@2.28.3
685 - deps: compression@~1.3.1
687 - deps: errorhandler@~1.3.3
688 - deps: express-session@~1.10.2
689 - deps: serve-index@~1.6.1
690 - deps: type-is@~1.5.6
691 * deps: proxy-addr@~1.0.6
692 - deps: ipaddr.js@0.1.8
697 * deps: connect@2.28.2
698 - deps: body-parser@~1.10.2
699 - deps: serve-static@~1.8.1
701 - Fix root path disclosure
706 * Fix `OPTIONS` responses to include the `HEAD` method property
707 * Use `readline` for prompt in `express(1)`
708 * deps: commander@2.6.0
709 * deps: connect@2.28.1
710 - deps: body-parser@~1.10.1
711 - deps: compression@~1.3.0
712 - deps: connect-timeout@~1.5.0
715 - deps: errorhandler@~1.3.2
716 - deps: express-session@~1.10.1
717 - deps: finalhandler@0.3.3
718 - deps: method-override@~2.3.1
719 - deps: morgan@~1.5.1
720 - deps: serve-favicon@~2.2.0
721 - deps: serve-index@~1.6.0
722 - deps: serve-static@~1.8.0
723 - deps: type-is@~1.5.5
725 * deps: methods@~1.1.1
726 * deps: proxy-addr@~1.0.5
727 - deps: ipaddr.js@0.1.6
732 - deps: on-finished@~2.2.0
737 * Fix exception in `req.fresh`/`req.stale` without response headers
742 * deps: connect@2.27.6
743 - deps: compression@~1.2.2
744 - deps: express-session@~1.9.3
745 - deps: http-errors@~1.2.8
746 - deps: serve-index@~1.5.3
747 - deps: type-is@~1.5.4
752 * deps: connect@2.27.4
753 - deps: body-parser@~1.9.3
754 - deps: compression@~1.2.1
755 - deps: errorhandler@~1.2.3
756 - deps: express-session@~1.9.2
758 - deps: serve-favicon@~2.1.7
759 - deps: serve-static@~1.5.1
760 - deps: type-is@~1.5.3
762 * deps: proxy-addr@~1.0.4
763 - deps: ipaddr.js@0.1.5
768 * deps: connect@2.27.3
769 - Correctly invoke async callback asynchronously
775 * deps: connect@2.27.2
776 - Fix handling of URLs containing `://` in the path
777 - deps: body-parser@~1.9.2
783 * Fix internal `utils.merge` deprecation warnings
784 * deps: connect@2.27.1
785 - deps: body-parser@~1.9.1
786 - deps: express-session@~1.9.1
787 - deps: finalhandler@0.3.2
788 - deps: morgan@~1.4.1
790 - deps: serve-static@~1.7.1
792 - deps: on-finished@~2.1.1
797 * Use `content-disposition` module for `res.attachment`/`res.download`
798 - Sends standards-compliant `Content-Disposition` header
799 - Full Unicode support
800 * Use `etag` module to generate `ETag` headers
801 * deps: connect@2.27.0
802 - Use `http-errors` module for creating errors
803 - Use `utils-merge` module for merging objects
804 - deps: body-parser@~1.9.0
805 - deps: compression@~1.2.0
806 - deps: connect-timeout@~1.4.0
809 - deps: express-session@~1.9.0
810 - deps: finalhandler@0.3.1
811 - deps: method-override@~2.3.0
812 - deps: morgan@~1.4.0
813 - deps: response-time@~2.2.0
814 - deps: serve-favicon@~2.1.6
815 - deps: serve-index@~1.5.0
816 - deps: serve-static@~1.7.0
818 - Implement `DEBUG_FD` env variable support
828 * deps: connect@2.26.6
829 - deps: compression@~1.1.2
831 - deps: errorhandler@~1.2.2
836 * deps: connect@2.26.5
837 - Fix accepting non-object arguments to `logger`
838 - deps: serve-static@~1.6.4
843 * deps: connect@2.26.4
844 - deps: morgan@~1.3.2
845 - deps: type-is@~1.5.2
850 * deps: connect@2.26.3
851 - deps: body-parser@~1.8.4
852 - deps: serve-favicon@~2.1.5
853 - deps: serve-static@~1.6.3
854 * deps: proxy-addr@~1.0.3
855 - Use `forwarded` npm module
862 * deps: connect@2.26.2
863 - deps: body-parser@~1.8.3
869 * deps: proxy-addr@~1.0.2
870 - Fix a global leak when multiple subnets are trusted
871 - deps: ipaddr.js@0.1.3
876 * Use `crc` instead of `buffer-crc32` for speed
877 * deps: connect@2.26.1
878 - deps: body-parser@~1.8.2
880 - deps: express-session@~1.8.2
881 - deps: morgan@~1.3.1
882 - deps: serve-favicon@~2.1.3
883 - deps: serve-static@~1.6.2
888 - deps: range-parser@~1.0.2
893 * Fix error in `req.subdomains` on empty host
898 * Support `X-Forwarded-Host` in `req.subdomains`
899 * Support IP address host in `req.subdomains`
900 * deps: connect@2.26.0
901 - deps: body-parser@~1.8.1
902 - deps: compression@~1.1.0
903 - deps: connect-timeout@~1.3.0
904 - deps: cookie-parser@~1.3.3
905 - deps: cookie-signature@1.0.5
908 - deps: errorhandler@~1.2.0
909 - deps: express-session@~1.8.1
910 - deps: finalhandler@0.2.0
912 - deps: media-typer@0.3.0
913 - deps: method-override@~2.2.0
914 - deps: morgan@~1.3.0
916 - deps: serve-favicon@~2.1.3
917 - deps: serve-index@~1.2.1
918 - deps: serve-static@~1.6.1
919 - deps: type-is@~1.5.1
921 * deps: cookie-signature@1.0.5
924 * deps: media-typer@0.3.0
925 - Throw error when parameter format invalid on parse
926 * deps: range-parser@~1.0.2
928 - Add `lastModified` option
929 - Use `etag` to generate `ETag` header
933 - Accept valid `Vary` header string as `field`
938 * deps: connect@2.25.10
939 - deps: serve-static@~1.5.4
941 - Fix a path traversal issue when using `root`
942 - Fix malicious path detection for empty string path
947 * deps: connect@2.25.9
948 - deps: body-parser@~1.6.7
954 * deps: connect@2.25.8
955 - deps: body-parser@~1.6.6
962 * deps: connect@2.25.7
963 - deps: body-parser@~1.6.5
964 - deps: express-session@~1.7.6
965 - deps: morgan@~1.2.3
966 - deps: serve-static@~1.5.3
968 - deps: destroy@1.0.3
969 - deps: on-finished@2.1.0
974 * deps: connect@2.25.6
975 - deps: body-parser@~1.6.4
977 - deps: serve-static@~1.5.2
979 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
984 * deps: connect@2.25.5
985 - Fix backwards compatibility in `logger`
990 * Fix original URL parsing in `res.location`
991 * deps: connect@2.25.4
992 - Fix `query` middleware breaking with argument
993 - deps: body-parser@~1.6.3
994 - deps: compression@~1.0.11
995 - deps: connect-timeout@~1.2.2
996 - deps: express-session@~1.7.5
997 - deps: method-override@~2.1.3
998 - deps: on-headers@~1.0.0
999 - deps: parseurl@~1.3.0
1001 - deps: response-time@~2.0.1
1002 - deps: serve-index@~1.1.6
1003 - deps: serve-static@~1.5.1
1004 * deps: parseurl@~1.3.0
1009 * deps: connect@2.25.3
1010 - deps: multiparty@3.3.2
1015 * deps: connect@2.25.2
1016 - deps: body-parser@~1.6.2
1022 * deps: connect@2.25.1
1023 - deps: body-parser@~1.6.1
1029 * deps: connect@2.25.0
1030 - deps: body-parser@~1.6.0
1031 - deps: compression@~1.0.10
1032 - deps: csurf@~1.4.0
1033 - deps: express-session@~1.7.4
1035 - deps: serve-static@~1.5.0
1037 - Add `extensions` option
1042 * fix `res.sendfile` regression for serving directory index files
1043 * deps: connect@2.24.3
1044 - deps: serve-index@~1.1.5
1045 - deps: serve-static@~1.4.4
1047 - Fix incorrect 403 on Windows and Node.js 0.11
1048 - Fix serving index files without root dir
1053 * deps: connect@2.24.2
1054 - deps: body-parser@~1.5.2
1056 - deps: express-session@~1.7.2
1057 - deps: morgan@~1.2.2
1058 - deps: serve-static@~1.4.2
1060 - Work-around v8 generating empty stack traces
1067 * deps: connect@2.24.1
1068 - deps: body-parser@~1.5.1
1070 - deps: express-session@~1.7.1
1071 - deps: morgan@~1.2.1
1072 - deps: serve-index@~1.1.4
1073 - deps: serve-static@~1.4.1
1075 - Fix exception when global `Error.stackTraceLimit` is too low
1082 * Fix `req.protocol` for proxy-direct connections
1083 * Pass options from `res.sendfile` to `send`
1084 * deps: connect@2.24.0
1085 - deps: body-parser@~1.5.0
1086 - deps: compression@~1.0.9
1087 - deps: connect-timeout@~1.2.1
1090 - deps: express-session@~1.7.0
1091 - deps: finalhandler@0.1.0
1092 - deps: method-override@~2.1.2
1093 - deps: morgan@~1.2.0
1094 - deps: multiparty@3.3.1
1095 - deps: parseurl@~1.2.0
1096 - deps: serve-static@~1.4.0
1099 - Add `TRACE_DEPRECATION` environment variable
1100 - Remove non-standard grey color from color output
1101 - Support `--no-deprecation` argument
1102 - Support `--trace-deprecation` argument
1103 * deps: parseurl@~1.2.0
1104 - Cache URLs based on original value
1105 - Remove no-longer-needed URL mis-parse work-around
1106 - Simplify the "fast-path" `RegExp`
1108 - Add `dotfiles` option
1109 - Cap `maxAge` value to 1 year
1116 * add explicit "Rosetta Flash JSONP abuse" protection
1117 - previous versions are not vulnerable; this is just explicit protection
1118 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
1119 * fix `res.send(status, num)` to send `num` as json (not error)
1120 * remove unnecessary escaping when `res.jsonp` returns JSON response
1121 * deps: basic-auth@1.0.0
1122 - support empty password
1123 - support empty username
1124 * deps: connect@2.23.0
1126 - deps: express-session@~1.6.4
1127 - deps: method-override@~2.1.0
1128 - deps: parseurl@~1.1.3
1129 - deps: serve-static@~1.3.1
1131 - Add support for multiple wildcards in namespaces
1132 * deps: methods@1.1.0
1134 * deps: parseurl@~1.1.3
1135 - faster parsing of href-only URLs
1140 * add deprecation message to `app.configure`
1141 * add deprecation message to `req.auth`
1142 * use `basic-auth` to parse `Authorization` header
1143 * deps: connect@2.22.0
1144 - deps: csurf@~1.3.0
1145 - deps: express-session@~1.6.1
1146 - deps: multiparty@3.3.0
1147 - deps: serve-static@~1.3.0
1149 - Accept string for `maxage` (converted by `ms`)
1150 - Include link in default redirect response
1155 * deps: connect@2.21.1
1156 - deps: cookie-parser@1.3.2
1157 - deps: cookie-signature@1.0.4
1158 - deps: express-session@~1.5.2
1159 - deps: type-is@~1.3.2
1160 * deps: cookie-signature@1.0.4
1161 - fix for timing attacks
1166 * use `media-typer` to alter content-type charset
1167 * deps: connect@2.21.0
1168 - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
1169 - deprecate `connect.createServer()` -- use `connect()` instead
1170 - fix `res.setHeader()` patch to work with with get -> append -> set pattern
1171 - deps: compression@~1.0.8
1172 - deps: errorhandler@~1.1.1
1173 - deps: express-session@~1.5.0
1174 - deps: serve-index@~1.1.3
1179 * deprecate things with `depd` module
1180 * deps: buffer-crc32@0.2.3
1181 * deps: connect@2.20.2
1182 - deprecate `verify` option to `json` -- use `body-parser` npm module instead
1183 - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
1184 - deprecate things with `depd` module
1185 - use `finalhandler` for final response handling
1186 - use `media-typer` to parse `content-type` for charset
1187 - deps: body-parser@1.4.3
1188 - deps: connect-timeout@1.1.1
1189 - deps: cookie-parser@1.3.1
1191 - deps: errorhandler@1.1.0
1192 - deps: express-session@1.4.0
1193 - deps: multiparty@3.2.9
1194 - deps: serve-index@1.1.2
1195 - deps: type-is@1.3.1
1201 * deps: connect@2.19.6
1202 - deps: body-parser@1.3.1
1203 - deps: compression@1.0.7
1205 - deps: serve-index@1.1.1
1206 - deps: serve-static@1.2.3
1209 - Do not throw un-catchable error on file open race condition
1210 - Use `escape-html` for HTML escaping
1212 - deps: finished@1.2.2
1218 * deps: connect@2.19.5
1219 - fix "event emitter leak" warnings
1222 - deps: serve-static@1.2.2
1223 - deps: type-is@1.2.1
1226 - fix "event emitter leak" warnings
1227 - deps: finished@1.2.1
1233 * use `vary` module for `res.vary`
1234 * deps: connect@2.19.4
1235 - deps: errorhandler@1.0.2
1236 - deps: method-override@2.0.2
1237 - deps: serve-favicon@2.0.1
1243 * deps: connect@2.19.3
1244 - deps: compression@1.0.6
1249 * deps: connect@2.19.2
1250 - deps: compression@1.0.4
1251 * deps: proxy-addr@1.0.1
1256 * deps: connect@2.19.1
1257 - deprecate `methodOverride()` -- use `method-override` npm module instead
1258 - deps: body-parser@1.3.0
1259 - deps: method-override@2.0.1
1260 - deps: multiparty@3.2.8
1261 - deps: response-time@2.0.0
1262 - deps: serve-static@1.2.1
1263 * deps: methods@1.0.1
1265 - Send `max-age` in `Cache-Control` in correct format
1270 * custom etag control with `app.set('etag', val)`
1271 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
1272 - `app.set('etag', 'weak')` weak tag
1273 - `app.set('etag', 'strong')` strong etag
1274 - `app.set('etag', false)` turn off
1275 - `app.set('etag', true)` standard etag
1276 * Include ETag in HEAD requests
1277 * mark `res.send` ETag as weak and reduce collisions
1278 * update connect to 2.18.0
1279 - deps: compression@1.0.3
1280 - deps: serve-index@1.1.0
1281 - deps: serve-static@1.2.0
1282 * update send to 0.4.0
1283 - Calculate ETag with md5 for reduced collisions
1284 - Ignore stream errors after request ends
1290 * update connect to 2.17.3
1291 - deps: body-parser@1.2.2
1292 - deps: express-session@1.2.1
1293 - deps: method-override@1.0.2
1298 * keep previous `Content-Type` for `res.jsonp`
1299 * set proper `charset` in `Content-Type` for `res.send`
1300 * update connect to 2.17.1
1301 - fix `res.charset` appending charset when `content-type` has one
1302 - deps: express-session@1.2.0
1303 - deps: morgan@1.1.1
1304 - deps: serve-index@1.0.3
1309 * proper proxy trust with `app.set('trust proxy', trust)`
1310 - `app.set('trust proxy', 1)` trust first hop
1311 - `app.set('trust proxy', 'loopback')` trust loopback addresses
1312 - `app.set('trust proxy', '10.0.0.1')` trust single IP
1313 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
1314 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
1315 - `app.set('trust proxy', false)` turn off
1316 - `app.set('trust proxy', true)` trust everything
1317 * update connect to 2.16.2
1318 - deprecate `res.headerSent` -- use `res.headersSent`
1319 - deprecate `res.on("header")` -- use on-headers module instead
1320 - fix edge-case in `res.appendHeader` that would append in wrong order
1321 - json: use body-parser
1322 - urlencoded: use body-parser
1324 - dep: cookie-parser@1.1.0
1326 - dep: express-session@1.1.0
1327 - dep: method-override@1.0.1
1332 * deprecate `app.del()` -- use `app.delete()` instead
1333 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
1334 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
1335 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
1336 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
1337 * support PURGE method
1339 - add `router.purge`
1340 - include PURGE in `app.all`
1341 * update connect to 2.15.0
1342 * Add `res.appendHeader`
1343 * Call error stack even when response has been sent
1344 * Patch `res.headerSent` to return Boolean
1345 * Patch `res.headersSent` for node.js 0.8
1346 * Prevent default 404 handler after response sent
1347 * dep: compression@1.0.2
1348 * dep: connect-timeout@1.1.0
1350 * dep: errorhandler@1.0.1
1351 * dep: express-session@1.0.4
1353 * dep: serve-favicon@2.0.0
1354 * dep: serve-index@1.0.2
1355 * update debug to 0.8.0
1356 * add `enable()` method
1357 * change from stderr to stdout
1358 * update methods to 1.0.0
1360 * update mkdirp to 0.5.0
1365 * fix `req.host` for IPv6 literals
1366 * fix `res.jsonp` error if callback param is object
1371 * update connect to 2.14.5
1372 * update cookie to 0.1.2
1373 * update mkdirp to 0.4.0
1374 * update send to 0.3.0
1379 * pin less-middleware in generated app
1389 * prevent incorrect automatic OPTIONS responses #1868 @dpatti
1390 * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
1391 * throw 400 in case of malformed paths @rlidwka
1401 * update connect (raw-body)
1407 * res.location: remove leading ./ #1802 @kapouer
1408 * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
1409 * res.send: always send ETag when content-length > 0
1410 * router: add Router.all() method
1418 * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
1429 * downgrade commander
1436 * jsonp: check if callback is a function
1437 * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
1438 * res.format: now includes chraset @1747 (@sorribas)
1439 * res.links: allow multiple calls @1746 (@sorribas)
1444 * add res.vary(). Closes #1682
1460 * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
1461 * add: req.accepts take an argument list
1466 * update send and connect
1478 * remove .version export
1489 * add support for multiple X-Forwarded-Proto values. Closes #1646
1490 * change: remove charset from json responses. Closes #1631
1491 * change: return actual booleans from req.accept* functions
1492 * fix jsonp callback array throw
1503 * update node-cookie
1504 * add: throw a meaningful error when there is no default engine
1505 * change generation of ETags with res.send() to GET requests only. Closes #1619
1510 * fix `req.subdomains` when no Host is present
1511 * fix `req.host` when no Host is present, return undefined
1516 * update connect / qs
1526 * add app.VERB() paths array deprecation warning
1528 * update qs and remove all ~ semver crap
1529 * fix: accept number as value of Signed Cookie
1534 * add "view" constructor setting to override view behaviour
1535 * add req.acceptsEncoding(name)
1536 * add req.acceptedEncodings
1537 * revert cookie signature change causing session race conditions
1538 * fix sorting of Accept values of the same quality
1543 * add support for custom Accept parameters
1544 * update cookie-signature
1549 * add X-Forwarded-Host support to `req.host`
1550 * fix relative redirects
1552 * update buffer-crc32
1553 * remove legacy app.configure() method from app template.
1558 * add support for leading "." in "view engine" setting
1559 * add array support to `res.set()`
1560 * add node 0.8.x to travis.yml
1561 * add "subdomain offset" setting for tweaking `req.subdomains`
1562 * add `res.location(url)` implementing `res.redirect()`-like setting of Location
1563 * use app.get() for x-powered-by setting for inheritance
1564 * fix colons in passwords for `req.auth`
1569 * add http verb methods to Router
1571 * fix mangling of the `res.cookie()` options object
1572 * fix jsonp whitespace escape. Closes #1132
1577 * add throwing when a non-function is passed to a route
1578 * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
1579 * revert "add 'etag' option"
1584 * add 'etag' option to disable `res.send()` Etags
1585 * add escaping of urls in text/plain in `res.redirect()`
1586 for old browsers interpreting as html
1587 * change crc32 module for a more liberal license
1594 * update cookie module
1595 * fix cookie max-age
1600 * add OPTIONS to cors example. Closes #1398
1601 * fix route chaining regression. Closes #1397
1612 * add "Basic" check to req.auth
1613 * add `req.auth` test coverage
1614 * add cb && cb(payload) to `res.jsonp()`. Closes #1374
1615 * add backwards compat for `res.redirect()` status. Closes #1336
1616 * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
1618 * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
1619 * remove non-primitive string support for `res.send()`
1620 * fix view-locals example. Closes #1370
1621 * fix route-separation example
1623 3.0.0rc5 / 2012-09-18
1627 * add redis search example
1628 * add static-files example
1629 * add "x-powered-by" setting (`app.disable('x-powered-by')`)
1630 * add "application/octet-stream" redirect Accept test case. Closes #1317
1632 3.0.0rc4 / 2012-08-30
1635 * add `res.jsonp()`. Closes #1307
1636 * add "verbose errors" option to error-pages example
1637 * add another route example to express(1) so people are not so confused
1638 * add redis online user activity tracking example
1639 * update connect dep
1640 * fix etag quoting. Closes #1310
1641 * fix error-pages 404 status
1642 * fix jsonp callback char restrictions
1643 * remove old OPTIONS default response
1645 3.0.0rc3 / 2012-08-13
1648 * update connect dep
1649 * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
1650 * fix `res.render()` clobbering of "locals"
1652 3.0.0rc2 / 2012-08-03
1656 * update connect dep
1657 * deprecate `.createServer()` & remove old stale examples
1658 * fix: escape `res.redirect()` link
1661 3.0.0rc1 / 2012-07-24
1664 * add more examples to view-locals
1665 * add scheme-relative redirects (`res.redirect("//foo.com")`) support
1667 * update connect dep
1669 * fix `express(1)` -h flag, use -H for hogan. Closes #1245
1670 * fix `res.sendfile()` socket error handling regression
1672 3.0.0beta7 / 2012-07-16
1675 * update connect dep for `send()` root normalization regression
1677 3.0.0beta6 / 2012-07-13
1680 * add `err.view` property for view errors. Closes #1226
1681 * add "jsonp callback name" setting
1682 * add support for "/foo/:bar*" non-greedy matches
1683 * change `res.sendfile()` to use `send()` module
1684 * change `res.send` to use "response-send" module
1685 * remove `app.locals.use` and `res.locals.use`, use regular middleware
1687 3.0.0beta5 / 2012-07-03
1690 * add "make check" support
1691 * add route-map example
1692 * add `res.json(obj, status)` support back for BC
1693 * add "methods" dep, remove internal methods module
1694 * update connect dep
1695 * update auth example to utilize cores pbkdf2
1696 * updated tests to use "supertest"
1698 3.0.0beta4 / 2012-06-25
1702 * Added `req.range(size)`
1703 * Added `res.links(obj)`
1704 * Added `res.send(body, status)` support back for backwards compat
1705 * Added `.default()` support to `res.format()`
1706 * Added 2xx / 304 check to `req.fresh`
1707 * Revert "Added + support to the router"
1708 * Fixed `res.send()` freshness check, respect res.statusCode
1710 3.0.0beta3 / 2012-06-15
1713 * Added hogan `--hjs` to express(1) [nullfirm]
1714 * Added another example to content-negotiation
1716 * Changed: `res.send()` always checks freshness
1717 * Fixed: expose connects mime module. Cloases #1165
1719 3.0.0beta2 / 2012-06-06
1722 * Added `+` support to the router
1724 * Changed `req.param()` to check route first
1725 * Update connect dep
1727 3.0.0beta1 / 2012-06-01
1730 * Added `res.format()` callback to override default 406 behaviour
1731 * Fixed `res.redirect()` 406. Closes #1154
1733 3.0.0alpha5 / 2012-05-30
1737 * Added `{ signed: true }` option to `res.cookie()`
1738 * Removed `res.signedCookie()`
1739 * Changed: dont reverse `req.ips`
1740 * Fixed "trust proxy" setting check for `req.ips`
1742 3.0.0alpha4 / 2012-05-09
1745 * Added: allow `[]` in jsonp callback. Closes #1128
1746 * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
1747 * Updated: connect 2.2.2
1749 3.0.0alpha3 / 2012-05-04
1752 * Added public `app.routes`. Closes #887
1753 * Added _view-locals_ example
1754 * Added _mvc_ example
1755 * Added `res.locals.use()`. Closes #1120
1756 * Added conditional-GET support to `res.send()`
1757 * Added: coerce `res.set()` values to strings
1758 * Changed: moved `static()` in generated apps below router
1759 * Changed: `res.send()` only set ETag when not previously set
1760 * Changed connect 2.2.1 dep
1761 * Changed: `make test` now runs unit / acceptance tests
1762 * Fixed req/res proto inheritance
1764 3.0.0alpha2 / 2012-04-26
1767 * Added `make benchmark` back
1768 * Added `res.send()` support for `String` objects
1769 * Added client-side data exposing example
1770 * Added `res.header()` and `req.header()` aliases for BC
1771 * Added `express.createServer()` for BC
1772 * Perf: memoize parsed urls
1773 * Perf: connect 2.2.0 dep
1774 * Changed: make `expressInit()` middleware self-aware
1775 * Fixed: use app.get() for all core settings
1776 * Fixed redis session example
1777 * Fixed session example. Closes #1105
1778 * Fixed generated express dep. Closes #1078
1780 3.0.0alpha1 / 2012-04-15
1783 * Added `app.locals.use(callback)`
1784 * Added `app.locals` object
1785 * Added `app.locals(obj)`
1786 * Added `res.locals` object
1787 * Added `res.locals(obj)`
1788 * Added `res.format()` for content-negotiation
1789 * Added `app.engine()`
1790 * Added `res.cookie()` JSON cookie support
1791 * Added "trust proxy" setting
1792 * Added `req.subdomains`
1793 * Added `req.protocol`
1794 * Added `req.secure`
1799 * Added comma-delmited / array support for `req.accepts()`
1800 * Added debug instrumentation
1801 * Added `res.set(obj)`
1802 * Added `res.set(field, value)`
1803 * Added `res.get(field)`
1804 * Added `app.get(setting)`. Closes #842
1805 * Added `req.acceptsLanguage()`
1806 * Added `req.acceptsCharset()`
1807 * Added `req.accepted`
1808 * Added `req.acceptedLanguages`
1809 * Added `req.acceptedCharsets`
1810 * Added "json replacer" setting
1811 * Added "json spaces" setting
1812 * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
1813 * Added `--less` support to express(1)
1814 * Added `express.response` prototype
1815 * Added `express.request` prototype
1816 * Added `express.application` prototype
1817 * Added `app.path()`
1818 * Added `app.render()`
1819 * Added `res.type()` to replace `res.contentType()`
1820 * Changed: `res.redirect()` to add relative support
1821 * Changed: enable "jsonp callback" by default
1822 * Changed: renamed "case sensitive routes" to "case sensitive routing"
1823 * Rewrite of all tests with mocha
1824 * Removed "root" setting
1825 * Removed `res.redirect('home')` support
1826 * Removed `req.notify()`
1827 * Removed `app.register()`
1828 * Removed `app.redirect()`
1829 * Removed `app.is()`
1830 * Removed `app.helpers()`
1831 * Removed `app.dynamicHelpers()`
1832 * Fixed `res.sendfile()` with non-GET. Closes #723
1833 * Fixed express(1) public dir for windows. Closes #866
1838 * Added support for PURGE request method [pbuyle]
1839 * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
1844 * Update mkdirp dep. Closes #991
1849 * Fixed `app.all` duplicate DELETE requests [mscdex]
1854 * Updated hamljs dev dep. Closes #953
1859 * Fixed: set `filename` on cached templates [matthewleon]
1864 * Fixed `express(1)` eol on 0.4.x. Closes #947
1869 * Fixed `req.is()` when a charset is present
1874 * Fixed: express(1) LF -> CRLF for windows
1879 * Changed: updated connect to 1.8.x
1880 * Removed sass.js support from express(1)
1885 * Added ./routes dir for generated app by default
1886 * Added npm install reminder to express(1) app gen
1887 * Added 0.5.x support
1888 * Removed `make test-cov` since it wont work with node 0.5.x
1889 * Fixed express(1) public dir for windows. Closes #866
1894 * Added mkdirp to express(1). Closes #795
1895 * Added simple _json-config_ example
1896 * Added shorthand for the parsed request's pathname via `req.path`
1897 * Changed connect dep to 1.7.x to fix npm issue...
1898 * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
1899 * Fixed `req.flash()`, only escape args
1900 * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
1905 * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
1910 * Added support for routes to handle errors. Closes #809
1911 * Added `app.routes.all()`. Closes #803
1912 * Added "basepath" setting to work in conjunction with reverse proxies etc.
1913 * Refactored `Route` to use a single array of callbacks
1914 * Added support for multiple callbacks for `app.param()`. Closes #801
1916 * Changed: removed .call(self) for route callbacks
1917 * Dependency: `qs >= 0.3.1`
1918 * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
1923 * Fixed `res.header()` intention of a set, even when `undefined`
1924 * Fixed `*`, value no longer required
1925 * Fixed `res.send(204)` support. Closes #771
1930 * Added docs for `status` option special-case. Closes #739
1931 * Fixed `options.filename`, exposing the view path to template engines
1936 * Revert "removed jsonp stripping" for XSS
1941 * Added `res.json()` JSONP support. Closes #737
1942 * Added _extending-templates_ example. Closes #730
1943 * Added "strict routing" setting for trailing slashes
1944 * Added support for multiple envs in `app.configure()` calls. Closes #735
1945 * Changed: `res.send()` using `res.json()`
1946 * Changed: when cookie `path === null` don't default it
1947 * Changed; default cookie path to "home" setting. Closes #731
1948 * Removed _pids/logs_ creation from express(1)
1953 * Added chainable `res.status(code)`
1954 * Added `res.json()`, an explicit version of `res.send(obj)`
1955 * Added simple web-service example
1960 * \#express is now on freenode! come join!
1961 * Added `req.get(field, param)`
1962 * Added links to Japanese documentation, thanks @hideyukisaito!
1963 * Added; the `express(1)` generated app outputs the env
1964 * Added `content-negotiation` example
1965 * Dependency: connect >= 1.5.1 < 2.0.0
1966 * Fixed view layout bug. Closes #720
1967 * Fixed; ignore body on 304. Closes #701
1973 * Removed generation of dummy test file from `express(1)`
1974 * Fixed; `express(1)` adds express as a dep
1975 * Fixed; prune on `prepublish`
1980 * Added `req.route`, exposing the current route
1981 * Added _package.json_ generation support to `express(1)`
1982 * Fixed call to `app.param()` function for optional params. Closes #682
1987 * Fixed bug-ish with `../' in `res.partial()` calls
1992 * Fixed `app.options()`
1997 * Added route `Collection`, ex: `app.get('/user/:id').remove();`
1998 * Added support for `app.param(fn)` to define param logic
1999 * Removed `app.param()` support for callback with return value
2000 * Removed module.parent check from express(1) generated app. Closes #670
2001 * Refactored router. Closes #639
2006 * Changed; using devDependencies instead of git submodules
2007 * Fixed redis session example
2008 * Fixed markdown example
2009 * Fixed view caching, should not be enabled in development
2014 * Added export `.view` as alias for `.View`
2019 * Added `./examples/say`
2020 * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
2025 * Added "case sensitive routes" option.
2026 * Changed; split methods supported per rfc [slaskis]
2027 * Fixed route-specific middleware when using the same callback function several times
2037 * Added `app.match()` as `app.match.all()`
2038 * Added `app.lookup()` as `app.lookup.all()`
2039 * Added `app.remove()` for `app.remove.all()`
2040 * Added `app.remove.VERB()`
2041 * Fixed template caching collision issue. Closes #644
2042 * Moved router over from connect and started refactor
2047 * Added options support to `res.clearCookie()`
2048 * Added `res.helpers()` as alias of `res.locals()`
2049 * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0`
2050 * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
2051 * Renamed "cache views" to "view cache". Closes #628
2052 * Fixed caching of views when using several apps. Closes #637
2053 * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
2055 * Fixed partial lookup precedence. Closes #631
2061 * Added second callback support for `res.download()` connection errors
2062 * Fixed `filename` option passing to template engine
2067 * Added `layout(path)` helper to change the layout within a view. Closes #610
2068 * Fixed `partial()` collection object support.
2069 Previously only anything with `.length` would work.
2070 When `.length` is present one must still be aware of holes,
2071 however now `{ collection: {foo: 'bar'}}` is valid, exposes
2072 `keyInCollection` and `keysInCollection`.
2074 * Performance improved with better view caching
2075 * Removed `request` and `response` locals
2076 * Changed; errorHandler page title is now `Express` instead of `Connect`
2081 * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
2082 * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
2083 * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
2084 * Dependency `connect >= 1.2.0`
2089 * Added; expose `err.view` object when failing to locate a view
2090 * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
2091 * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
2096 * Added `<root>/_?<name>` partial lookup support. Closes #447
2097 * Added `request`, `response`, and `app` local variables
2098 * Added `settings` local variable, containing the app's settings
2099 * Added `req.flash()` exception if `req.session` is not available
2100 * Added `res.send(bool)` support (json response)
2101 * Fixed stylus example for latest version
2102 * Fixed; wrap try/catch around `res.render()`
2107 * Fixed up index view path alternative.
2108 * Changed; `res.locals()` without object returns the locals
2110 2.0.0rc3 / 2011-03-17
2113 * Added `res.locals(obj)` to compliment `res.local(key, val)`
2114 * Added `res.partial()` callback support
2115 * Fixed recursive error reporting issue in `res.render()`
2117 2.0.0rc2 / 2011-03-17
2120 * Changed; `partial()` "locals" are now optional
2121 * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
2122 * Fixed .filename view engine option [reported by drudge]
2123 * Fixed blog example
2124 * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
2126 2.0.0rc / 2011-03-14
2129 * Fixed; expose `HTTPSServer` constructor
2130 * Fixed express(1) default test charset. Closes #579 [reported by secoif]
2131 * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
2133 2.0.0beta3 / 2011-03-09
2136 * Added support for `res.contentType()` literal
2137 The original `res.contentType('.json')`,
2138 `res.contentType('application/json')`, and `res.contentType('json')`
2140 * Added `res.render()` status option support back
2141 * Added charset option for `res.render()`
2142 * Added `.charset` support (via connect 1.0.4)
2143 * Added view resolution hints when in development and a lookup fails
2144 * Added layout lookup support relative to the page view.
2145 For example while rendering `./views/user/index.jade` if you create
2146 `./views/user/layout.jade` it will be used in favour of the root layout.
2147 * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
2148 * Fixed; default `res.send()` string charset to utf8
2149 * Removed `Partial` constructor (not currently used)
2151 2.0.0beta2 / 2011-03-07
2154 * Added res.render() `.locals` support back to aid in migration process
2155 * Fixed flash example
2157 2.0.0beta / 2011-03-03
2160 * Added HTTPS support
2161 * Added `res.cookie()` maxAge support
2162 * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
2163 * Added mount support for `res.redirect()`, now respects the mount-point
2164 * Added `union()` util, taking place of `merge(clone())` combo
2165 * Added stylus support to express(1) generated app
2166 * Added secret to session middleware used in examples and generated app
2167 * Added `res.local(name, val)` for progressive view locals
2168 * Added default param support to `req.param(name, default)`
2169 * Added `app.disabled()` and `app.enabled()`
2170 * Added `app.register()` support for omitting leading ".", either works
2171 * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
2172 * Added `app.param()` to map route params to async/sync logic
2173 * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
2174 * Added extname with no leading "." support to `res.contentType()`
2175 * Added `cache views` setting, defaulting to enabled in "production" env
2176 * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
2177 * Added `req.accepts()` support for extensions
2178 * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
2179 static file server `connect.static.send()`.
2180 * Changed; replaced `connect.utils.mime()` with npm _mime_ module
2181 * Changed; allow `req.query` to be pre-defined (via middleware or other parent
2182 * Changed view partial resolution, now relative to parent view
2183 * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
2184 * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
2185 * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
2186 * Fixed; using _qs_ module instead of _querystring_
2187 * Fixed; strip unsafe chars from jsonp callbacks
2188 * Removed "stream threshold" setting
2193 * Allow `req.query` to be pre-defined (via middleware or other parent app)
2194 * "connect": ">= 0.5.0 < 1.0.0". Closes #547
2195 * Removed the long deprecated __EXPRESS_ENV__ support
2200 * Fixed `render()` setting inheritance.
2201 Mounted apps would not inherit "view engine"
2206 * Fixed `view engine` setting bug when period is in dirname
2211 * Added secret to generated app `session()` call
2216 * Added `qs` dependency to _package.json_
2217 * Fixed namespaced `require()`s for latest connect support
2222 * Remove unsafe characters from JSONP callback names [Ryan Grove]
2227 * Removed nested require, using `connect.router`
2232 * Fixed for middleware stacked via `createServer()`
2233 previously the `foo` middleware passed to `createServer(foo)`
2234 would not have access to Express methods such as `res.send()`
2235 or props like `req.query` etc.
2240 * Added; deduce partial object names from the last segment.
2241 For example by default `partial('forum/post', postObject)` will
2242 give you the _post_ object, providing a meaningful default.
2243 * Added http status code string representation to `res.redirect()` body
2244 * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
2245 * Added `req.is()` to aid in content negotiation
2246 * Added partial local inheritance [suggested by masylum]. Closes #102
2247 providing access to parent template locals.
2248 * Added _-s, --session[s]_ flag to express(1) to add session related middleware
2249 * Added _--template_ flag to express(1) to specify the
2250 template engine to use.
2251 * Added _--css_ flag to express(1) to specify the
2252 stylesheet engine to use (or just plain css by default).
2253 * Added `app.all()` support [thanks aheckmann]
2254 * Added partial direct object support.
2255 You may now `partial('user', user)` providing the "user" local,
2256 vs previously `partial('user', { object: user })`.
2257 * Added _route-separation_ example since many people question ways
2258 to do this with CommonJS modules. Also view the _blog_ example for
2260 * Performance; caching view path derived partial object names
2261 * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
2262 * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
2264 1.0.0rc4 / 2010-10-14
2267 * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
2268 * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
2269 * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
2270 * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
2271 * Added `partial()` support for array-like collections. Closes #434
2272 * Added support for swappable querystring parsers
2273 * Added session usage docs. Closes #443
2274 * Added dynamic helper caching. Closes #439 [suggested by maritz]
2275 * Added authentication example
2276 * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
2277 * Changed; `express(1)` generated app using 2 spaces instead of 4
2278 * Default env to "development" again [aheckmann]
2279 * Removed _context_ option is no more, use "scope"
2280 * Fixed; exposing _./support_ libs to examples so they can run without installs
2283 1.0.0rc3 / 2010-09-20
2286 * Added confirmation for `express(1)` app generation. Closes #391
2287 * Added extending of flash formatters via `app.flashFormatters`
2288 * Added flash formatter support. Closes #411
2289 * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
2290 * Added _stream threshold_ setting for `res.sendfile()`
2291 * Added `res.send()` __HEAD__ support
2292 * Added `res.clearCookie()`
2293 * Added `res.cookie()`
2294 * Added `res.render()` headers option
2295 * Added `res.redirect()` response bodies
2296 * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
2297 * Fixed `res.sendfile()` responding with 403 on malicious path
2298 * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
2299 * Fixed; mounted apps settings now inherit from parent app [aheckmann]
2300 * Fixed; stripping Content-Length / Content-Type when 204
2301 * Fixed `res.send()` 204. Closes #419
2302 * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
2303 * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
2306 1.0.0rc2 / 2010-08-17
2309 * Added `app.register()` for template engine mapping. Closes #390
2310 * Added `res.render()` callback support as second argument (no options)
2311 * Added callback support to `res.download()`
2312 * Added callback support for `res.sendfile()`
2313 * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
2314 * Added "partials" setting to docs
2315 * Added default expresso tests to `express(1)` generated app. Closes #384
2316 * Fixed `res.sendfile()` error handling, defer via `next()`
2317 * Fixed `res.render()` callback when a layout is used [thanks guillermo]
2318 * Fixed; `make install` creating ~/.node_libraries when not present
2319 * Fixed issue preventing error handlers from being defined anywhere. Closes #387
2321 1.0.0rc / 2010-07-28
2324 * Added mounted hook. Closes #369
2325 * Added connect dependency to _package.json_
2327 * Removed "reload views" setting and support code
2328 development env never caches, production always caches.
2330 * Removed _param_ in route callbacks, signature is now
2331 simply (req, res, next), previously (req, res, params, next).
2332 Use _req.params_ for path captures, _req.query_ for GET params.
2334 * Fixed "home" setting
2335 * Fixed middleware/router precedence issue. Closes #366
2336 * Fixed; _configure()_ callbacks called immediately. Closes #368
2338 1.0.0beta2 / 2010-07-23
2341 * Added more examples
2342 * Added; exporting `Server` constructor
2343 * Added `Server#helpers()` for view locals
2344 * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
2345 * Added support for absolute view paths
2346 * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
2347 * Added Guillermo Rauch to the contributor list
2348 * Added support for "as" for non-collection partials. Closes #341
2349 * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
2350 * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
2351 * Fixed instanceof `Array` checks, now `Array.isArray()`
2352 * Fixed express(1) expansion of public dirs. Closes #348
2353 * Fixed middleware precedence. Closes #345
2354 * Fixed view watcher, now async [thanks aheckmann]
2356 1.0.0beta / 2010-07-15
2362 - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
2367 * Utilize relative requires
2368 * Added Static bufferSize option [aheckmann]
2369 * Fixed caching of view and partial subdirectories [aheckmann]
2370 * Fixed mime.type() comments now that ".ext" is not supported
2371 * Updated haml submodule
2372 * Updated class submodule
2373 * Removed bin/express
2378 * Added node v0.1.97 compatibility
2379 * Added support for deleting cookies via Request#cookie('key', null)
2380 * Updated haml submodule
2381 * Fixed not-found page, now using using charset utf-8
2382 * Fixed show-exceptions page, now using using charset utf-8
2383 * Fixed view support due to fs.readFile Buffers
2384 * Changed; mime.type() no longer accepts ".type" due to node extname() changes
2389 * Added node v0.1.96 compatibility
2390 * Added view `helpers` export which act as additional local variables
2391 * Updated haml submodule
2392 * Changed ETag; removed inode, modified time only
2393 * Fixed LF to CRLF for setting multiple cookies
2394 * Fixed cookie complation; values are now urlencoded
2395 * Fixed cookies parsing; accepts quoted values and url escaped cookies
2400 * Added support for layouts using different engines
2401 - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
2402 - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
2403 - this.render('page.html.haml', { layout: false }) // no layout
2404 * Updated ext submodule
2405 * Updated haml submodule
2406 * Fixed EJS partial support by passing along the context. Issue #307
2411 * Fixed binary uploads.
2416 * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
2417 encoding is set to 'utf8' or 'utf-8'.
2418 * Added "encoding" option to Request#render(). Closes #299
2419 * Added "dump exceptions" setting, which is enabled by default.
2420 * Added simple ejs template engine support
2421 * Added error response support for text/plain, application/json. Closes #297
2422 * Added callback function param to Request#error()
2423 * Added Request#sendHead()
2424 * Added Request#stream()
2425 * Added support for Request#respond(304, null) for empty response bodies
2426 * Added ETag support to Request#sendfile()
2427 * Added options to Request#sendfile(), passed to fs.createReadStream()
2428 * Added filename arg to Request#download()
2429 * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
2430 * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
2431 * Changed; Request#sendfile() now streams
2432 * Changed; Renamed Request#halt() to Request#respond(). Closes #289
2433 * Changed; Using sys.inspect() instead of JSON.encode() for error output
2434 * Changed; run() returns the http.Server instance. Closes #298
2435 * Changed; Defaulting Server#host to null (INADDR_ANY)
2436 * Changed; Logger "common" format scale of 0.4f
2437 * Removed Logger "request" format
2438 * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
2439 * Fixed several issues with http client
2440 * Fixed Logger Content-Length output
2441 * Fixed bug preventing Opera from retaining the generated session id. Closes #292
2446 * Added DSL level error() route support
2447 * Added DSL level notFound() route support
2448 * Added Request#error()
2449 * Added Request#notFound()
2450 * Added Request#render() callback function. Closes #258
2451 * Added "max upload size" setting
2452 * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
2453 * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
2454 * Added callback function support to Request#halt() as 3rd/4th arg
2455 * Added preprocessing of route param wildcards using param(). Closes #251
2456 * Added view partial support (with collections etc)
2457 * Fixed bug preventing falsey params (such as ?page=0). Closes #286
2458 * Fixed setting of multiple cookies. Closes #199
2459 * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
2460 * Changed; session cookie is now httpOnly
2461 * Changed; Request is no longer global
2462 * Changed; Event is no longer global
2463 * Changed; "sys" module is no longer global
2464 * Changed; moved Request#download to Static plugin where it belongs
2465 * Changed; Request instance created before body parsing. Closes #262
2466 * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
2467 * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
2468 * Updated support to node --version 0.1.90
2469 * Updated dependencies
2470 * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
2471 * Removed utils.mixin(); use Object#mergeDeep()
2476 * Added coffeescript example app. Closes #242
2477 * Changed; cache api now async friendly. Closes #240
2478 * Removed deprecated 'express/static' support. Use 'express/plugins/static'
2483 * Added Request#isXHR. Closes #229
2484 * Added `make install` (for the executable)
2485 * Added `express` executable for setting up simple app templates
2486 * Added "GET /public/*" to Static plugin, defaulting to <root>/public
2487 * Added Static plugin
2488 * Fixed; Request#render() only calls cache.get() once
2489 * Fixed; Namespacing View caches with "view:"
2490 * Fixed; Namespacing Static caches with "static:"
2491 * Fixed; Both example apps now use the Static plugin
2492 * Fixed set("views"). Closes #239
2493 * Fixed missing space for combined log format
2494 * Deprecated Request#sendfile() and 'express/static'
2495 * Removed Server#running
2500 * Added Request#flash() support without args, now returns all flashes
2501 * Updated ext submodule
2506 * Fixed session reaper
2507 * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
2512 * Added package.json
2513 * Fixed requiring of haml / sass due to kiwi removal
2518 * Fixed GIT submodules (HAH!)
2523 * Changed; Express now using submodules again until a PM is adopted
2524 * Changed; chat example using millisecond conversions from ext
2529 * Added Request#pass() support (finds the next matching route, or the given path)
2530 * Added Logger plugin (default "common" format replaces CommonLogger)
2531 * Removed Profiler plugin
2532 * Removed CommonLogger plugin
2537 * Added seed.yml for kiwi package management support
2538 * Added HTTP client query string support when method is GET. Closes #205
2540 * Added support for arbitrary view engines.
2541 For example "foo.engine.html" will now require('engine'),
2542 the exports from this module are cached after the first require().
2544 * Added async plugin support
2546 * Removed usage of RESTful route funcs as http client
2547 get() etc, use http.get() and friends
2549 * Removed custom exceptions
2554 * Added ext dependency (library of js extensions)
2555 * Removed extname() / basename() utils. Use path module
2556 * Removed toArray() util. Use arguments.values
2557 * Removed escapeRegexp() util. Use RegExp.escape()
2558 * Removed process.mixin() dependency. Use utils.mixin()
2559 * Removed Collection
2560 * Removed ElementCollection
2561 * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
2566 * Added flash() example to sample upload app
2567 * Added high level restful http client module (express/http)
2568 * Changed; RESTful route functions double as HTTP clients. Closes #69
2569 * Changed; throwing error when routes are added at runtime
2570 * Changed; defaulting render() context to the current Request. Closes #197
2571 * Updated haml submodule
2576 * Updated haml / sass submodules. Closes #200
2577 * Added flash message support. Closes #64
2578 * Added accepts() now allows multiple args. fixes #117
2579 * Added support for plugins to halt. Closes #189
2580 * Added alternate layout support. Closes #119
2581 * Removed Route#run(). Closes #188
2582 * Fixed broken specs due to use(Cookie) missing
2587 * Added "plot" format option for Profiler (for gnuplot processing)
2588 * Added request number to Profiler plugin
2589 * Fixed binary encoding for multi-part file uploads, was previously defaulting to UTF8
2590 * Fixed issue with routes not firing when not files are present. Closes #184
2591 * Fixed process.Promise -> events.Promise
2596 * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
2597 * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
2598 * Added expiration support to cache api with reaper. Closes #133
2599 * Added cache Store.Memory#reap()
2600 * Added Cache; cache api now uses first class Cache instances
2601 * Added abstract session Store. Closes #172
2602 * Changed; cache Memory.Store#get() utilizing Collection
2603 * Renamed MemoryStore -> Store.Memory
2604 * Fixed use() of the same plugin several time will always use latest options. Closes #176
2609 * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
2610 * Updated node support to 0.1.27 Closes #169
2611 * Updated dirname(__filename) -> __dirname
2612 * Updated libxmljs support to v0.2.0
2613 * Added session support with memory store / reaping
2614 * Added quick uid() helper
2615 * Added multi-part upload support
2616 * Added Sass.js support / submodule
2617 * Added production env caching view contents and static files
2618 * Added static file caching. Closes #136
2619 * Added cache plugin with memory stores
2620 * Added support to StaticFile so that it works with non-textual files.
2621 * Removed dirname() helper
2622 * Removed several globals (now their modules must be required)
2627 * Added view benchmarks; currently haml vs ejs
2628 * Added Request#attachment() specs. Closes #116
2629 * Added use of node's parseQuery() util. Closes #123
2630 * Added `make init` for submodules
2632 * Updated sample chat app to show messages on load
2633 * Updated libxmljs parseString -> parseHtmlString
2634 * Fixed `make init` to work with older versions of git
2635 * Fixed specs can now run independent specs for those who cant build deps. Closes #127
2636 * Fixed issues introduced by the node url module changes. Closes 126.
2637 * Fixed two assertions failing due to Collection#keys() returning strings
2638 * Fixed faulty Collection#toArray() spec due to keys() returning strings
2639 * Fixed `make test` now builds libxmljs.node before testing
Code Review / sdnc / oam.git / blob