diff options
Diffstat (limited to 'node_modules/connect/HISTORY.md')
| -rw-r--r-- | node_modules/connect/HISTORY.md | 2443 |
1 files changed, 2443 insertions, 0 deletions
diff --git a/node_modules/connect/HISTORY.md b/node_modules/connect/HISTORY.md new file mode 100644 index 000000000..3c48e2644 --- /dev/null +++ b/node_modules/connect/HISTORY.md @@ -0,0 +1,2443 @@ +3.6.0 / 2017-02-17 +================== + + * deps: debug@2.6.1 + - Allow colors in workers + - Deprecated `DEBUG_FD` environment variable set to `3` or higher + - Fix error when running under React Native + - Use same color for same namespace + - deps: ms@0.7.2 + * deps: finalhandler@1.0.0 + - Fix exception when `err` cannot be converted to a string + - Fully URL-encode the pathname in the 404 + - Only include the pathname in the 404 message + - Send complete HTML document + - Set `Content-Security-Policy: default-src 'self'` header + - deps: debug@2.6.1 + +3.5.1 / 2017-02-12 +================== + + * deps: finalhandler@0.5.1 + - Fix exception when `err.headers` is not an object + - deps: statuses@~1.3.1 + - perf: hoist regular expressions + - perf: remove duplicate validation path + +3.5.0 / 2016-09-09 +================== + + * deps: finalhandler@0.5.0 + - Change invalid or non-numeric status code to 500 + - Overwrite status message to match set status code + - Prefer `err.statusCode` if `err.status` is invalid + - Set response headers from `err.headers` object + - Use `statuses` instead of `http` module for status messages + +3.4.1 / 2016-01-23 +================== + + * deps: finalhandler@0.4.1 + - deps: escape-html@~1.0.3 + * deps: parseurl@~1.3.1 + - perf: enable strict mode + +3.4.0 / 2015-06-18 +================== + + * deps: debug@~2.2.0 + - deps: ms@0.7.1 + * deps: finalhandler@0.4.0 + - Fix a false-positive when unpiping in Node.js 0.8 + - Support `statusCode` property on `Error` objects + - Use `unpipe` module for unpiping requests + - deps: debug@~2.2.0 + - deps: escape-html@1.0.2 + - deps: on-finished@~2.3.0 + - perf: enable strict mode + - perf: remove argument reassignment + * perf: enable strict mode + * perf: remove argument reassignments + +3.3.5 / 2015-03-16 +================== + + * deps: debug@~2.1.3 + - Fix high intensity foreground color for bold + - deps: ms@0.7.0 + * deps: finalhandler@0.3.4 + - deps: debug@~2.1.3 + +3.3.4 / 2015-01-07 +================== + + * deps: debug@~2.1.1 + * deps: finalhandler@0.3.3 + - deps: debug@~2.1.1 + - deps: on-finished@~2.2.0 + +3.3.3 / 2014-11-09 +================== + + * Correctly invoke async callback asynchronously + +3.3.2 / 2014-10-28 +================== + + * Fix handling of URLs containing `://` in the path + +3.3.1 / 2014-10-22 +================== + + * deps: finalhandler@0.3.2 + - deps: on-finished@~2.1.1 + +3.3.0 / 2014-10-17 +================== + + * deps: debug@~2.1.0 + - Implement `DEBUG_FD` env variable support + * deps: finalhandler@0.3.1 + - Terminate in progress response only on error + - Use `on-finished` to determine request status + - deps: debug@~2.1.0 + +3.2.0 / 2014-09-08 +================== + + * deps: debug@~2.0.0 + * deps: finalhandler@0.2.0 + - Set `X-Content-Type-Options: nosniff` header + - deps: debug@~2.0.0 + +3.1.1 / 2014-08-10 +================== + + * deps: parseurl@~1.3.0 + +3.1.0 / 2014-07-22 +================== + + * deps: debug@1.0.4 + * deps: finalhandler@0.1.0 + - Respond after request fully read + - deps: debug@1.0.4 + * deps: parseurl@~1.2.0 + - Cache URLs based on original value + - Remove no-longer-needed URL mis-parse work-around + - Simplify the "fast-path" `RegExp` + * perf: reduce executed logic in routing + * perf: refactor location of `try` block + +3.0.2 / 2014-07-10 +================== + + * deps: debug@1.0.3 + - Add support for multiple wildcards in namespaces + * deps: parseurl@~1.1.3 + - faster parsing of href-only URLs + +3.0.1 / 2014-06-19 +================== + + * use `finalhandler` for final response handling + * deps: debug@1.0.2 + +3.0.0 / 2014-05-29 +================== + + * No changes + +3.0.0-rc.2 / 2014-05-04 +======================= + + * Call error stack even when response has been sent + * Prevent default 404 handler after response sent + * dep: debug@0.8.1 + * encode stack in HTML for default error handler + * remove `proto` export + +3.0.0-rc.1 / 2014-03-06 +======================= + + * move middleware to separate repos + * remove docs + * remove node patches + * remove connect(middleware...) + * remove the old `connect.createServer()` method + * remove various private `connect.utils` functions + * drop node.js 0.8 support + +2.30.2 / 2015-07-31 +=================== + + * deps: body-parser@~1.13.3 + - deps: type-is@~1.6.6 + * deps: compression@~1.5.2 + - deps: accepts@~1.2.12 + - deps: compressible@~2.0.5 + - deps: vary@~1.0.1 + * deps: errorhandler@~1.4.2 + - deps: accepts@~1.2.12 + * deps: method-override@~2.3.5 + - deps: vary@~1.0.1 + - perf: enable strict mode + * deps: serve-index@~1.7.2 + - deps: accepts@~1.2.12 + - deps: mime-types@~2.1.4 + * deps: type-is@~1.6.6 + - deps: mime-types@~2.1.4 + * deps: vhost@~3.0.1 + - perf: enable strict mode + +2.30.1 / 2015-07-05 +=================== + + * deps: body-parser@~1.13.2 + - deps: iconv-lite@0.4.11 + - deps: qs@4.0.0 + - deps: raw-body@~2.1.2 + - deps: type-is@~1.6.4 + * deps: compression@~1.5.1 + - deps: accepts@~1.2.10 + - deps: compressible@~2.0.4 + * deps: errorhandler@~1.4.1 + - deps: accepts@~1.2.10 + * deps: qs@4.0.0 + - Fix dropping parameters like `hasOwnProperty` + - Fix various parsing edge cases + * deps: morgan@~1.6.1 + - deps: basic-auth@~1.0.3 + * deps: pause@0.1.0 + - Re-emit events with all original arguments + - Refactor internals + - perf: enable strict mode + * deps: serve-index@~1.7.1 + - deps: accepts@~1.2.10 + - deps: mime-types@~2.1.2 + * deps: type-is@~1.6.4 + - deps: mime-types@~2.1.2 + - perf: enable strict mode + - perf: remove argument reassignment + +2.30.0 / 2015-06-18 +=================== + + * deps: body-parser@~1.13.1 + - Add `statusCode` property on `Error`s, in addition to `status` + - Change `type` default to `application/json` for JSON parser + - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser + - Provide static `require` analysis + - Use the `http-errors` module to generate errors + - deps: bytes@2.1.0 + - deps: iconv-lite@0.4.10 + - deps: on-finished@~2.3.0 + - deps: raw-body@~2.1.1 + - deps: type-is@~1.6.3 + - perf: enable strict mode + - perf: remove argument reassignment + - perf: remove delete call + * deps: bytes@2.1.0 + - Slight optimizations + - Units no longer case sensitive when parsing + * deps: compression@~1.5.0 + - Fix return value from `.end` and `.write` after end + - Improve detection of zero-length body without `Content-Length` + - deps: accepts@~1.2.9 + - deps: bytes@2.1.0 + - deps: compressible@~2.0.3 + - perf: enable strict mode + - perf: remove flush reassignment + - perf: simplify threshold detection + * deps: cookie@0.1.3 + - Slight optimizations + * deps: cookie-parser@~1.3.5 + - deps: cookie@0.1.3 + * deps: csurf@~1.8.3 + - Add `sessionKey` option + - deps: cookie@0.1.3 + - deps: csrf@~3.0.0 + * deps: errorhandler@~1.4.0 + - Add charset to the `Content-Type` header + - Support `statusCode` property on `Error` objects + - deps: accepts@~1.2.9 + - deps: escape-html@1.0.2 + * deps: express-session@~1.11.3 + - Support an array in `secret` option for key rotation + - deps: cookie@0.1.3 + - deps: crc@3.3.0 + - deps: debug@~2.2.0 + - deps: depd@~1.0.1 + - deps: uid-safe@~2.0.0 + * deps: finalhandler@0.4.0 + - Fix a false-positive when unpiping in Node.js 0.8 + - Support `statusCode` property on `Error` objects + - Use `unpipe` module for unpiping requests + - deps: escape-html@1.0.2 + - deps: on-finished@~2.3.0 + - perf: enable strict mode + - perf: remove argument reassignment + * deps: fresh@0.3.0 + - Add weak `ETag` matching support + * deps: morgan@~1.6.0 + - Add `morgan.compile(format)` export + - Do not color 1xx status codes in `dev` format + - Fix `response-time` token to not include response latency + - Fix `status` token incorrectly displaying before response in `dev` format + - Fix token return values to be `undefined` or a string + - Improve representation of multiple headers in `req` and `res` tokens + - Use `res.getHeader` in `res` token + - deps: basic-auth@~1.0.2 + - deps: on-finished@~2.3.0 + - pref: enable strict mode + - pref: reduce function closure scopes + - pref: remove dynamic compile on every request for `dev` format + - pref: remove an argument reassignment + - pref: skip function call without `skip` option + * deps: serve-favicon@~2.3.0 + - Send non-chunked response for `OPTIONS` + - deps: etag@~1.7.0 + - deps: fresh@0.3.0 + - perf: enable strict mode + - perf: remove argument reassignment + - perf: remove bitwise operations + * deps: serve-index@~1.7.0 + - Accept `function` value for `template` option + - Send non-chunked response for `OPTIONS` + - Stat parent directory when necessary + - Use `Date.prototype.toLocaleDateString` to format date + - deps: accepts@~1.2.9 + - deps: escape-html@1.0.2 + - deps: mime-types@~2.1.1 + - perf: enable strict mode + - perf: remove argument reassignment + * deps: serve-static@~1.10.0 + - Add `fallthrough` option + - Fix reading options from options prototype + - Improve the default redirect response headers + - Malformed URLs now `next()` instead of 400 + - deps: escape-html@1.0.2 + - deps: send@0.13.0 + - perf: enable strict mode + - perf: remove argument reassignment + * deps: type-is@~1.6.3 + - deps: mime-types@~2.1.1 + - perf: reduce try block size + - perf: remove bitwise operations + +2.29.2 / 2015-05-14 +=================== + + * deps: body-parser@~1.12.4 + - Slight efficiency improvement when not debugging + - deps: debug@~2.2.0 + - deps: depd@~1.0.1 + - deps: iconv-lite@0.4.8 + - deps: on-finished@~2.2.1 + - deps: qs@2.4.2 + - deps: raw-body@~2.0.1 + - deps: type-is@~1.6.2 + * deps: compression@~1.4.4 + - deps: accepts@~1.2.7 + - deps: debug@~2.2.0 + * deps: connect-timeout@~1.6.2 + - deps: debug@~2.2.0 + - deps: ms@0.7.1 + * deps: debug@~2.2.0 + - deps: ms@0.7.1 + * deps: depd@~1.0.1 + * deps: errorhandler@~1.3.6 + - deps: accepts@~1.2.7 + * deps: finalhandler@0.3.6 + - deps: debug@~2.2.0 + - deps: on-finished@~2.2.1 + * deps: method-override@~2.3.3 + - deps: debug@~2.2.0 + * deps: morgan@~1.5.3 + - deps: basic-auth@~1.0.1 + - deps: debug@~2.2.0 + - deps: depd@~1.0.1 + - deps: on-finished@~2.2.1 + * deps: qs@2.4.2 + - Fix allowing parameters like `constructor` + * deps: response-time@~2.3.1 + - deps: depd@~1.0.1 + * deps: serve-favicon@~2.2.1 + - deps: etag@~1.6.0 + - deps: ms@0.7.1 + * deps: serve-index@~1.6.4 + - deps: accepts@~1.2.7 + - deps: debug@~2.2.0 + - deps: mime-types@~2.0.11 + * deps: serve-static@~1.9.3 + - deps: send@0.12.3 + * deps: type-is@~1.6.2 + - deps: mime-types@~2.0.11 + +2.29.1 / 2015-03-16 +=================== + + * deps: body-parser@~1.12.2 + - deps: debug@~2.1.3 + - deps: qs@2.4.1 + - deps: type-is@~1.6.1 + * deps: compression@~1.4.3 + - Fix error when code calls `res.end(str, encoding)` + - deps: accepts@~1.2.5 + - deps: debug@~2.1.3 + * deps: connect-timeout@~1.6.1 + - deps: debug@~2.1.3 + * deps: debug@~2.1.3 + - Fix high intensity foreground color for bold + - deps: ms@0.7.0 + * deps: errorhandler@~1.3.5 + - deps: accepts@~1.2.5 + * deps: express-session@~1.10.4 + - deps: debug@~2.1.3 + * deps: finalhandler@0.3.4 + - deps: debug@~2.1.3 + * deps: method-override@~2.3.2 + - deps: debug@~2.1.3 + * deps: morgan@~1.5.2 + - deps: debug@~2.1.3 + * deps: qs@2.4.1 + - Fix error when parameter `hasOwnProperty` is present + * deps: serve-index@~1.6.3 + - Properly escape file names in HTML + - deps: accepts@~1.2.5 + - deps: debug@~2.1.3 + - deps: escape-html@1.0.1 + - deps: mime-types@~2.0.10 + * deps: serve-static@~1.9.2 + - deps: send@0.12.2 + * deps: type-is@~1.6.1 + - deps: mime-types@~2.0.10 + +2.29.0 / 2015-02-17 +=================== + + * Use `content-type` to parse `Content-Type` headers + * deps: body-parser@~1.12.0 + - add `debug` messages + - accept a function for the `type` option + - make internal `extended: true` depth limit infinity + - use `content-type` to parse `Content-Type` headers + - deps: iconv-lite@0.4.7 + - deps: raw-body@1.3.3 + - deps: type-is@~1.6.0 + * deps: compression@~1.4.1 + - Prefer `gzip` over `deflate` on the server + - deps: accepts@~1.2.4 + * deps: connect-timeout@~1.6.0 + - deps: http-errors@~1.3.1 + * deps: cookie-parser@~1.3.4 + - deps: cookie-signature@1.0.6 + * deps: cookie-signature@1.0.6 + * deps: csurf@~1.7.0 + - Accept `CSRF-Token` and `XSRF-Token` request headers + - Default `cookie.path` to `'/'`, if using cookies + - deps: cookie-signature@1.0.6 + - deps: csrf@~2.0.6 + - deps: http-errors@~1.3.1 + * deps: errorhandler@~1.3.4 + - deps: accepts@~1.2.4 + * deps: express-session@~1.10.3 + - deps: cookie-signature@1.0.6 + - deps: uid-safe@1.1.0 + * deps: http-errors@~1.3.1 + - Construct errors using defined constructors from `createError` + - Fix error names that are not identifiers + - Set a meaningful `name` property on constructed errors + * deps: response-time@~2.3.0 + - Add function argument to support recording of response time + * deps: serve-index@~1.6.2 + - deps: accepts@~1.2.4 + - deps: http-errors@~1.3.1 + - deps: mime-types@~2.0.9 + * deps: serve-static@~1.9.1 + - deps: send@0.12.1 + * deps: type-is@~1.6.0 + - fix argument reassignment + - fix false-positives in `hasBody` `Transfer-Encoding` check + - support wildcard for both type and subtype (`*/*`) + - deps: mime-types@~2.0.9 + +2.28.3 / 2015-01-31 +=================== + + * deps: compression@~1.3.1 + - deps: accepts@~1.2.3 + - deps: compressible@~2.0.2 + * deps: csurf@~1.6.6 + - deps: csrf@~2.0.5 + * deps: errorhandler@~1.3.3 + - deps: accepts@~1.2.3 + * deps: express-session@~1.10.2 + - deps: uid-safe@1.0.3 + * deps: serve-index@~1.6.1 + - deps: accepts@~1.2.3 + - deps: mime-types@~2.0.8 + * deps: type-is@~1.5.6 + - deps: mime-types@~2.0.8 + +2.28.2 / 2015-01-20 +=================== + + * deps: body-parser@~1.10.2 + - deps: iconv-lite@0.4.6 + - deps: raw-body@1.3.2 + * deps: serve-static@~1.8.1 + - Fix redirect loop in Node.js 0.11.14 + - Fix root path disclosure + - deps: send@0.11.1 + +2.28.1 / 2015-01-08 +=================== + + * deps: csurf@~1.6.5 + - deps: csrf@~2.0.4 + * deps: express-session@~1.10.1 + - deps: uid-safe@~1.0.2 + +2.28.0 / 2015-01-05 +=================== + + * deps: body-parser@~1.10.1 + - Make internal `extended: true` array limit dynamic + - deps: on-finished@~2.2.0 + - deps: type-is@~1.5.5 + * deps: compression@~1.3.0 + - Export the default `filter` function for wrapping + - deps: accepts@~1.2.2 + - deps: debug@~2.1.1 + * deps: connect-timeout@~1.5.0 + - deps: debug@~2.1.1 + - deps: http-errors@~1.2.8 + - deps: ms@0.7.0 + * deps: csurf@~1.6.4 + - deps: csrf@~2.0.3 + - deps: http-errors@~1.2.8 + * deps: debug@~2.1.1 + * deps: errorhandler@~1.3.2 + - Add `log` option + - Fix heading content to not include stack + - deps: accepts@~1.2.2 + * deps: express-session@~1.10.0 + - Add `store.touch` interface for session stores + - Fix `MemoryStore` expiration with `resave: false` + - deps: debug@~2.1.1 + * deps: finalhandler@0.3.3 + - deps: debug@~2.1.1 + - deps: on-finished@~2.2.0 + * deps: method-override@~2.3.1 + - deps: debug@~2.1.1 + - deps: methods@~1.1.1 + * deps: morgan@~1.5.1 + - Add multiple date formats `clf`, `iso`, and `web` + - Deprecate `buffer` option + - Fix date format in `common` and `combined` formats + - Fix token arguments to accept values with `"` + - deps: debug@~2.1.1 + - deps: on-finished@~2.2.0 + * deps: serve-favicon@~2.2.0 + - Support query string in the URL + - deps: etag@~1.5.1 + - deps: ms@0.7.0 + * deps: serve-index@~1.6.0 + - Add link to root directory + - deps: accepts@~1.2.2 + - deps: batch@0.5.2 + - deps: debug@~2.1.1 + - deps: mime-types@~2.0.7 + * deps: serve-static@~1.8.0 + - Fix potential open redirect when mounted at root + - deps: send@0.11.0 + * deps: type-is@~1.5.5 + - deps: mime-types@~2.0.7 + +2.27.6 / 2014-12-10 +=================== + + * deps: serve-index@~1.5.3 + - deps: accepts@~1.1.4 + - deps: http-errors@~1.2.8 + - deps: mime-types@~2.0.4 + +2.27.5 / 2014-12-10 +=================== + + * deps: compression@~1.2.2 + - Fix `.end` to only proxy to `.end` + - deps: accepts@~1.1.4 + * deps: express-session@~1.9.3 + - Fix error when `req.sessionID` contains a non-string value + * deps: http-errors@~1.2.8 + - Fix stack trace from exported function + - Remove `arguments.callee` usage + * deps: serve-index@~1.5.2 + - Fix icon name background alignment on mobile view + * deps: type-is@~1.5.4 + - deps: mime-types@~2.0.4 + +2.27.4 / 2014-11-23 +=================== + + * deps: body-parser@~1.9.3 + - deps: iconv-lite@0.4.5 + - deps: qs@2.3.3 + - deps: raw-body@1.3.1 + - deps: type-is@~1.5.3 + * deps: compression@~1.2.1 + - deps: accepts@~1.1.3 + * deps: errorhandler@~1.2.3 + - deps: accepts@~1.1.3 + * deps: express-session@~1.9.2 + - deps: crc@3.2.1 + * deps: qs@2.3.3 + - Fix `arrayLimit` behavior + * deps: serve-favicon@~2.1.7 + - Avoid errors from enumerables on `Object.prototype` + * deps: serve-index@~1.5.1 + - deps: accepts@~1.1.3 + - deps: mime-types@~2.0.3 + * deps: type-is@~1.5.3 + - deps: mime-types@~2.0.3 + +2.27.3 / 2014-11-09 +=================== + + * Correctly invoke async callback asynchronously + * deps: csurf@~1.6.3 + - bump csrf + - bump http-errors + +2.27.2 / 2014-10-28 +=================== + + * Fix handling of URLs containing `://` in the path + * deps: body-parser@~1.9.2 + - deps: qs@2.3.2 + * deps: qs@2.3.2 + - Fix parsing of mixed objects and values + +2.27.1 / 2014-10-22 +=================== + + * deps: body-parser@~1.9.1 + - deps: on-finished@~2.1.1 + - deps: qs@2.3.0 + - deps: type-is@~1.5.2 + * deps: express-session@~1.9.1 + - Remove unnecessary empty write call + * deps: finalhandler@0.3.2 + - deps: on-finished@~2.1.1 + * deps: morgan@~1.4.1 + - deps: on-finished@~2.1.1 + * deps: qs@2.3.0 + - Fix parsing of mixed implicit and explicit arrays + * deps: serve-static@~1.7.1 + - deps: send@0.10.1 + +2.27.0 / 2014-10-16 +=================== + + * Use `http-errors` module for creating errors + * Use `utils-merge` module for merging objects + * deps: body-parser@~1.9.0 + - include the charset in "unsupported charset" error message + - include the encoding in "unsupported content encoding" error message + - deps: depd@~1.0.0 + * deps: compression@~1.2.0 + - deps: debug@~2.1.0 + * deps: connect-timeout@~1.4.0 + - Create errors with `http-errors` + - deps: debug@~2.1.0 + * deps: debug@~2.1.0 + - Implement `DEBUG_FD` env variable support + * deps: depd@~1.0.0 + * deps: express-session@~1.9.0 + - deps: debug@~2.1.0 + - deps: depd@~1.0.0 + * deps: finalhandler@0.3.1 + - Terminate in progress response only on error + - Use `on-finished` to determine request status + - deps: debug@~2.1.0 + * deps: method-override@~2.3.0 + - deps: debug@~2.1.0 + * deps: morgan@~1.4.0 + - Add `debug` messages + - deps: depd@~1.0.0 + * deps: response-time@~2.2.0 + - Add `header` option for custom header name + - Add `suffix` option + - Change `digits` argument to an `options` argument + - deps: depd@~1.0.0 + * deps: serve-favicon@~2.1.6 + - deps: etag@~1.5.0 + * deps: serve-index@~1.5.0 + - Add `dir` argument to `filter` function + - Add icon for mkv files + - Create errors with `http-errors` + - Fix incorrect 403 on Windows and Node.js 0.11 + - Lookup icon by mime type for greater icon support + - Support using tokens multiple times + - deps: accepts@~1.1.2 + - deps: debug@~2.1.0 + - deps: mime-types@~2.0.2 + * deps: serve-static@~1.7.0 + - deps: send@0.10.0 + +2.26.6 / 2014-10-15 +=================== + + * deps: compression@~1.1.2 + - deps: accepts@~1.1.2 + - deps: compressible@~2.0.1 + * deps: csurf@~1.6.2 + - bump http-errors + - fix cookie name when using `cookie: true` + * deps: errorhandler@~1.2.2 + - deps: accepts@~1.1.2 + +2.26.5 / 2014-10-08 +=================== + + * Fix accepting non-object arguments to `logger` + * deps: serve-static@~1.6.4 + - Fix redirect loop when index file serving disabled + +2.26.4 / 2014-10-02 +=================== + + * deps: morgan@~1.3.2 + - Fix `req.ip` integration when `immediate: false` + * deps: type-is@~1.5.2 + - deps: mime-types@~2.0.2 + +2.26.3 / 2014-09-24 +=================== + + * deps: body-parser@~1.8.4 + - fix content encoding to be case-insensitive + * deps: serve-favicon@~2.1.5 + - deps: etag@~1.4.0 + * deps: serve-static@~1.6.3 + - deps: send@0.9.3 + +2.26.2 / 2014-09-19 +=================== + + * deps: body-parser@~1.8.3 + - deps: qs@2.2.4 + * deps: qs@2.2.4 + - Fix issue with object keys starting with numbers truncated + +2.26.1 / 2014-09-15 +=================== + + * deps: body-parser@~1.8.2 + - deps: depd@0.4.5 + * deps: depd@0.4.5 + * deps: express-session@~1.8.2 + - Use `crc` instead of `buffer-crc32` for speed + - deps: depd@0.4.5 + * deps: morgan@~1.3.1 + - Remove un-used `bytes` dependency + - deps: depd@0.4.5 + * deps: serve-favicon@~2.1.4 + - Fix content headers being sent in 304 response + - deps: etag@~1.3.1 + * deps: serve-static@~1.6.2 + - deps: send@0.9.2 + +2.26.0 / 2014-09-08 +=================== + + * deps: body-parser@~1.8.1 + - add `parameterLimit` option to `urlencoded` parser + - change `urlencoded` extended array limit to 100 + - make empty-body-handling consistent between chunked requests + - respond with 415 when over `parameterLimit` in `urlencoded` + - deps: media-typer@0.3.0 + - deps: qs@2.2.3 + - deps: type-is@~1.5.1 + * deps: compression@~1.1.0 + - deps: accepts@~1.1.0 + - deps: compressible@~2.0.0 + - deps: debug@~2.0.0 + * deps: connect-timeout@~1.3.0 + - deps: debug@~2.0.0 + * deps: cookie-parser@~1.3.3 + - deps: cookie-signature@1.0.5 + * deps: cookie-signature@1.0.5 + * deps: csurf@~1.6.1 + - add `ignoreMethods` option + - bump cookie-signature + - csrf-tokens -> csrf + - set `code` property on CSRF token errors + * deps: debug@~2.0.0 + * deps: errorhandler@~1.2.0 + - Display error using `util.inspect` if no other representation + - deps: accepts@~1.1.0 + * deps: express-session@~1.8.1 + - Do not resave already-saved session at end of request + - Prevent session prototype methods from being overwritten + - deps: cookie-signature@1.0.5 + - deps: debug@~2.0.0 + * deps: finalhandler@0.2.0 + - Set `X-Content-Type-Options: nosniff` header + - deps: debug@~2.0.0 + * deps: fresh@0.2.4 + * deps: media-typer@0.3.0 + - Throw error when parameter format invalid on parse + * deps: method-override@~2.2.0 + - deps: debug@~2.0.0 + * deps: morgan@~1.3.0 + - Assert if `format` is not a function or string + * deps: qs@2.2.3 + - Fix issue where first empty value in array is discarded + * deps: serve-favicon@~2.1.3 + - Accept string for `maxAge` (converted by `ms`) + - Use `etag` to generate `ETag` header + - deps: fresh@0.2.4 + * deps: serve-index@~1.2.1 + - Add `debug` messages + - Resolve relative paths at middleware setup + - deps: accepts@~1.1.0 + * deps: serve-static@~1.6.1 + - Add `lastModified` option + - deps: send@0.9.1 + * deps: type-is@~1.5.1 + - fix `hasbody` to be true for `content-length: 0` + - deps: media-typer@0.3.0 + - deps: mime-types@~2.0.1 + * deps: vhost@~3.0.0 + +2.25.10 / 2014-09-04 +==================== + + * deps: serve-static@~1.5.4 + - deps: send@0.8.5 + +2.25.9 / 2014-08-29 +=================== + + * deps: body-parser@~1.6.7 + - deps: qs@2.2.2 + * deps: qs@2.2.2 + +2.25.8 / 2014-08-27 +=================== + + * deps: body-parser@~1.6.6 + - deps: qs@2.2.0 + * deps: csurf@~1.4.1 + * deps: qs@2.2.0 + - Array parsing fix + - Performance improvements + +2.25.7 / 2014-08-18 +=================== + + * deps: body-parser@~1.6.5 + - deps: on-finished@2.1.0 + * deps: express-session@~1.7.6 + - Fix exception on `res.end(null)` calls + * deps: morgan@~1.2.3 + - deps: on-finished@2.1.0 + * deps: serve-static@~1.5.3 + - deps: send@0.8.3 + +2.25.6 / 2014-08-14 +=================== + + * deps: body-parser@~1.6.4 + - deps: qs@1.2.2 + * deps: qs@1.2.2 + * deps: serve-static@~1.5.2 + - deps: send@0.8.2 + +2.25.5 / 2014-08-11 +=================== + + * Fix backwards compatibility in `logger` + +2.25.4 / 2014-08-10 +=================== + + * Fix `query` middleware breaking with argument + - It never really took one in the first place + * deps: body-parser@~1.6.3 + - deps: qs@1.2.1 + * deps: compression@~1.0.11 + - deps: on-headers@~1.0.0 + - deps: parseurl@~1.3.0 + * deps: connect-timeout@~1.2.2 + - deps: on-headers@~1.0.0 + * deps: express-session@~1.7.5 + - Fix parsing original URL + - deps: on-headers@~1.0.0 + - deps: parseurl@~1.3.0 + * deps: method-override@~2.1.3 + * deps: on-headers@~1.0.0 + * deps: parseurl@~1.3.0 + * deps: qs@1.2.1 + * deps: response-time@~2.0.1 + - deps: on-headers@~1.0.0 + * deps: serve-index@~1.1.6 + - Fix URL parsing + * deps: serve-static@~1.5.1 + - Fix parsing of weird `req.originalUrl` values + - deps: parseurl@~1.3.0 + = deps: utils-merge@1.0.0 + +2.25.3 / 2014-08-07 +=================== + + * deps: multiparty@3.3.2 + - Fix potential double-callback + +2.25.2 / 2014-08-07 +=================== + + * deps: body-parser@~1.6.2 + - deps: qs@1.2.0 + * deps: qs@1.2.0 + - Fix parsing array of objects + +2.25.1 / 2014-08-06 +=================== + + * deps: body-parser@~1.6.1 + - deps: qs@1.1.0 + * deps: qs@1.1.0 + - Accept urlencoded square brackets + - Accept empty values in implicit array notation + +2.25.0 / 2014-08-05 +=================== + + * deps: body-parser@~1.6.0 + - deps: qs@1.0.2 + * deps: compression@~1.0.10 + - Fix upper-case Content-Type characters prevent compression + - deps: compressible@~1.1.1 + * deps: csurf@~1.4.0 + - Support changing `req.session` after `csurf` middleware + - Calling `res.csrfToken()` after `req.session.destroy()` will now work + * deps: express-session@~1.7.4 + - Fix `res.end` patch to call correct upstream `res.write` + - Fix response end delay for non-chunked responses + * deps: qs@1.0.2 + - Complete rewrite + - Limits array length to 20 + - Limits object depth to 5 + - Limits parameters to 1,000 + * deps: serve-static@~1.5.0 + - Add `extensions` option + - deps: send@0.8.1 + +2.24.3 / 2014-08-04 +=================== + + * deps: serve-index@~1.1.5 + - Fix Content-Length calculation for multi-byte file names + - deps: accepts@~1.0.7 + * deps: serve-static@~1.4.4 + - Fix incorrect 403 on Windows and Node.js 0.11 + - deps: send@0.7.4 + +2.24.2 / 2014-07-27 +=================== + + * deps: body-parser@~1.5.2 + * deps: depd@0.4.4 + - Work-around v8 generating empty stack traces + * deps: express-session@~1.7.2 + * deps: morgan@~1.2.2 + * deps: serve-static@~1.4.2 + +2.24.1 / 2014-07-26 +=================== + + * deps: body-parser@~1.5.1 + * deps: depd@0.4.3 + - Fix exception when global `Error.stackTraceLimit` is too low + * deps: express-session@~1.7.1 + * deps: morgan@~1.2.1 + * deps: serve-index@~1.1.4 + * deps: serve-static@~1.4.1 + +2.24.0 / 2014-07-22 +=================== + + * deps: body-parser@~1.5.0 + - deps: depd@0.4.2 + - deps: iconv-lite@0.4.4 + - deps: raw-body@1.3.0 + - deps: type-is@~1.3.2 + * deps: compression@~1.0.9 + - Add `debug` messages + - deps: accepts@~1.0.7 + * deps: connect-timeout@~1.2.1 + - Accept string for `time` (converted by `ms`) + - deps: debug@1.0.4 + * deps: debug@1.0.4 + * deps: depd@0.4.2 + - Add `TRACE_DEPRECATION` environment variable + - Remove non-standard grey color from color output + - Support `--no-deprecation` argument + - Support `--trace-deprecation` argument + * deps: express-session@~1.7.0 + - Improve session-ending error handling + - deps: debug@1.0.4 + - deps: depd@0.4.2 + * deps: finalhandler@0.1.0 + - Respond after request fully read + - deps: debug@1.0.4 + * deps: method-override@~2.1.2 + - deps: debug@1.0.4 + - deps: parseurl@~1.2.0 + * deps: morgan@~1.2.0 + - Add `:remote-user` token + - Add `combined` log format + - Add `common` log format + - Remove non-standard grey color from `dev` format + * deps: multiparty@3.3.1 + * deps: parseurl@~1.2.0 + - Cache URLs based on original value + - Remove no-longer-needed URL mis-parse work-around + - Simplify the "fast-path" `RegExp` + * deps: serve-static@~1.4.0 + - Add `dotfiles` option + - deps: parseurl@~1.2.0 + - deps: send@0.7.0 + +2.23.0 / 2014-07-10 +=================== + + * deps: debug@1.0.3 + - Add support for multiple wildcards in namespaces + * deps: express-session@~1.6.4 + * deps: method-override@~2.1.0 + - add simple debug output + - deps: methods@1.1.0 + - deps: parseurl@~1.1.3 + * deps: parseurl@~1.1.3 + - faster parsing of href-only URLs + * deps: serve-static@~1.3.1 + - deps: parseurl@~1.1.3 + +2.22.0 / 2014-07-03 +=================== + + * deps: csurf@~1.3.0 + - Fix `cookie.signed` option to actually sign cookie + * deps: express-session@~1.6.1 + - Fix `res.end` patch to return correct value + - Fix `res.end` patch to handle multiple `res.end` calls + - Reject cookies with missing signatures + * deps: multiparty@3.3.0 + - Always emit close after all parts ended + - Fix callback hang in node.js 0.8 on errors + * deps: serve-static@~1.3.0 + - Accept string for `maxAge` (converted by `ms`) + - Add `setHeaders` option + - Include HTML link in redirect response + - deps: send@0.5.0 + +2.21.1 / 2014-06-26 +=================== + + * deps: cookie-parser@1.3.2 + - deps: cookie-signature@1.0.4 + * deps: cookie-signature@1.0.4 + - fix for timing attacks + * deps: express-session@~1.5.2 + - deps: cookie-signature@1.0.4 + * deps: type-is@~1.3.2 + - more mime types + +2.21.0 / 2014-06-20 +=================== + + * deprecate `connect(middleware)` -- use `app.use(middleware)` instead + * deprecate `connect.createServer()` -- use `connect()` instead + * fix `res.setHeader()` patch to work with get -> append -> set pattern + * deps: compression@~1.0.8 + * deps: errorhandler@~1.1.1 + * deps: express-session@~1.5.0 + - Deprecate integration with `cookie-parser` middleware + - Deprecate looking for secret in `req.secret` + - Directly read cookies; `cookie-parser` no longer required + - Directly set cookies; `res.cookie` no longer required + - Generate session IDs with `uid-safe`, faster and even less collisions + * deps: serve-index@~1.1.3 + +2.20.2 / 2014-06-19 +=================== + + * deps: body-parser@1.4.3 + - deps: type-is@1.3.1 + +2.20.1 / 2014-06-19 +=================== + + * deps: type-is@1.3.1 + - fix global variable leak + +2.20.0 / 2014-06-19 +=================== + + * deprecate `verify` option to `json` -- use `body-parser` npm module instead + * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead + * deprecate things with `depd` module + * use `finalhandler` for final response handling + * use `media-typer` to parse `content-type` for charset + * deps: body-parser@1.4.2 + - check accepted charset in content-type (accepts utf-8) + - check accepted encoding in content-encoding (accepts identity) + - deprecate `urlencoded()` without provided `extended` option + - lazy-load urlencoded parsers + - support gzip and deflate bodies + - set `inflate: false` to turn off + - deps: raw-body@1.2.2 + - deps: type-is@1.3.0 + - Support all encodings from `iconv-lite` + * deps: connect-timeout@1.1.1 + - deps: debug@1.0.2 + * deps: cookie-parser@1.3.1 + - export parsing functions + - `req.cookies` and `req.signedCookies` are now plain objects + - slightly faster parsing of many cookies + * deps: csurf@1.2.2 + * deps: errorhandler@1.1.0 + - Display error on console formatted like `throw` + - Escape HTML in stack trace + - Escape HTML in title + - Fix up edge cases with error sent in response + - Set `X-Content-Type-Options: nosniff` header + - Use accepts for negotiation + * deps: express-session@1.4.0 + - Add `genid` option to generate custom session IDs + - Add `saveUninitialized` option to control saving uninitialized sessions + - Add `unset` option to control unsetting `req.session` + - Generate session IDs with `rand-token` by default; reduce collisions + - Integrate with express "trust proxy" by default + - deps: buffer-crc32@0.2.3 + - deps: debug@1.0.2 + * deps: multiparty@3.2.9 + * deps: serve-index@1.1.2 + - deps: batch@0.5.1 + * deps: type-is@1.3.0 + - improve type parsing + * deps: vhost@2.0.0 + - Accept `RegExp` object for `hostname` + - Provide `req.vhost` object + - Support IPv6 literal in `Host` header + +2.19.6 / 2014-06-11 +=================== + + * deps: body-parser@1.3.1 + - deps: type-is@1.2.1 + * deps: compression@1.0.7 + - use vary module for better `Vary` behavior + - deps: accepts@1.0.3 + - deps: compressible@1.1.0 + * deps: debug@1.0.2 + * deps: serve-index@1.1.1 + - deps: accepts@1.0.3 + * deps: serve-static@1.2.3 + - Do not throw un-catchable error on file open race condition + - deps: send@0.4.3 + +2.19.5 / 2014-06-09 +=================== + + * deps: csurf@1.2.1 + - refactor to use csrf-tokens@~1.0.2 + * deps: debug@1.0.1 + * deps: serve-static@1.2.2 + - fix "event emitter leak" warnings + - deps: send@0.4.2 + * deps: type-is@1.2.1 + - Switch dependency from `mime` to `mime-types@1.0.0` + +2.19.4 / 2014-06-05 +=================== + + * deps: errorhandler@1.0.2 + - Pass on errors from reading error files + * deps: method-override@2.0.2 + - use vary module for better `Vary` behavior + * deps: serve-favicon@2.0.1 + - Reduce byte size of `ETag` header + +2.19.3 / 2014-06-03 +=================== + + * deps: compression@1.0.6 + - fix listeners for delayed stream creation + - fix regression for certain `stream.pipe(res)` situations + - fix regression when negotiation fails + +2.19.2 / 2014-06-03 +=================== + + * deps: compression@1.0.4 + - fix adding `Vary` when value stored as array + - fix back-pressure behavior + - fix length check for `res.end` + +2.19.1 / 2014-06-02 +=================== + + * fix deprecated `utils.escape` + +2.19.0 / 2014-06-02 +=================== + + * deprecate `methodOverride()` -- use `method-override` npm module instead + * deps: body-parser@1.3.0 + - add `extended` option to urlencoded parser + * deps: method-override@2.0.1 + - set `Vary` header + - deps: methods@1.0.1 + * deps: multiparty@3.2.8 + * deps: response-time@2.0.0 + - add `digits` argument + - do not override existing `X-Response-Time` header + - timer not subject to clock drift + - timer resolution down to nanoseconds + * deps: serve-static@1.2.1 + - send max-age in Cache-Control in correct format + - use `escape-html` for escaping + - deps: send@0.4.1 + +2.18.0 / 2014-05-29 +=================== + + * deps: compression@1.0.3 + * deps: serve-index@1.1.0 + - Fix content negotiation when no `Accept` header + - Properly support all HTTP methods + - Support vanilla node.js http servers + - Treat `ENAMETOOLONG` as code 414 + - Use accepts for negotiation + * deps: serve-static@1.2.0 + - Calculate ETag with md5 for reduced collisions + - Fix wrong behavior when index file matches directory + - Ignore stream errors after request ends + - Skip directories in index file search + - deps: send@0.4.0 + +2.17.3 / 2014-05-27 +=================== + + * deps: express-session@1.2.1 + - Fix `resave` such that `resave: true` works + +2.17.2 / 2014-05-27 +=================== + + * deps: body-parser@1.2.2 + - invoke `next(err)` after request fully read + - deps: raw-body@1.1.6 + * deps: method-override@1.0.2 + - Handle `req.body` key referencing array or object + - Handle multiple HTTP headers + +2.17.1 / 2014-05-21 +=================== + + * fix `res.charset` appending charset when `content-type` has one + +2.17.0 / 2014-05-20 +=================== + + * deps: express-session@1.2.0 + - Add `resave` option to control saving unmodified sessions + * deps: morgan@1.1.1 + - "dev" format will use same tokens as other formats + - `:response-time` token is now empty when immediate used + - `:response-time` token is now monotonic + - `:response-time` token has precision to 1 μs + - fix `:status` + immediate output in node.js 0.8 + - improve `buffer` option to prevent indefinite event loop holding + - simplify method to get remote address + - deps: bytes@1.0.0 + * deps: serve-index@1.0.3 + - Fix error from non-statable files in HTML view + +2.16.2 / 2014-05-18 +=================== + + * fix edge-case in `res.appendHeader` that would append in wrong order + * deps: method-override@1.0.1 + +2.16.1 / 2014-05-17 +=================== + + * remove usages of `res.headerSent` from core + +2.16.0 / 2014-05-17 +=================== + + * deprecate `res.headerSent` -- use `res.headersSent` + * deprecate `res.on("header")` -- use on-headers module instead + * fix `connect.version` to reflect the actual version + * json: use body-parser + - add `type` option + - fix repeated limit parsing with every request + - improve parser speed + * urlencoded: use body-parser + - add `type` option + - fix repeated limit parsing with every request + * dep: bytes@1.0.0 + * add negative support + * dep: cookie-parser@1.1.0 + - deps: cookie@0.1.2 + * dep: csurf@1.2.0 + - add support for double-submit cookie + * dep: express-session@1.1.0 + - Add `name` option; replacement for `key` option + - Use `setImmediate` in MemoryStore for node.js >= 0.10 + +2.15.0 / 2014-05-04 +=================== + + * Add simple `res.cookie` support + * Add `res.appendHeader` + * Call error stack even when response has been sent + * Patch `res.headerSent` to return Boolean + * Patch `res.headersSent` for node.js 0.8 + * Prevent default 404 handler after response sent + * dep: compression@1.0.2 + * support headers given to `res.writeHead` + * deps: bytes@0.3.0 + * deps: negotiator@0.4.3 + * dep: connect-timeout@1.1.0 + * Add `req.timedout` property + * Add `respond` option to constructor + * Clear timer on socket destroy + * deps: debug@0.8.1 + * dep: debug@^0.8.0 + * add `enable()` method + * change from stderr to stdout + * dep: errorhandler@1.0.1 + * Clean up error CSS + * Do not respond after headers sent + * dep: express-session@1.0.4 + * Remove import of `setImmediate` + * Use `res.cookie()` instead of `res.setHeader()` + * deps: cookie@0.1.2 + * deps: debug@0.8.1 + * dep: morgan@1.0.1 + * Make buffer unique per morgan instance + * deps: bytes@0.3.0 + * dep: serve-favicon@2.0.0 + * Accept `Buffer` of icon as first argument + * Non-GET and HEAD requests are denied + * Send valid max-age value + * Support conditional requests + * Support max-age=0 + * Support OPTIONS method + * Throw if `path` argument is directory + * dep: serve-index@1.0.2 + * Add stylesheet option + * deps: negotiator@0.4.3 + +2.14.5 / 2014-04-24 +=================== + + * dep: raw-body@1.1.4 + * allow true as an option + * deps: bytes@0.3.0 + * dep: serve-static@1.1.0 + * Accept options directly to `send` module + * deps: send@0.3.0 + +2.14.4 / 2014-04-07 +=================== + + * dep: bytes@0.3.0 + * added terabyte support + * dep: csurf@1.1.0 + * add constant-time string compare + * dep: serve-static@1.0.4 + * Resolve relative paths at middleware setup + * Use parseurl to parse the URL from request + * fix node.js 0.8 compatibility with memory session + +2.14.3 / 2014-03-18 +=================== + + * dep: static-favicon@1.0.2 + * Fixed content of default icon + +2.14.2 / 2014-03-11 +=================== + + * dep: static-favicon@1.0.1 + * Fixed path to default icon + +2.14.1 / 2014-03-06 +=================== + + * dep: fresh@0.2.2 + * no real changes + * dep: serve-index@1.0.1 + * deps: negotiator@0.4.2 + * dep: serve-static@1.0.2 + * deps: send@0.2.0 + +2.14.0 / 2014-03-05 +=================== + + * basicAuth: use basic-auth-connect + * cookieParser: use cookie-parser + * compress: use compression + * csrf: use csurf + * dep: cookie-signature@1.0.3 + * directory: use serve-index + * errorHandler: use errorhandler + * favicon: use static-favicon + * logger: use morgan + * methodOverride: use method-override + * responseTime: use response-time + * session: use express-session + * static: use serve-static + * timeout: use connect-timeout + * vhost: use vhost + +2.13.1 / 2014-03-05 +=================== + + * cookieSession: compare full value rather than crc32 + * deps: raw-body@1.1.3 + +2.13.0 / 2014-02-14 +=================== + + * fix typo in memory store warning #974 @rvagg + * compress: use compressible + * directory: add template option #990 @gottaloveit @Earl-Brown + * csrf: prevent deprecated warning with old sessions + +2.12.0 / 2013-12-10 +=================== + + * bump qs + * directory: sort folders before files + * directory: add folder icons + * directory: de-duplicate icons, details/mobile views #968 @simov + * errorHandler: end default 404 handler with a newline #972 @rlidwka + * session: remove long cookie expire check #870 @undoZen + +2.11.2 / 2013-12-01 +=================== + + * bump raw-body + +2.11.1 / 2013-11-27 +=================== + + * bump raw-body + * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma + +2.11.0 / 2013-10-29 +=================== + + * update bytes + * update uid2 + * update negotiator + * sessions: add rolling session option #944 @ilmeo + * sessions: property set cookies when given FQDN + * cookieSessions: properly set cookies when given FQDN #948 @bmancini55 + * proto: fix FQDN mounting when multiple handlers #945 @bmancini55 + +2.10.1 / 2013-10-23 +=================== + + * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson) + +2.10.0 / 2013-10-22 +=================== + + * fixed: set headers written by writeHead before emitting 'header' + * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson) + * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson) + * fixed: fix static directory redirect for mount's root #937 (@dougwilson) + * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123) + * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies + * compress: compress checks content-length to check threshold + * compress: expose `res.flush()` for flushing responses + * cookieParser: pass options into node-cookie #803 (@cauldrath) + * errorHandler: replace `\n`s with `<br/>`s in error handler + +2.9.2 / 2013-10-18 +================== + + * warn about multiparty and limit middleware deprecation for v3 + * fix fully qualified domain name mounting. #920 (@dougwilson) + * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson) + * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson) + +2.9.1 / 2013-10-15 +================== + + * update multiparty + * compress: Set vary header only if Content-Type passes filter #904 + * directory: Fix directory middleware URI escaping #917 (@dougwilson) + * directory: Fix directory seperators for Windows #914 (@dougwilson) + * directory: Keep query string intact during directory redirect #913 (@dougwilson) + * directory: Fix paths in links #730 (@JacksonTian) + * errorHandler: Don't escape text/plain as HTML #875 (@johan) + * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson) + * logger: Log even when connections are aborted #760 (@dylanahsmith) + * methodOverride: Check req.body is an object #907 (@kbjr) + * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson) + * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce) + +2.9.0 / 2013-09-07 +================== + + * multipart: add docs regarding tmpfiles + * multipart: add .name back to file parts + * multipart: use multiparty instead of formidable + +2.8.8 / 2013-09-02 +================== + + * csrf: change to math.random() salt and remove csrfToken() callback + +2.8.7 / 2013-08-28 +================== + + * csrf: prevent salt generation on every request, and add async req.csrfToken(fn) + +2.8.6 / 2013-08-28 +================== + + * csrf: refactor to use HMAC tokens (BREACH attack) + * compress: add compression of SVG and common font files by default. + +2.8.5 / 2013-08-11 +================== + + * add: compress Dart source files by default + * update fresh + +2.8.4 / 2013-07-08 +================== + + * update send + +2.8.3 / 2013-07-04 +================== + + * add a name back to static middleware ("staticMiddleware") + * fix .hasBody() utility to require transfer-encoding or content-length + +2.8.2 / 2013-07-03 +================== + + * update send + * update cookie dep. + * add better debug() for middleware + * add whitelisting of supported methods to methodOverride() + +2.8.1 / 2013-06-27 +================== + + * fix: escape req.method in 404 response + +2.8.0 / 2013-06-26 +================== + + * add `threshold` option to `compress()` to prevent compression of small responses + * add support for vendor JSON mime types in json() + * add X-Forwarded-Proto initial https proxy support + * change static redirect to 303 + * change octal escape sequences for strict mode + * change: replace utils.uid() with uid2 lib + * remove other "static" function name. Fixes #794 + * fix: hasBody() should return false if Content-Length: 0 + +2.7.11 / 2013-06-02 +================== + + * update send + +2.7.10 / 2013-05-21 +================== + + * update qs + * update formidable + * fix: write/end to noop() when request aborted + +2.7.9 / 2013-05-07 +================== + + * update qs + * drop support for node < v0.8 + +2.7.8 / 2013-05-03 +================== + + * update qs + +2.7.7 / 2013-04-29 +================== + + * update qs dependency + * remove "static" function name. Closes #794 + * update node-formidable + * update buffer-crc32 + +2.7.6 / 2013-04-15 +================== + + * revert cookie signature which was creating session race conditions + +2.7.5 / 2013-04-12 +================== + + * update cookie-signature + * limit: do not consume request in node 0.10.x + +2.7.4 / 2013-04-01 +================== + + * session: add long expires check and prevent excess set-cookie + * session: add console.error() of session#save() errors + +2.7.3 / 2013-02-19 +================== + + * add name to compress middleware + * add appending Accept-Encoding to Vary when set but missing + * add tests for csrf middleware + * add 'next' support for connect() server handler + * change utils.uid() to return url-safe chars. Closes #753 + * fix treating '.' as a regexp in vhost() + * fix duplicate bytes dep in package.json. Closes #743 + * fix #733 - parse x-forwarded-proto in a more generally compatibly way + * revert "add support for `next(status[, msg])`"; makes composition hard + +2.7.2 / 2013-01-04 +================== + + * add support for `next(status[, msg])` back + * add utf-8 meta tag to support foreign characters in filenames/directories + * change `timeout()` 408 to 503 + * replace 'node-crc' with 'buffer-crc32', fixes licensing + * fix directory.html IE support + +2.7.1 / 2012-12-05 +================== + + * add directory() tests + * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely) + * fix errorHandler signature + +2.7.0 / 2012-11-13 +================== + + * add support for leading JSON whitespace + * add logging of `req.ip` when present + * add basicAuth support for `:`-delimited string + * update cookie module. Closes #688 + +2.6.2 / 2012-11-01 +================== + + * add `debug()` for disconnected session store + * fix session regeneration bug. Closes #681 + +2.6.1 / 2012-10-25 +================== + + * add passing of `connect.timeout()` errors to `next()` + * replace signature utils with cookie-signature module + +2.6.0 / 2012-10-09 +================== + + * add `defer` option to `multipart()` [Blake Miner] + * fix mount path case sensitivity. Closes #663 + * fix default of ascii encoding from `logger()`, now utf8. Closes #293 + +2.5.0 / 2012-09-27 +================== + + * add `err.status = 400` to multipart() errors + * add double-encoding protection to `compress()`. Closes #659 + * add graceful handling cookie parsing errors [shtylman] + * fix typo X-Response-time to X-Response-Time + +2.4.6 / 2012-09-18 +================== + + * update qs + +2.4.5 / 2012-09-03 +================== + + * add session store "connect" / "disconnect" support [louischatriot] + * fix `:url` log token + +2.4.4 / 2012-08-21 +================== + + * fix `static()` pause regression from "send" integration + +2.4.3 / 2012-08-07 +================== + + * fix `.write()` encoding for zlib inconstancy. Closes #561 + +2.4.2 / 2012-07-25 +================== + + * remove limit default from `urlencoded()` + * remove limit default from `json()` + * remove limit default from `multipart()` + * fix `cookieSession()` clear cookie path / domain bug. Closes #636 + +2.4.1 / 2012-07-24 +================== + + * fix `options` mutation in `static()` + +2.4.0 / 2012-07-23 +================== + + * add `connect.timeout()` + * add __GET__ / __HEAD__ check to `directory()`. Closes #634 + * add "pause" util dep + * update send dep for normalization bug + +2.3.9 / 2012-07-16 +================== + + * add more descriptive invalid json error message + * update send dep for root normalization regression + * fix staticCache fresh dep + +2.3.8 / 2012-07-12 +================== + + * fix `connect.static()` 404 regression, pass `next()`. Closes #629 + +2.3.7 / 2012-07-05 +================== + + * add `json()` utf-8 illustration test. Closes #621 + * add "send" dependency + * change `connect.static()` internals to use "send" + * fix `session()` req.session generation with pathname mismatch + * fix `cookieSession()` req.session generation with pathname mismatch + * fix mime export. Closes #618 + +2.3.6 / 2012-07-03 +================== + + * Fixed cookieSession() with cookieParser() secret regression. Closes #602 + * Fixed set-cookie header fields on cookie.path mismatch. Closes #615 + +2.3.5 / 2012-06-28 +================== + + * Remove `logger()` mount check + * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607 + * Fixed `staticCache()` when Cookie is present + +2.3.4 / 2012-06-22 +================== + + * Added `err.buf` to urlencoded() and json() + * Update cookie to 0.0.4. Closes #604 + * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten] + +2.3.3 / 2012-06-11 +================== + + * Added ETags back to `static()` [timkuijsten] + * Replaced `utils.parseRange()` with `range-parser` module + * Replaced `utils.parseBytes()` with `bytes` module + * Replaced `utils.modified()` with `fresh` module + * Fixed `cookieSession()` regression with invalid cookie signing [shtylman] + +2.3.2 / 2012-06-08 +================== + + * expose mime module + * Update crc dep (which bundled nodeunit) + +2.3.1 / 2012-06-06 +================== + + * Added `secret` option to `cookieSession` middleware [shtylman] + * Added `secret` option to `session` middleware [shtylman] + * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user` + * Performance: improve signed cookie parsing + * Update `cookie` dependency [shtylman] + +2.3.0 / 2012-05-20 +================== + + * Added limit option to `json()` + * Added limit option to `urlencoded()` + * Added limit option to `multipart()` + * Fixed: remove socket error event listener on callback + * Fixed __ENOTDIR__ error on `static` middleware + +2.2.2 / 2012-05-07 +================== + + * Added support to csrf middle for pre-flight CORS requests + * Updated `engines` to allow newer version of node + * Removed duplicate repo prop. Closes #560 + +2.2.1 / 2012-04-28 +================== + + * Fixed `static()` redirect when mounted. Closes #554 + +2.2.0 / 2012-04-25 +================== + + * Added `make benchmark` + * Perf: memoize url parsing (~20% increase) + * Fixed `connect(fn, fn2, ...)`. Closes #549 + +2.1.3 / 2012-04-20 +================== + + * Added optional json() `reviver` function to be passed to JSON.parse [jed] + * Fixed: emit drain in compress middleware [nsabovic] + +2.1.2 / 2012-04-11 +================== + + * Fixed cookieParser() `req.cookies` regression + +2.1.1 / 2012-04-11 +================== + + * Fixed `session()` browser-session length cookies & examples + * Fixed: make `query()` "self-aware" [jed] + +2.1.0 / 2012-04-05 +================== + + * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`) + * Added `urlencoded()` support for GET + * Added `json()` support for GET. Closes #497 + * Added `strict` option to `json()` + * Changed: `session()` only set-cookie when modified + * Removed `Session#lastAccess` property. Closes #399 + +2.0.3 / 2012-03-20 +================== + + * Added: `cookieSession()` only sets cookie on change. Closes #442 + * Added `connect:dispatcher` debug() probes + +2.0.2 / 2012-03-04 +================== + + * Added test for __ENAMETOOLONG__ now that node is fixed + * Fixed static() index "/" check on windows. Closes #498 + * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia] + +2.0.1 / 2012-02-29 +================== + + * Added test coverage for `vhost()` middleware + * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov] + * Fixed `static()` Range: respond with 416 when unsatisfiable + * Fixed `vhost()` middleware. Closes #494 + +2.0.0 / 2011-10-05 +================== + + * Added `cookieSession()` middleware for cookie-only sessions + * Added `compress()` middleware for gzip / deflate support + * Added `session()` "proxy" setting to trust `X-Forwarded-Proto` + * Added `json()` middleware to parse "application/json" + * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded" + * Added `multipart()` middleware to parse "multipart/form-data" + * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies + * Added signed cookie support to `cookieParser()` + * Added support for JSON-serialized cookies to `cookieParser()` + * Added `err.status` support in Connect's default end-point + * Added X-Cache MISS / HIT to `staticCache()` + * Added public `res.headerSent` checking nodes `res._headerSent` until node does + * Changed `basicAuth()` req.remoteUser to req.user + * Changed: default `session()` to a browser-session cookie. Closes #475 + * Changed: no longer lowercase cookie names + * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()` + * Changed: `errorHandler()` is now a development-only middleware + * Changed middleware to `next()` errors when possible so applications can unify logging / handling + * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https + * Removed `.createServer()` (use `connect()`) + * Removed `secret` option from `session()`, use `cookieParser(secret)` + * Removed `connect.session.ignore` array support + * Removed `router()` middleware. Closes #262 + * Fixed: set-cookie only once for browser-session cookies + * Fixed FQDN support. dont add leading "/" + * Fixed 404 XSS attack vector. Closes #473 + * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point + +1.8.5 / 2011-12-22 +================== + + * Fixed: actually allow empty body for json + +1.8.4 / 2011-12-22 +================== + + * Changed: allow empty body for json/urlencoded requests. Backport for #443 + +1.8.3 / 2011-12-16 +================== + + * Fixed `static()` _index.html_ support on windows + +1.8.2 / 2011-12-03 +================== + + * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv] + +1.8.1 / 2011-11-21 +================== + + * Added nesting support for _multipart/form-data_ [jackyz] + +1.8.0 / 2011-11-17 +================== + + * Added _multipart/form-data_ support to `bodyParser()` using formidable + +1.7.3 / 2011-11-11 +================== + + * Fixed `req.body`, always default to {} + * Fixed HEAD support for 404s and 500s + +1.7.2 / 2011-10-24 +================== + + * "node": ">= 0.4.1 < 0.7.0" + * Added `static()` redirect option. Closes #398 + * Changed `limit()`: respond with 413 when content-length exceeds the limit + * Removed socket error listener in static(). Closes #389 + * Fixed `staticCache()` Age header field + * Fixed race condition causing errors reported in #329. + +1.7.1 / 2011-09-12 +================== + + * Added: make `Store` inherit from `EventEmitter` + * Added session `Store#load(sess, fn)` to fetch a `Session` instance + * Added backpressure support to `staticCache()` + * Changed `res.socket.destroy()` to `req.socket.destroy()` + +1.7.0 / 2011-08-31 +================== + + * Added `staticCache()` middleware, a memory cache for `static()` + * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this) + * Changed: ignore error handling middleware when header is sent + * Changed: dispatcher errors after header is sent destroy the sock + +1.6.4 / 2011-08-26 +================== + + * Revert "Added double-next reporting" + +1.6.3 / 2011-08-26 +================== + + * Added double-`next()` reporting + * Added `immediate` option to `logger()`. Closes #321 + * Dependency `qs >= 0.3.1` + +1.6.2 / 2011-08-11 +================== + + * Fixed `connect.static()` null byte vulnerability + * Fixed `connect.directory()` null byte vulnerability + * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289 + +1.6.1 / 2011-08-03 +================== + + * Added: allow retval `== null` from logger callback to ignore line + * Added `getOnly` option to `connect.static.send()` + * Added response "header" event allowing augmentation + * Added `X-CSRF-Token` header field check + * Changed dep `qs >= 0.3.0` + * Changed: persist csrf token. Closes #322 + * Changed: sort directory middleware files alphabetically + +1.6.0 / 2011-07-10 +================== + + * Added :response-time to "dev" logger format + * Added simple `csrf()` middleware. Closes #315 + * Fixed `res._headers` logger regression. Closes #318 + * Removed support for multiple middleware being passed to `.use()` + +1.5.2 / 2011-07-06 +================== + + * Added `filter` function option to `directory()` [David Rio Deiros] + * Changed: re-write of the `logger()` middleware, with extensible tokens and formats + * Changed: `static.send()` ".." in path without root considered malicious + * Fixed quotes in docs. Closes #312 + * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison] + + +1.5.1 / 2011-06-20 +================== + + * Added malicious path check to `directory()` middleware + * Added `utils.forbidden(res)` + * Added `connect.query()` middleware + +1.5.0 / 2011-06-20 +================== + + * Added `connect.directory()` middleware for serving directory listings + +1.4.6 / 2011-06-18 +================== + + * Fixed `connect.static()` root with `..` + * Fixed `connect.static()` __EBADF__ + +1.4.5 / 2011-06-17 +================== + + * Fixed EBADF in `connect.static()`. Closes #297 + +1.4.4 / 2011-06-16 +================== + + * Changed `connect.static()` to check resolved dirname. Closes #294 + +1.4.3 / 2011-06-06 +================== + + * Fixed fd leak in `connect.static()` when the socket is closed + * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285 + +1.4.2 / 2011-05-27 +================== + + * Changed to `devDependencies` + * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen] + * Fixed Win32 support for `static()` + * Fixed monkey-patch issue. Closes #261 + +1.4.1 / 2011-05-08 +================== + + * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251 + * Fixed `errorHandler` middleware for missing stack traces. [aseemk] +#274 + +1.4.0 / 2011-04-25 +================== + + * Added route-middleware `next('route')` support to jump passed the route itself + * Added Content-Length support to `limit()` + * Added route-specific middleware support (used to be in express) + * Changed; refactored duplicate session logic + * Changed; prevent redefining `store.generate` per request + * Fixed; `static()` does not set Content-Type when explicitly set [nateps] + * Fixed escape `errorHandler()` {error} contents + * NOTE: `router` will be removed in 2.0 + + +1.3.0 / 2011-04-06 +================== + + * Added `router.remove(path[, method])` to remove a route + +1.2.3 / 2011-04-05 +================== + + * Fixed basicAuth realm issue when passing strings. Closes #253 + +1.2.2 / 2011-04-05 +================== + + * Added `basicAuth(username, password)` support + * Added `errorHandler.title` defaulting to "Connect" + * Changed `errorHandler` css + +1.2.1 / 2011-03-30 +================== + + * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl] + +1.2.0 / 2011-03-30 +================== + + * Added `router.lookup(path[, method])` + * Added `router.match(url[, method])` + * Added basicAuth async support. Closes #223 + +1.1.5 / 2011-03-27 +================== + + * Added; allow `logger()` callback function to return an empty string to ignore logging + * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245 + +1.1.4 / 2011-03-23 +================== + + * Added `logger()` support for format function + * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x + +1.1.3 / 2011-03-21 +================== + + * Changed; `limit()` now calls `req.destroy()` + +1.1.2 / 2011-03-21 +================== + + * Added request "limit" event to `limit()` middleware + * Changed; `limit()` middleware will `next(err)` on failure + +1.1.1 / 2011-03-18 +================== + + * Fixed session middleware for HTTPS. Closes #241 [reported by mt502] + +1.1.0 / 2011-03-17 +================== + + * Added `Session#reload(fn)` + +1.0.6 / 2011-03-09 +================== + + * Fixed `res.setHeader()` patch, preserve casing + +1.0.5 / 2011-03-09 +================== + + * Fixed; `logger()` using `req.originalUrl` instead of `req.url` + +1.0.4 / 2011-03-09 +================== + + * Added `res.charset` + * Added conditional sessions example + * Added support for `session.ignore` to be replaced. Closes #227 + * Fixed `Cache-Control` delimiters. Closes #228 + +1.0.3 / 2011-03-03 +================== + + * Fixed; `static.send()` invokes callback with connection error + +1.0.2 / 2011-03-02 +================== + + * Fixed exported connect function + * Fixed package.json; node ">= 0.4.1 < 0.5.0" + +1.0.1 / 2011-03-02 +================== + + * Added `Session#save(fn)`. Closes #213 + * Added callback support to `connect.static.send()` for express + * Added `connect.static.send()` "path" option + * Fixed content-type in `static()` for _index.html_ + +1.0.0 / 2011-03-01 +================== + + * Added `stack`, `message`, and `dump` errorHandler option aliases + * Added `req.originalMethod` to methodOverride + * Added `favicon()` maxAge option support + * Added `connect()` alternative to `connect.createServer()` + * Added new [documentation](http://senchalabs.github.com/connect) + * Added Range support to `static()` + * Added HTTPS support + * Rewrote session middleware. The session API now allows for + session-specific cookies, so you may alter each individually. + Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html). + * Added middleware self-awareness. This helps prevent + middleware breakage when used within mounted servers. + For example `cookieParser()` will not parse cookies more + than once even when within a mounted server. + * Added new examples in the `./examples` directory + * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware + * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware + * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware + * Renamed `staticProvider` to `static` + * Renamed `bodyDecoder` to `bodyParser` + * Renamed `cookieDecoder` to `cookieParser` + * Fixed ETag quotes. [reported by papandreou] + * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou] + * Fixed; only set req.originalUrl once. Closes #124 + * Fixed symlink support for `static()`. Closes #123 + +0.5.10 / 2011-02-14 +================== + + * Fixed SID space issue. Closes #196 + * Fixed; proxy `res.end()` to commit session data + * Fixed directory traversal attack in `staticProvider`. Closes #198 + +0.5.9 / 2011-02-09 +================== + + * qs >= 0.0.4 + +0.5.8 / 2011-02-04 +================== + + * Added `qs` dependency + * Fixed router race-condition causing possible failure + when `next()`ing to one or more routes with parallel + requests + +0.5.7 / 2011-02-01 +================== + + * Added `onvhost()` call so Express (and others) can know when they are + * Revert "Added stylus support" (use the middleware which ships with stylus) + * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly + * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen] + * Fixed `utils.uid()` length error [Jxck] +mounted + +0.5.6 / 2011-01-23 +================== + + * Added stylus support to `compiler` + * _favicon.js_ cleanup + * _compiler.js_ cleanup + * _bodyDecoder.js_ cleanup + +0.5.5 / 2011-01-13 +================== + + * Changed; using sha256 HMAC instead of md5. [Paul Querna] + * Changed; generated a longer random UID, without time influence. [Paul Querna] + * Fixed; session middleware throws when secret is not present. [Paul Querna] + +0.5.4 / 2011-01-07 +================== + + * Added; throw when router path or callback is missing + * Fixed; `next(err)` on cookie parse exception instead of ignoring + * Revert "Added utils.pathname(), memoized url.parse(str).pathname" + +0.5.3 / 2011-01-05 +================== + + * Added _docs/api.html_ + * Added `utils.pathname()`, memoized url.parse(str).pathname + * Fixed `session.id` issue. Closes #183 + * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179 + * Removed bad outdated docs, we need something new / automated eventually + +0.5.2 / 2010-12-28 +================== + + * Added default __OPTIONS__ support to _router_ middleware + +0.5.1 / 2010-12-28 +================== + + * Added `req.session.id` mirroring `req.sessionID` + * Refactored router, exposing `connect.router.methods` + * Exclude non-lib files from npm + * Removed imposed headers `X-Powered-By`, `Server`, etc + +0.5.0 / 2010-12-06 +================== + + * Added _./index.js_ + * Added route segment precondition support and example + * Added named capture group support to router + +0.4.0 / 2010-11-29 +================== + + * Added `basicAuth` middleware + * Added more HTTP methods to the `router` middleware + +0.3.0 / 2010-07-21 +================== + + * Added _staticGzip_ middleware + * Added `connect.utils` to expose utils + * Added `connect.session.Session` + * Added `connect.session.Store` + * Added `connect.session.MemoryStore` + * Added `connect.middleware` to expose the middleware getters + * Added `buffer` option to _logger_ for performance increase + * Added _favicon_ middleware for serving your own favicon or the connect default + * Added option support to _staticProvider_, can now pass _root_ and _lifetime_. + * Added; mounted `Server` instances now have the `route` property exposed for reflection + * Added support for callback as first arg to `Server#use()` + * Added support for `next(true)` in _router_ to bypass match attempts + * Added `Server#listen()` _host_ support + * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance + * Added _methodOverride_ X-HTTP-Method-Override support + * Refactored session internals, adds _secret_ option + * Renamed `lifetime` option to `maxAge` in _staticProvider_ + * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark) + * Removed connect(1) dependency on examples, they can all now run with node(1) + * Remove a typo that was leaking a global. + * Removed `Object.prototype` forEach() and map() methods + * Removed a few utils not used + * Removed `connect.createApp()` + * Removed `res.simpleBody()` + * Removed _format_ middleware + * Removed _flash_ middleware + * Removed _redirect_ middleware + * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc) + * Removed _pubsub_ middleware + * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array + * Changed; _compiler_ no longer 404s + * Changed; _router_ signature now matches connect middleware signature + * Fixed a require in _session_ for default `MemoryStore` + * Fixed nasty request body bug in _router_. Closes #54 + * Fixed _less_ support in _compiler_ + * Fixed bug preventing proper bubbling of exceptions in mounted servers + * Fixed bug in `Server#use()` preventing `Server` instances as the first arg + * Fixed **ENOENT** special case, is now treated as any other exception + * Fixed spark env support + +0.2.1 / 2010-07-09 +================== + + * Added support for _router_ `next()` to continue calling matched routes + * Added mime type for _cache.manifest_ files. + * Changed _compiler_ middleware to use async require + * Changed session api, stores now only require `#get()`, and `#set()` + * Fixed _cacheManifest_ by adding `utils.find()` back + +0.2.0 / 2010-07-01 +================== + + * Added calls to `Session()` casts the given object as a `Session` instance + * Added passing of `next()` to _router_ callbacks. Closes #46 + * Changed; `MemoryStore#destroy()` removes `req.session` + * Changed `res.redirect("back")` to default to "/" when Referr?er is not present + * Fixed _staticProvider_ urlencoded paths issue. Closes #47 + * Fixed _staticProvider_ middleware responding to **GET** requests + * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43 + * Fixed _logger_ format option + * Fixed typo in _compiler_ middleware preventing the _dest_ option from working + +0.1.0 / 2010-06-25 +================== + + * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu) + * Added [extended api docs](http://extjs.github.com/Connect/api.html) + * Added docs for several more middleware layers + * Added `connect.Server#use()` + * Added _compiler_ middleware which provides arbitrary static compilation + * Added `req.originalUrl` + * Removed _blog_ example + * Removed _sass_ middleware (use _compiler_) + * Removed _less_ middleware (use _compiler_) + * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc. + * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes + * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39 + * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies + * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries + +0.0.6 / 2010-06-22 +================== + + * Added _static_ middleware usage example + * Added support for regular expressions as paths for _router_ + * Added `util.merge()` + * Increased performance of _static_ by ~ 200 rps + * Renamed the _rest_ middleware to _router_ + * Changed _rest_ api to accept a callback function + * Removed _router_ middleware + * Removed _proto.js_, only `Object#forEach()` remains + +0.0.5 / 2010-06-21 +================== + + * Added Server#use() which contains the Layer normalization logic + * Added documentation for several middleware + * Added several new examples + * Added _less_ middleware + * Added _repl_ middleware + * Added _vhost_ middleware + * Added _flash_ middleware + * Added _cookie_ middleware + * Added _session_ middleware + * Added `utils.htmlEscape()` + * Added `utils.base64Decode()` + * Added `utils.base64Encode()` + * Added `utils.uid()` + * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26 + * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()` + * Renamed req.redirect() to res.redirect(). Closes #29 + * Fixed _sass_ 404 on **ENOENT** + * Fixed +new Date duplication. Closes #24 + +0.0.4 / 2010-06-16 +================== + + * Added workerPidfile() to bin/connect + * Added --workers support to bin/connect stop and status commands + * Added _redirect_ middleware + * Added better --config support to bin/connect. All flags can be utilized + * Added auto-detection of _./config.js_ + * Added config example + * Added `net.Server` support to bin/connect + * Writing worker pids relative to `env.pidfile` + * s/parseQuery/parse/g + * Fixed npm support + +0.0.3 / 2010-06-16 +================== + + * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__ + +0.0.2 / 2010-06-15 +================== + + * Added `-V, --version` to bin/connect + * Added `utils.parseCookie()` + * Added `utils.serializeCookie()` + * Added `utils.toBoolean()` + * Added _sass_ middleware + * Added _cookie_ middleware + * Added _format_ middleware + * Added _lint_ middleware + * Added _rest_ middleware + * Added _./package.json_ (npm install connect) + * Added `handleError()` support + * Added `process.connectEnv` + * Added custom log format support to _log_ middleware + * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url") + * Added -w, --workers to bin/connect + * Added bin/connect support for --user NAME and --group NAME + * Fixed url re-writing support + +0.0.1 / 2010-06-03 +================== + + * Initial release + |