2461 lines
72 KiB
Markdown
2461 lines
72 KiB
Markdown
3.6.2 / 2017-05-16
|
|
==================
|
|
|
|
* deps: finalhandler@1.0.3
|
|
- deps: debug@2.6.7
|
|
* deps: debug@2.6.7
|
|
- deps: ms@2.0.0
|
|
|
|
3.6.1 / 2017-04-19
|
|
==================
|
|
|
|
* deps: debug@2.6.3
|
|
- Fix `DEBUG_MAX_ARRAY_LENGTH`
|
|
* deps: finalhandler@1.0.1
|
|
- Fix missing `</html>` in HTML document
|
|
- deps: debug@2.6.3
|
|
|
|
3.6.0 / 2017-02-17
|
|
==================
|
|
|
|
* deps: debug@2.6.1
|
|
- Allow colors in workers
|
|
- Deprecated `DEBUG_FD` environment variable set to `3` or higher
|
|
- Fix error when running under React Native
|
|
- Use same color for same namespace
|
|
- deps: ms@0.7.2
|
|
* deps: finalhandler@1.0.0
|
|
- Fix exception when `err` cannot be converted to a string
|
|
- Fully URL-encode the pathname in the 404
|
|
- Only include the pathname in the 404 message
|
|
- Send complete HTML document
|
|
- Set `Content-Security-Policy: default-src 'self'` header
|
|
- deps: debug@2.6.1
|
|
|
|
3.5.1 / 2017-02-12
|
|
==================
|
|
|
|
* deps: finalhandler@0.5.1
|
|
- Fix exception when `err.headers` is not an object
|
|
- deps: statuses@~1.3.1
|
|
- perf: hoist regular expressions
|
|
- perf: remove duplicate validation path
|
|
|
|
3.5.0 / 2016-09-09
|
|
==================
|
|
|
|
* deps: finalhandler@0.5.0
|
|
- Change invalid or non-numeric status code to 500
|
|
- Overwrite status message to match set status code
|
|
- Prefer `err.statusCode` if `err.status` is invalid
|
|
- Set response headers from `err.headers` object
|
|
- Use `statuses` instead of `http` module for status messages
|
|
|
|
3.4.1 / 2016-01-23
|
|
==================
|
|
|
|
* deps: finalhandler@0.4.1
|
|
- deps: escape-html@~1.0.3
|
|
* deps: parseurl@~1.3.1
|
|
- perf: enable strict mode
|
|
|
|
3.4.0 / 2015-06-18
|
|
==================
|
|
|
|
* deps: debug@~2.2.0
|
|
- deps: ms@0.7.1
|
|
* deps: finalhandler@0.4.0
|
|
- Fix a false-positive when unpiping in Node.js 0.8
|
|
- Support `statusCode` property on `Error` objects
|
|
- Use `unpipe` module for unpiping requests
|
|
- deps: debug@~2.2.0
|
|
- deps: escape-html@1.0.2
|
|
- deps: on-finished@~2.3.0
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
* perf: enable strict mode
|
|
* perf: remove argument reassignments
|
|
|
|
3.3.5 / 2015-03-16
|
|
==================
|
|
|
|
* deps: debug@~2.1.3
|
|
- Fix high intensity foreground color for bold
|
|
- deps: ms@0.7.0
|
|
* deps: finalhandler@0.3.4
|
|
- deps: debug@~2.1.3
|
|
|
|
3.3.4 / 2015-01-07
|
|
==================
|
|
|
|
* deps: debug@~2.1.1
|
|
* deps: finalhandler@0.3.3
|
|
- deps: debug@~2.1.1
|
|
- deps: on-finished@~2.2.0
|
|
|
|
3.3.3 / 2014-11-09
|
|
==================
|
|
|
|
* Correctly invoke async callback asynchronously
|
|
|
|
3.3.2 / 2014-10-28
|
|
==================
|
|
|
|
* Fix handling of URLs containing `://` in the path
|
|
|
|
3.3.1 / 2014-10-22
|
|
==================
|
|
|
|
* deps: finalhandler@0.3.2
|
|
- deps: on-finished@~2.1.1
|
|
|
|
3.3.0 / 2014-10-17
|
|
==================
|
|
|
|
* deps: debug@~2.1.0
|
|
- Implement `DEBUG_FD` env variable support
|
|
* deps: finalhandler@0.3.1
|
|
- Terminate in progress response only on error
|
|
- Use `on-finished` to determine request status
|
|
- deps: debug@~2.1.0
|
|
|
|
3.2.0 / 2014-09-08
|
|
==================
|
|
|
|
* deps: debug@~2.0.0
|
|
* deps: finalhandler@0.2.0
|
|
- Set `X-Content-Type-Options: nosniff` header
|
|
- deps: debug@~2.0.0
|
|
|
|
3.1.1 / 2014-08-10
|
|
==================
|
|
|
|
* deps: parseurl@~1.3.0
|
|
|
|
3.1.0 / 2014-07-22
|
|
==================
|
|
|
|
* deps: debug@1.0.4
|
|
* deps: finalhandler@0.1.0
|
|
- Respond after request fully read
|
|
- deps: debug@1.0.4
|
|
* deps: parseurl@~1.2.0
|
|
- Cache URLs based on original value
|
|
- Remove no-longer-needed URL mis-parse work-around
|
|
- Simplify the "fast-path" `RegExp`
|
|
* perf: reduce executed logic in routing
|
|
* perf: refactor location of `try` block
|
|
|
|
3.0.2 / 2014-07-10
|
|
==================
|
|
|
|
* deps: debug@1.0.3
|
|
- Add support for multiple wildcards in namespaces
|
|
* deps: parseurl@~1.1.3
|
|
- faster parsing of href-only URLs
|
|
|
|
3.0.1 / 2014-06-19
|
|
==================
|
|
|
|
* use `finalhandler` for final response handling
|
|
* deps: debug@1.0.2
|
|
|
|
3.0.0 / 2014-05-29
|
|
==================
|
|
|
|
* No changes
|
|
|
|
3.0.0-rc.2 / 2014-05-04
|
|
=======================
|
|
|
|
* Call error stack even when response has been sent
|
|
* Prevent default 404 handler after response sent
|
|
* dep: debug@0.8.1
|
|
* encode stack in HTML for default error handler
|
|
* remove `proto` export
|
|
|
|
3.0.0-rc.1 / 2014-03-06
|
|
=======================
|
|
|
|
* move middleware to separate repos
|
|
* remove docs
|
|
* remove node patches
|
|
* remove connect(middleware...)
|
|
* remove the old `connect.createServer()` method
|
|
* remove various private `connect.utils` functions
|
|
* drop node.js 0.8 support
|
|
|
|
2.30.2 / 2015-07-31
|
|
===================
|
|
|
|
* deps: body-parser@~1.13.3
|
|
- deps: type-is@~1.6.6
|
|
* deps: compression@~1.5.2
|
|
- deps: accepts@~1.2.12
|
|
- deps: compressible@~2.0.5
|
|
- deps: vary@~1.0.1
|
|
* deps: errorhandler@~1.4.2
|
|
- deps: accepts@~1.2.12
|
|
* deps: method-override@~2.3.5
|
|
- deps: vary@~1.0.1
|
|
- perf: enable strict mode
|
|
* deps: serve-index@~1.7.2
|
|
- deps: accepts@~1.2.12
|
|
- deps: mime-types@~2.1.4
|
|
* deps: type-is@~1.6.6
|
|
- deps: mime-types@~2.1.4
|
|
* deps: vhost@~3.0.1
|
|
- perf: enable strict mode
|
|
|
|
2.30.1 / 2015-07-05
|
|
===================
|
|
|
|
* deps: body-parser@~1.13.2
|
|
- deps: iconv-lite@0.4.11
|
|
- deps: qs@4.0.0
|
|
- deps: raw-body@~2.1.2
|
|
- deps: type-is@~1.6.4
|
|
* deps: compression@~1.5.1
|
|
- deps: accepts@~1.2.10
|
|
- deps: compressible@~2.0.4
|
|
* deps: errorhandler@~1.4.1
|
|
- deps: accepts@~1.2.10
|
|
* deps: qs@4.0.0
|
|
- Fix dropping parameters like `hasOwnProperty`
|
|
- Fix various parsing edge cases
|
|
* deps: morgan@~1.6.1
|
|
- deps: basic-auth@~1.0.3
|
|
* deps: pause@0.1.0
|
|
- Re-emit events with all original arguments
|
|
- Refactor internals
|
|
- perf: enable strict mode
|
|
* deps: serve-index@~1.7.1
|
|
- deps: accepts@~1.2.10
|
|
- deps: mime-types@~2.1.2
|
|
* deps: type-is@~1.6.4
|
|
- deps: mime-types@~2.1.2
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
|
|
2.30.0 / 2015-06-18
|
|
===================
|
|
|
|
* deps: body-parser@~1.13.1
|
|
- Add `statusCode` property on `Error`s, in addition to `status`
|
|
- Change `type` default to `application/json` for JSON parser
|
|
- Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser
|
|
- Provide static `require` analysis
|
|
- Use the `http-errors` module to generate errors
|
|
- deps: bytes@2.1.0
|
|
- deps: iconv-lite@0.4.10
|
|
- deps: on-finished@~2.3.0
|
|
- deps: raw-body@~2.1.1
|
|
- deps: type-is@~1.6.3
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
- perf: remove delete call
|
|
* deps: bytes@2.1.0
|
|
- Slight optimizations
|
|
- Units no longer case sensitive when parsing
|
|
* deps: compression@~1.5.0
|
|
- Fix return value from `.end` and `.write` after end
|
|
- Improve detection of zero-length body without `Content-Length`
|
|
- deps: accepts@~1.2.9
|
|
- deps: bytes@2.1.0
|
|
- deps: compressible@~2.0.3
|
|
- perf: enable strict mode
|
|
- perf: remove flush reassignment
|
|
- perf: simplify threshold detection
|
|
* deps: cookie@0.1.3
|
|
- Slight optimizations
|
|
* deps: cookie-parser@~1.3.5
|
|
- deps: cookie@0.1.3
|
|
* deps: csurf@~1.8.3
|
|
- Add `sessionKey` option
|
|
- deps: cookie@0.1.3
|
|
- deps: csrf@~3.0.0
|
|
* deps: errorhandler@~1.4.0
|
|
- Add charset to the `Content-Type` header
|
|
- Support `statusCode` property on `Error` objects
|
|
- deps: accepts@~1.2.9
|
|
- deps: escape-html@1.0.2
|
|
* deps: express-session@~1.11.3
|
|
- Support an array in `secret` option for key rotation
|
|
- deps: cookie@0.1.3
|
|
- deps: crc@3.3.0
|
|
- deps: debug@~2.2.0
|
|
- deps: depd@~1.0.1
|
|
- deps: uid-safe@~2.0.0
|
|
* deps: finalhandler@0.4.0
|
|
- Fix a false-positive when unpiping in Node.js 0.8
|
|
- Support `statusCode` property on `Error` objects
|
|
- Use `unpipe` module for unpiping requests
|
|
- deps: escape-html@1.0.2
|
|
- deps: on-finished@~2.3.0
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
* deps: fresh@0.3.0
|
|
- Add weak `ETag` matching support
|
|
* deps: morgan@~1.6.0
|
|
- Add `morgan.compile(format)` export
|
|
- Do not color 1xx status codes in `dev` format
|
|
- Fix `response-time` token to not include response latency
|
|
- Fix `status` token incorrectly displaying before response in `dev` format
|
|
- Fix token return values to be `undefined` or a string
|
|
- Improve representation of multiple headers in `req` and `res` tokens
|
|
- Use `res.getHeader` in `res` token
|
|
- deps: basic-auth@~1.0.2
|
|
- deps: on-finished@~2.3.0
|
|
- pref: enable strict mode
|
|
- pref: reduce function closure scopes
|
|
- pref: remove dynamic compile on every request for `dev` format
|
|
- pref: remove an argument reassignment
|
|
- pref: skip function call without `skip` option
|
|
* deps: serve-favicon@~2.3.0
|
|
- Send non-chunked response for `OPTIONS`
|
|
- deps: etag@~1.7.0
|
|
- deps: fresh@0.3.0
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
- perf: remove bitwise operations
|
|
* deps: serve-index@~1.7.0
|
|
- Accept `function` value for `template` option
|
|
- Send non-chunked response for `OPTIONS`
|
|
- Stat parent directory when necessary
|
|
- Use `Date.prototype.toLocaleDateString` to format date
|
|
- deps: accepts@~1.2.9
|
|
- deps: escape-html@1.0.2
|
|
- deps: mime-types@~2.1.1
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
* deps: serve-static@~1.10.0
|
|
- Add `fallthrough` option
|
|
- Fix reading options from options prototype
|
|
- Improve the default redirect response headers
|
|
- Malformed URLs now `next()` instead of 400
|
|
- deps: escape-html@1.0.2
|
|
- deps: send@0.13.0
|
|
- perf: enable strict mode
|
|
- perf: remove argument reassignment
|
|
* deps: type-is@~1.6.3
|
|
- deps: mime-types@~2.1.1
|
|
- perf: reduce try block size
|
|
- perf: remove bitwise operations
|
|
|
|
2.29.2 / 2015-05-14
|
|
===================
|
|
|
|
* deps: body-parser@~1.12.4
|
|
- Slight efficiency improvement when not debugging
|
|
- deps: debug@~2.2.0
|
|
- deps: depd@~1.0.1
|
|
- deps: iconv-lite@0.4.8
|
|
- deps: on-finished@~2.2.1
|
|
- deps: qs@2.4.2
|
|
- deps: raw-body@~2.0.1
|
|
- deps: type-is@~1.6.2
|
|
* deps: compression@~1.4.4
|
|
- deps: accepts@~1.2.7
|
|
- deps: debug@~2.2.0
|
|
* deps: connect-timeout@~1.6.2
|
|
- deps: debug@~2.2.0
|
|
- deps: ms@0.7.1
|
|
* deps: debug@~2.2.0
|
|
- deps: ms@0.7.1
|
|
* deps: depd@~1.0.1
|
|
* deps: errorhandler@~1.3.6
|
|
- deps: accepts@~1.2.7
|
|
* deps: finalhandler@0.3.6
|
|
- deps: debug@~2.2.0
|
|
- deps: on-finished@~2.2.1
|
|
* deps: method-override@~2.3.3
|
|
- deps: debug@~2.2.0
|
|
* deps: morgan@~1.5.3
|
|
- deps: basic-auth@~1.0.1
|
|
- deps: debug@~2.2.0
|
|
- deps: depd@~1.0.1
|
|
- deps: on-finished@~2.2.1
|
|
* deps: qs@2.4.2
|
|
- Fix allowing parameters like `constructor`
|
|
* deps: response-time@~2.3.1
|
|
- deps: depd@~1.0.1
|
|
* deps: serve-favicon@~2.2.1
|
|
- deps: etag@~1.6.0
|
|
- deps: ms@0.7.1
|
|
* deps: serve-index@~1.6.4
|
|
- deps: accepts@~1.2.7
|
|
- deps: debug@~2.2.0
|
|
- deps: mime-types@~2.0.11
|
|
* deps: serve-static@~1.9.3
|
|
- deps: send@0.12.3
|
|
* deps: type-is@~1.6.2
|
|
- deps: mime-types@~2.0.11
|
|
|
|
2.29.1 / 2015-03-16
|
|
===================
|
|
|
|
* deps: body-parser@~1.12.2
|
|
- deps: debug@~2.1.3
|
|
- deps: qs@2.4.1
|
|
- deps: type-is@~1.6.1
|
|
* deps: compression@~1.4.3
|
|
- Fix error when code calls `res.end(str, encoding)`
|
|
- deps: accepts@~1.2.5
|
|
- deps: debug@~2.1.3
|
|
* deps: connect-timeout@~1.6.1
|
|
- deps: debug@~2.1.3
|
|
* deps: debug@~2.1.3
|
|
- Fix high intensity foreground color for bold
|
|
- deps: ms@0.7.0
|
|
* deps: errorhandler@~1.3.5
|
|
- deps: accepts@~1.2.5
|
|
* deps: express-session@~1.10.4
|
|
- deps: debug@~2.1.3
|
|
* deps: finalhandler@0.3.4
|
|
- deps: debug@~2.1.3
|
|
* deps: method-override@~2.3.2
|
|
- deps: debug@~2.1.3
|
|
* deps: morgan@~1.5.2
|
|
- deps: debug@~2.1.3
|
|
* deps: qs@2.4.1
|
|
- Fix error when parameter `hasOwnProperty` is present
|
|
* deps: serve-index@~1.6.3
|
|
- Properly escape file names in HTML
|
|
- deps: accepts@~1.2.5
|
|
- deps: debug@~2.1.3
|
|
- deps: escape-html@1.0.1
|
|
- deps: mime-types@~2.0.10
|
|
* deps: serve-static@~1.9.2
|
|
- deps: send@0.12.2
|
|
* deps: type-is@~1.6.1
|
|
- deps: mime-types@~2.0.10
|
|
|
|
2.29.0 / 2015-02-17
|
|
===================
|
|
|
|
* Use `content-type` to parse `Content-Type` headers
|
|
* deps: body-parser@~1.12.0
|
|
- add `debug` messages
|
|
- accept a function for the `type` option
|
|
- make internal `extended: true` depth limit infinity
|
|
- use `content-type` to parse `Content-Type` headers
|
|
- deps: iconv-lite@0.4.7
|
|
- deps: raw-body@1.3.3
|
|
- deps: type-is@~1.6.0
|
|
* deps: compression@~1.4.1
|
|
- Prefer `gzip` over `deflate` on the server
|
|
- deps: accepts@~1.2.4
|
|
* deps: connect-timeout@~1.6.0
|
|
- deps: http-errors@~1.3.1
|
|
* deps: cookie-parser@~1.3.4
|
|
- deps: cookie-signature@1.0.6
|
|
* deps: cookie-signature@1.0.6
|
|
* deps: csurf@~1.7.0
|
|
- Accept `CSRF-Token` and `XSRF-Token` request headers
|
|
- Default `cookie.path` to `'/'`, if using cookies
|
|
- deps: cookie-signature@1.0.6
|
|
- deps: csrf@~2.0.6
|
|
- deps: http-errors@~1.3.1
|
|
* deps: errorhandler@~1.3.4
|
|
- deps: accepts@~1.2.4
|
|
* deps: express-session@~1.10.3
|
|
- deps: cookie-signature@1.0.6
|
|
- deps: uid-safe@1.1.0
|
|
* deps: http-errors@~1.3.1
|
|
- Construct errors using defined constructors from `createError`
|
|
- Fix error names that are not identifiers
|
|
- Set a meaningful `name` property on constructed errors
|
|
* deps: response-time@~2.3.0
|
|
- Add function argument to support recording of response time
|
|
* deps: serve-index@~1.6.2
|
|
- deps: accepts@~1.2.4
|
|
- deps: http-errors@~1.3.1
|
|
- deps: mime-types@~2.0.9
|
|
* deps: serve-static@~1.9.1
|
|
- deps: send@0.12.1
|
|
* deps: type-is@~1.6.0
|
|
- fix argument reassignment
|
|
- fix false-positives in `hasBody` `Transfer-Encoding` check
|
|
- support wildcard for both type and subtype (`*/*`)
|
|
- deps: mime-types@~2.0.9
|
|
|
|
2.28.3 / 2015-01-31
|
|
===================
|
|
|
|
* deps: compression@~1.3.1
|
|
- deps: accepts@~1.2.3
|
|
- deps: compressible@~2.0.2
|
|
* deps: csurf@~1.6.6
|
|
- deps: csrf@~2.0.5
|
|
* deps: errorhandler@~1.3.3
|
|
- deps: accepts@~1.2.3
|
|
* deps: express-session@~1.10.2
|
|
- deps: uid-safe@1.0.3
|
|
* deps: serve-index@~1.6.1
|
|
- deps: accepts@~1.2.3
|
|
- deps: mime-types@~2.0.8
|
|
* deps: type-is@~1.5.6
|
|
- deps: mime-types@~2.0.8
|
|
|
|
2.28.2 / 2015-01-20
|
|
===================
|
|
|
|
* deps: body-parser@~1.10.2
|
|
- deps: iconv-lite@0.4.6
|
|
- deps: raw-body@1.3.2
|
|
* deps: serve-static@~1.8.1
|
|
- Fix redirect loop in Node.js 0.11.14
|
|
- Fix root path disclosure
|
|
- deps: send@0.11.1
|
|
|
|
2.28.1 / 2015-01-08
|
|
===================
|
|
|
|
* deps: csurf@~1.6.5
|
|
- deps: csrf@~2.0.4
|
|
* deps: express-session@~1.10.1
|
|
- deps: uid-safe@~1.0.2
|
|
|
|
2.28.0 / 2015-01-05
|
|
===================
|
|
|
|
* deps: body-parser@~1.10.1
|
|
- Make internal `extended: true` array limit dynamic
|
|
- deps: on-finished@~2.2.0
|
|
- deps: type-is@~1.5.5
|
|
* deps: compression@~1.3.0
|
|
- Export the default `filter` function for wrapping
|
|
- deps: accepts@~1.2.2
|
|
- deps: debug@~2.1.1
|
|
* deps: connect-timeout@~1.5.0
|
|
- deps: debug@~2.1.1
|
|
- deps: http-errors@~1.2.8
|
|
- deps: ms@0.7.0
|
|
* deps: csurf@~1.6.4
|
|
- deps: csrf@~2.0.3
|
|
- deps: http-errors@~1.2.8
|
|
* deps: debug@~2.1.1
|
|
* deps: errorhandler@~1.3.2
|
|
- Add `log` option
|
|
- Fix heading content to not include stack
|
|
- deps: accepts@~1.2.2
|
|
* deps: express-session@~1.10.0
|
|
- Add `store.touch` interface for session stores
|
|
- Fix `MemoryStore` expiration with `resave: false`
|
|
- deps: debug@~2.1.1
|
|
* deps: finalhandler@0.3.3
|
|
- deps: debug@~2.1.1
|
|
- deps: on-finished@~2.2.0
|
|
* deps: method-override@~2.3.1
|
|
- deps: debug@~2.1.1
|
|
- deps: methods@~1.1.1
|
|
* deps: morgan@~1.5.1
|
|
- Add multiple date formats `clf`, `iso`, and `web`
|
|
- Deprecate `buffer` option
|
|
- Fix date format in `common` and `combined` formats
|
|
- Fix token arguments to accept values with `"`
|
|
- deps: debug@~2.1.1
|
|
- deps: on-finished@~2.2.0
|
|
* deps: serve-favicon@~2.2.0
|
|
- Support query string in the URL
|
|
- deps: etag@~1.5.1
|
|
- deps: ms@0.7.0
|
|
* deps: serve-index@~1.6.0
|
|
- Add link to root directory
|
|
- deps: accepts@~1.2.2
|
|
- deps: batch@0.5.2
|
|
- deps: debug@~2.1.1
|
|
- deps: mime-types@~2.0.7
|
|
* deps: serve-static@~1.8.0
|
|
- Fix potential open redirect when mounted at root
|
|
- deps: send@0.11.0
|
|
* deps: type-is@~1.5.5
|
|
- deps: mime-types@~2.0.7
|
|
|
|
2.27.6 / 2014-12-10
|
|
===================
|
|
|
|
* deps: serve-index@~1.5.3
|
|
- deps: accepts@~1.1.4
|
|
- deps: http-errors@~1.2.8
|
|
- deps: mime-types@~2.0.4
|
|
|
|
2.27.5 / 2014-12-10
|
|
===================
|
|
|
|
* deps: compression@~1.2.2
|
|
- Fix `.end` to only proxy to `.end`
|
|
- deps: accepts@~1.1.4
|
|
* deps: express-session@~1.9.3
|
|
- Fix error when `req.sessionID` contains a non-string value
|
|
* deps: http-errors@~1.2.8
|
|
- Fix stack trace from exported function
|
|
- Remove `arguments.callee` usage
|
|
* deps: serve-index@~1.5.2
|
|
- Fix icon name background alignment on mobile view
|
|
* deps: type-is@~1.5.4
|
|
- deps: mime-types@~2.0.4
|
|
|
|
2.27.4 / 2014-11-23
|
|
===================
|
|
|
|
* deps: body-parser@~1.9.3
|
|
- deps: iconv-lite@0.4.5
|
|
- deps: qs@2.3.3
|
|
- deps: raw-body@1.3.1
|
|
- deps: type-is@~1.5.3
|
|
* deps: compression@~1.2.1
|
|
- deps: accepts@~1.1.3
|
|
* deps: errorhandler@~1.2.3
|
|
- deps: accepts@~1.1.3
|
|
* deps: express-session@~1.9.2
|
|
- deps: crc@3.2.1
|
|
* deps: qs@2.3.3
|
|
- Fix `arrayLimit` behavior
|
|
* deps: serve-favicon@~2.1.7
|
|
- Avoid errors from enumerables on `Object.prototype`
|
|
* deps: serve-index@~1.5.1
|
|
- deps: accepts@~1.1.3
|
|
- deps: mime-types@~2.0.3
|
|
* deps: type-is@~1.5.3
|
|
- deps: mime-types@~2.0.3
|
|
|
|
2.27.3 / 2014-11-09
|
|
===================
|
|
|
|
* Correctly invoke async callback asynchronously
|
|
* deps: csurf@~1.6.3
|
|
- bump csrf
|
|
- bump http-errors
|
|
|
|
2.27.2 / 2014-10-28
|
|
===================
|
|
|
|
* Fix handling of URLs containing `://` in the path
|
|
* deps: body-parser@~1.9.2
|
|
- deps: qs@2.3.2
|
|
* deps: qs@2.3.2
|
|
- Fix parsing of mixed objects and values
|
|
|
|
2.27.1 / 2014-10-22
|
|
===================
|
|
|
|
* deps: body-parser@~1.9.1
|
|
- deps: on-finished@~2.1.1
|
|
- deps: qs@2.3.0
|
|
- deps: type-is@~1.5.2
|
|
* deps: express-session@~1.9.1
|
|
- Remove unnecessary empty write call
|
|
* deps: finalhandler@0.3.2
|
|
- deps: on-finished@~2.1.1
|
|
* deps: morgan@~1.4.1
|
|
- deps: on-finished@~2.1.1
|
|
* deps: qs@2.3.0
|
|
- Fix parsing of mixed implicit and explicit arrays
|
|
* deps: serve-static@~1.7.1
|
|
- deps: send@0.10.1
|
|
|
|
2.27.0 / 2014-10-16
|
|
===================
|
|
|
|
* Use `http-errors` module for creating errors
|
|
* Use `utils-merge` module for merging objects
|
|
* deps: body-parser@~1.9.0
|
|
- include the charset in "unsupported charset" error message
|
|
- include the encoding in "unsupported content encoding" error message
|
|
- deps: depd@~1.0.0
|
|
* deps: compression@~1.2.0
|
|
- deps: debug@~2.1.0
|
|
* deps: connect-timeout@~1.4.0
|
|
- Create errors with `http-errors`
|
|
- deps: debug@~2.1.0
|
|
* deps: debug@~2.1.0
|
|
- Implement `DEBUG_FD` env variable support
|
|
* deps: depd@~1.0.0
|
|
* deps: express-session@~1.9.0
|
|
- deps: debug@~2.1.0
|
|
- deps: depd@~1.0.0
|
|
* deps: finalhandler@0.3.1
|
|
- Terminate in progress response only on error
|
|
- Use `on-finished` to determine request status
|
|
- deps: debug@~2.1.0
|
|
* deps: method-override@~2.3.0
|
|
- deps: debug@~2.1.0
|
|
* deps: morgan@~1.4.0
|
|
- Add `debug` messages
|
|
- deps: depd@~1.0.0
|
|
* deps: response-time@~2.2.0
|
|
- Add `header` option for custom header name
|
|
- Add `suffix` option
|
|
- Change `digits` argument to an `options` argument
|
|
- deps: depd@~1.0.0
|
|
* deps: serve-favicon@~2.1.6
|
|
- deps: etag@~1.5.0
|
|
* deps: serve-index@~1.5.0
|
|
- Add `dir` argument to `filter` function
|
|
- Add icon for mkv files
|
|
- Create errors with `http-errors`
|
|
- Fix incorrect 403 on Windows and Node.js 0.11
|
|
- Lookup icon by mime type for greater icon support
|
|
- Support using tokens multiple times
|
|
- deps: accepts@~1.1.2
|
|
- deps: debug@~2.1.0
|
|
- deps: mime-types@~2.0.2
|
|
* deps: serve-static@~1.7.0
|
|
- deps: send@0.10.0
|
|
|
|
2.26.6 / 2014-10-15
|
|
===================
|
|
|
|
* deps: compression@~1.1.2
|
|
- deps: accepts@~1.1.2
|
|
- deps: compressible@~2.0.1
|
|
* deps: csurf@~1.6.2
|
|
- bump http-errors
|
|
- fix cookie name when using `cookie: true`
|
|
* deps: errorhandler@~1.2.2
|
|
- deps: accepts@~1.1.2
|
|
|
|
2.26.5 / 2014-10-08
|
|
===================
|
|
|
|
* Fix accepting non-object arguments to `logger`
|
|
* deps: serve-static@~1.6.4
|
|
- Fix redirect loop when index file serving disabled
|
|
|
|
2.26.4 / 2014-10-02
|
|
===================
|
|
|
|
* deps: morgan@~1.3.2
|
|
- Fix `req.ip` integration when `immediate: false`
|
|
* deps: type-is@~1.5.2
|
|
- deps: mime-types@~2.0.2
|
|
|
|
2.26.3 / 2014-09-24
|
|
===================
|
|
|
|
* deps: body-parser@~1.8.4
|
|
- fix content encoding to be case-insensitive
|
|
* deps: serve-favicon@~2.1.5
|
|
- deps: etag@~1.4.0
|
|
* deps: serve-static@~1.6.3
|
|
- deps: send@0.9.3
|
|
|
|
2.26.2 / 2014-09-19
|
|
===================
|
|
|
|
* deps: body-parser@~1.8.3
|
|
- deps: qs@2.2.4
|
|
* deps: qs@2.2.4
|
|
- Fix issue with object keys starting with numbers truncated
|
|
|
|
2.26.1 / 2014-09-15
|
|
===================
|
|
|
|
* deps: body-parser@~1.8.2
|
|
- deps: depd@0.4.5
|
|
* deps: depd@0.4.5
|
|
* deps: express-session@~1.8.2
|
|
- Use `crc` instead of `buffer-crc32` for speed
|
|
- deps: depd@0.4.5
|
|
* deps: morgan@~1.3.1
|
|
- Remove un-used `bytes` dependency
|
|
- deps: depd@0.4.5
|
|
* deps: serve-favicon@~2.1.4
|
|
- Fix content headers being sent in 304 response
|
|
- deps: etag@~1.3.1
|
|
* deps: serve-static@~1.6.2
|
|
- deps: send@0.9.2
|
|
|
|
2.26.0 / 2014-09-08
|
|
===================
|
|
|
|
* deps: body-parser@~1.8.1
|
|
- add `parameterLimit` option to `urlencoded` parser
|
|
- change `urlencoded` extended array limit to 100
|
|
- make empty-body-handling consistent between chunked requests
|
|
- respond with 415 when over `parameterLimit` in `urlencoded`
|
|
- deps: media-typer@0.3.0
|
|
- deps: qs@2.2.3
|
|
- deps: type-is@~1.5.1
|
|
* deps: compression@~1.1.0
|
|
- deps: accepts@~1.1.0
|
|
- deps: compressible@~2.0.0
|
|
- deps: debug@~2.0.0
|
|
* deps: connect-timeout@~1.3.0
|
|
- deps: debug@~2.0.0
|
|
* deps: cookie-parser@~1.3.3
|
|
- deps: cookie-signature@1.0.5
|
|
* deps: cookie-signature@1.0.5
|
|
* deps: csurf@~1.6.1
|
|
- add `ignoreMethods` option
|
|
- bump cookie-signature
|
|
- csrf-tokens -> csrf
|
|
- set `code` property on CSRF token errors
|
|
* deps: debug@~2.0.0
|
|
* deps: errorhandler@~1.2.0
|
|
- Display error using `util.inspect` if no other representation
|
|
- deps: accepts@~1.1.0
|
|
* deps: express-session@~1.8.1
|
|
- Do not resave already-saved session at end of request
|
|
- Prevent session prototype methods from being overwritten
|
|
- deps: cookie-signature@1.0.5
|
|
- deps: debug@~2.0.0
|
|
* deps: finalhandler@0.2.0
|
|
- Set `X-Content-Type-Options: nosniff` header
|
|
- deps: debug@~2.0.0
|
|
* deps: fresh@0.2.4
|
|
* deps: media-typer@0.3.0
|
|
- Throw error when parameter format invalid on parse
|
|
* deps: method-override@~2.2.0
|
|
- deps: debug@~2.0.0
|
|
* deps: morgan@~1.3.0
|
|
- Assert if `format` is not a function or string
|
|
* deps: qs@2.2.3
|
|
- Fix issue where first empty value in array is discarded
|
|
* deps: serve-favicon@~2.1.3
|
|
- Accept string for `maxAge` (converted by `ms`)
|
|
- Use `etag` to generate `ETag` header
|
|
- deps: fresh@0.2.4
|
|
* deps: serve-index@~1.2.1
|
|
- Add `debug` messages
|
|
- Resolve relative paths at middleware setup
|
|
- deps: accepts@~1.1.0
|
|
* deps: serve-static@~1.6.1
|
|
- Add `lastModified` option
|
|
- deps: send@0.9.1
|
|
* deps: type-is@~1.5.1
|
|
- fix `hasbody` to be true for `content-length: 0`
|
|
- deps: media-typer@0.3.0
|
|
- deps: mime-types@~2.0.1
|
|
* deps: vhost@~3.0.0
|
|
|
|
2.25.10 / 2014-09-04
|
|
====================
|
|
|
|
* deps: serve-static@~1.5.4
|
|
- deps: send@0.8.5
|
|
|
|
2.25.9 / 2014-08-29
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.7
|
|
- deps: qs@2.2.2
|
|
* deps: qs@2.2.2
|
|
|
|
2.25.8 / 2014-08-27
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.6
|
|
- deps: qs@2.2.0
|
|
* deps: csurf@~1.4.1
|
|
* deps: qs@2.2.0
|
|
- Array parsing fix
|
|
- Performance improvements
|
|
|
|
2.25.7 / 2014-08-18
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.5
|
|
- deps: on-finished@2.1.0
|
|
* deps: express-session@~1.7.6
|
|
- Fix exception on `res.end(null)` calls
|
|
* deps: morgan@~1.2.3
|
|
- deps: on-finished@2.1.0
|
|
* deps: serve-static@~1.5.3
|
|
- deps: send@0.8.3
|
|
|
|
2.25.6 / 2014-08-14
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.4
|
|
- deps: qs@1.2.2
|
|
* deps: qs@1.2.2
|
|
* deps: serve-static@~1.5.2
|
|
- deps: send@0.8.2
|
|
|
|
2.25.5 / 2014-08-11
|
|
===================
|
|
|
|
* Fix backwards compatibility in `logger`
|
|
|
|
2.25.4 / 2014-08-10
|
|
===================
|
|
|
|
* Fix `query` middleware breaking with argument
|
|
- It never really took one in the first place
|
|
* deps: body-parser@~1.6.3
|
|
- deps: qs@1.2.1
|
|
* deps: compression@~1.0.11
|
|
- deps: on-headers@~1.0.0
|
|
- deps: parseurl@~1.3.0
|
|
* deps: connect-timeout@~1.2.2
|
|
- deps: on-headers@~1.0.0
|
|
* deps: express-session@~1.7.5
|
|
- Fix parsing original URL
|
|
- deps: on-headers@~1.0.0
|
|
- deps: parseurl@~1.3.0
|
|
* deps: method-override@~2.1.3
|
|
* deps: on-headers@~1.0.0
|
|
* deps: parseurl@~1.3.0
|
|
* deps: qs@1.2.1
|
|
* deps: response-time@~2.0.1
|
|
- deps: on-headers@~1.0.0
|
|
* deps: serve-index@~1.1.6
|
|
- Fix URL parsing
|
|
* deps: serve-static@~1.5.1
|
|
- Fix parsing of weird `req.originalUrl` values
|
|
- deps: parseurl@~1.3.0
|
|
= deps: utils-merge@1.0.0
|
|
|
|
2.25.3 / 2014-08-07
|
|
===================
|
|
|
|
* deps: multiparty@3.3.2
|
|
- Fix potential double-callback
|
|
|
|
2.25.2 / 2014-08-07
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.2
|
|
- deps: qs@1.2.0
|
|
* deps: qs@1.2.0
|
|
- Fix parsing array of objects
|
|
|
|
2.25.1 / 2014-08-06
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.1
|
|
- deps: qs@1.1.0
|
|
* deps: qs@1.1.0
|
|
- Accept urlencoded square brackets
|
|
- Accept empty values in implicit array notation
|
|
|
|
2.25.0 / 2014-08-05
|
|
===================
|
|
|
|
* deps: body-parser@~1.6.0
|
|
- deps: qs@1.0.2
|
|
* deps: compression@~1.0.10
|
|
- Fix upper-case Content-Type characters prevent compression
|
|
- deps: compressible@~1.1.1
|
|
* deps: csurf@~1.4.0
|
|
- Support changing `req.session` after `csurf` middleware
|
|
- Calling `res.csrfToken()` after `req.session.destroy()` will now work
|
|
* deps: express-session@~1.7.4
|
|
- Fix `res.end` patch to call correct upstream `res.write`
|
|
- Fix response end delay for non-chunked responses
|
|
* deps: qs@1.0.2
|
|
- Complete rewrite
|
|
- Limits array length to 20
|
|
- Limits object depth to 5
|
|
- Limits parameters to 1,000
|
|
* deps: serve-static@~1.5.0
|
|
- Add `extensions` option
|
|
- deps: send@0.8.1
|
|
|
|
2.24.3 / 2014-08-04
|
|
===================
|
|
|
|
* deps: serve-index@~1.1.5
|
|
- Fix Content-Length calculation for multi-byte file names
|
|
- deps: accepts@~1.0.7
|
|
* deps: serve-static@~1.4.4
|
|
- Fix incorrect 403 on Windows and Node.js 0.11
|
|
- deps: send@0.7.4
|
|
|
|
2.24.2 / 2014-07-27
|
|
===================
|
|
|
|
* deps: body-parser@~1.5.2
|
|
* deps: depd@0.4.4
|
|
- Work-around v8 generating empty stack traces
|
|
* deps: express-session@~1.7.2
|
|
* deps: morgan@~1.2.2
|
|
* deps: serve-static@~1.4.2
|
|
|
|
2.24.1 / 2014-07-26
|
|
===================
|
|
|
|
* deps: body-parser@~1.5.1
|
|
* deps: depd@0.4.3
|
|
- Fix exception when global `Error.stackTraceLimit` is too low
|
|
* deps: express-session@~1.7.1
|
|
* deps: morgan@~1.2.1
|
|
* deps: serve-index@~1.1.4
|
|
* deps: serve-static@~1.4.1
|
|
|
|
2.24.0 / 2014-07-22
|
|
===================
|
|
|
|
* deps: body-parser@~1.5.0
|
|
- deps: depd@0.4.2
|
|
- deps: iconv-lite@0.4.4
|
|
- deps: raw-body@1.3.0
|
|
- deps: type-is@~1.3.2
|
|
* deps: compression@~1.0.9
|
|
- Add `debug` messages
|
|
- deps: accepts@~1.0.7
|
|
* deps: connect-timeout@~1.2.1
|
|
- Accept string for `time` (converted by `ms`)
|
|
- deps: debug@1.0.4
|
|
* deps: debug@1.0.4
|
|
* deps: depd@0.4.2
|
|
- Add `TRACE_DEPRECATION` environment variable
|
|
- Remove non-standard grey color from color output
|
|
- Support `--no-deprecation` argument
|
|
- Support `--trace-deprecation` argument
|
|
* deps: express-session@~1.7.0
|
|
- Improve session-ending error handling
|
|
- deps: debug@1.0.4
|
|
- deps: depd@0.4.2
|
|
* deps: finalhandler@0.1.0
|
|
- Respond after request fully read
|
|
- deps: debug@1.0.4
|
|
* deps: method-override@~2.1.2
|
|
- deps: debug@1.0.4
|
|
- deps: parseurl@~1.2.0
|
|
* deps: morgan@~1.2.0
|
|
- Add `:remote-user` token
|
|
- Add `combined` log format
|
|
- Add `common` log format
|
|
- Remove non-standard grey color from `dev` format
|
|
* deps: multiparty@3.3.1
|
|
* deps: parseurl@~1.2.0
|
|
- Cache URLs based on original value
|
|
- Remove no-longer-needed URL mis-parse work-around
|
|
- Simplify the "fast-path" `RegExp`
|
|
* deps: serve-static@~1.4.0
|
|
- Add `dotfiles` option
|
|
- deps: parseurl@~1.2.0
|
|
- deps: send@0.7.0
|
|
|
|
2.23.0 / 2014-07-10
|
|
===================
|
|
|
|
* deps: debug@1.0.3
|
|
- Add support for multiple wildcards in namespaces
|
|
* deps: express-session@~1.6.4
|
|
* deps: method-override@~2.1.0
|
|
- add simple debug output
|
|
- deps: methods@1.1.0
|
|
- deps: parseurl@~1.1.3
|
|
* deps: parseurl@~1.1.3
|
|
- faster parsing of href-only URLs
|
|
* deps: serve-static@~1.3.1
|
|
- deps: parseurl@~1.1.3
|
|
|
|
2.22.0 / 2014-07-03
|
|
===================
|
|
|
|
* deps: csurf@~1.3.0
|
|
- Fix `cookie.signed` option to actually sign cookie
|
|
* deps: express-session@~1.6.1
|
|
- Fix `res.end` patch to return correct value
|
|
- Fix `res.end` patch to handle multiple `res.end` calls
|
|
- Reject cookies with missing signatures
|
|
* deps: multiparty@3.3.0
|
|
- Always emit close after all parts ended
|
|
- Fix callback hang in node.js 0.8 on errors
|
|
* deps: serve-static@~1.3.0
|
|
- Accept string for `maxAge` (converted by `ms`)
|
|
- Add `setHeaders` option
|
|
- Include HTML link in redirect response
|
|
- deps: send@0.5.0
|
|
|
|
2.21.1 / 2014-06-26
|
|
===================
|
|
|
|
* deps: cookie-parser@1.3.2
|
|
- deps: cookie-signature@1.0.4
|
|
* deps: cookie-signature@1.0.4
|
|
- fix for timing attacks
|
|
* deps: express-session@~1.5.2
|
|
- deps: cookie-signature@1.0.4
|
|
* deps: type-is@~1.3.2
|
|
- more mime types
|
|
|
|
2.21.0 / 2014-06-20
|
|
===================
|
|
|
|
* deprecate `connect(middleware)` -- use `app.use(middleware)` instead
|
|
* deprecate `connect.createServer()` -- use `connect()` instead
|
|
* fix `res.setHeader()` patch to work with get -> append -> set pattern
|
|
* deps: compression@~1.0.8
|
|
* deps: errorhandler@~1.1.1
|
|
* deps: express-session@~1.5.0
|
|
- Deprecate integration with `cookie-parser` middleware
|
|
- Deprecate looking for secret in `req.secret`
|
|
- Directly read cookies; `cookie-parser` no longer required
|
|
- Directly set cookies; `res.cookie` no longer required
|
|
- Generate session IDs with `uid-safe`, faster and even less collisions
|
|
* deps: serve-index@~1.1.3
|
|
|
|
2.20.2 / 2014-06-19
|
|
===================
|
|
|
|
* deps: body-parser@1.4.3
|
|
- deps: type-is@1.3.1
|
|
|
|
2.20.1 / 2014-06-19
|
|
===================
|
|
|
|
* deps: type-is@1.3.1
|
|
- fix global variable leak
|
|
|
|
2.20.0 / 2014-06-19
|
|
===================
|
|
|
|
* deprecate `verify` option to `json` -- use `body-parser` npm module instead
|
|
* deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
|
|
* deprecate things with `depd` module
|
|
* use `finalhandler` for final response handling
|
|
* use `media-typer` to parse `content-type` for charset
|
|
* deps: body-parser@1.4.2
|
|
- check accepted charset in content-type (accepts utf-8)
|
|
- check accepted encoding in content-encoding (accepts identity)
|
|
- deprecate `urlencoded()` without provided `extended` option
|
|
- lazy-load urlencoded parsers
|
|
- support gzip and deflate bodies
|
|
- set `inflate: false` to turn off
|
|
- deps: raw-body@1.2.2
|
|
- deps: type-is@1.3.0
|
|
- Support all encodings from `iconv-lite`
|
|
* deps: connect-timeout@1.1.1
|
|
- deps: debug@1.0.2
|
|
* deps: cookie-parser@1.3.1
|
|
- export parsing functions
|
|
- `req.cookies` and `req.signedCookies` are now plain objects
|
|
- slightly faster parsing of many cookies
|
|
* deps: csurf@1.2.2
|
|
* deps: errorhandler@1.1.0
|
|
- Display error on console formatted like `throw`
|
|
- Escape HTML in stack trace
|
|
- Escape HTML in title
|
|
- Fix up edge cases with error sent in response
|
|
- Set `X-Content-Type-Options: nosniff` header
|
|
- Use accepts for negotiation
|
|
* deps: express-session@1.4.0
|
|
- Add `genid` option to generate custom session IDs
|
|
- Add `saveUninitialized` option to control saving uninitialized sessions
|
|
- Add `unset` option to control unsetting `req.session`
|
|
- Generate session IDs with `rand-token` by default; reduce collisions
|
|
- Integrate with express "trust proxy" by default
|
|
- deps: buffer-crc32@0.2.3
|
|
- deps: debug@1.0.2
|
|
* deps: multiparty@3.2.9
|
|
* deps: serve-index@1.1.2
|
|
- deps: batch@0.5.1
|
|
* deps: type-is@1.3.0
|
|
- improve type parsing
|
|
* deps: vhost@2.0.0
|
|
- Accept `RegExp` object for `hostname`
|
|
- Provide `req.vhost` object
|
|
- Support IPv6 literal in `Host` header
|
|
|
|
2.19.6 / 2014-06-11
|
|
===================
|
|
|
|
* deps: body-parser@1.3.1
|
|
- deps: type-is@1.2.1
|
|
* deps: compression@1.0.7
|
|
- use vary module for better `Vary` behavior
|
|
- deps: accepts@1.0.3
|
|
- deps: compressible@1.1.0
|
|
* deps: debug@1.0.2
|
|
* deps: serve-index@1.1.1
|
|
- deps: accepts@1.0.3
|
|
* deps: serve-static@1.2.3
|
|
- Do not throw un-catchable error on file open race condition
|
|
- deps: send@0.4.3
|
|
|
|
2.19.5 / 2014-06-09
|
|
===================
|
|
|
|
* deps: csurf@1.2.1
|
|
- refactor to use csrf-tokens@~1.0.2
|
|
* deps: debug@1.0.1
|
|
* deps: serve-static@1.2.2
|
|
- fix "event emitter leak" warnings
|
|
- deps: send@0.4.2
|
|
* deps: type-is@1.2.1
|
|
- Switch dependency from `mime` to `mime-types@1.0.0`
|
|
|
|
2.19.4 / 2014-06-05
|
|
===================
|
|
|
|
* deps: errorhandler@1.0.2
|
|
- Pass on errors from reading error files
|
|
* deps: method-override@2.0.2
|
|
- use vary module for better `Vary` behavior
|
|
* deps: serve-favicon@2.0.1
|
|
- Reduce byte size of `ETag` header
|
|
|
|
2.19.3 / 2014-06-03
|
|
===================
|
|
|
|
* deps: compression@1.0.6
|
|
- fix listeners for delayed stream creation
|
|
- fix regression for certain `stream.pipe(res)` situations
|
|
- fix regression when negotiation fails
|
|
|
|
2.19.2 / 2014-06-03
|
|
===================
|
|
|
|
* deps: compression@1.0.4
|
|
- fix adding `Vary` when value stored as array
|
|
- fix back-pressure behavior
|
|
- fix length check for `res.end`
|
|
|
|
2.19.1 / 2014-06-02
|
|
===================
|
|
|
|
* fix deprecated `utils.escape`
|
|
|
|
2.19.0 / 2014-06-02
|
|
===================
|
|
|
|
* deprecate `methodOverride()` -- use `method-override` npm module instead
|
|
* deps: body-parser@1.3.0
|
|
- add `extended` option to urlencoded parser
|
|
* deps: method-override@2.0.1
|
|
- set `Vary` header
|
|
- deps: methods@1.0.1
|
|
* deps: multiparty@3.2.8
|
|
* deps: response-time@2.0.0
|
|
- add `digits` argument
|
|
- do not override existing `X-Response-Time` header
|
|
- timer not subject to clock drift
|
|
- timer resolution down to nanoseconds
|
|
* deps: serve-static@1.2.1
|
|
- send max-age in Cache-Control in correct format
|
|
- use `escape-html` for escaping
|
|
- deps: send@0.4.1
|
|
|
|
2.18.0 / 2014-05-29
|
|
===================
|
|
|
|
* deps: compression@1.0.3
|
|
* deps: serve-index@1.1.0
|
|
- Fix content negotiation when no `Accept` header
|
|
- Properly support all HTTP methods
|
|
- Support vanilla node.js http servers
|
|
- Treat `ENAMETOOLONG` as code 414
|
|
- Use accepts for negotiation
|
|
* deps: serve-static@1.2.0
|
|
- Calculate ETag with md5 for reduced collisions
|
|
- Fix wrong behavior when index file matches directory
|
|
- Ignore stream errors after request ends
|
|
- Skip directories in index file search
|
|
- deps: send@0.4.0
|
|
|
|
2.17.3 / 2014-05-27
|
|
===================
|
|
|
|
* deps: express-session@1.2.1
|
|
- Fix `resave` such that `resave: true` works
|
|
|
|
2.17.2 / 2014-05-27
|
|
===================
|
|
|
|
* deps: body-parser@1.2.2
|
|
- invoke `next(err)` after request fully read
|
|
- deps: raw-body@1.1.6
|
|
* deps: method-override@1.0.2
|
|
- Handle `req.body` key referencing array or object
|
|
- Handle multiple HTTP headers
|
|
|
|
2.17.1 / 2014-05-21
|
|
===================
|
|
|
|
* fix `res.charset` appending charset when `content-type` has one
|
|
|
|
2.17.0 / 2014-05-20
|
|
===================
|
|
|
|
* deps: express-session@1.2.0
|
|
- Add `resave` option to control saving unmodified sessions
|
|
* deps: morgan@1.1.1
|
|
- "dev" format will use same tokens as other formats
|
|
- `:response-time` token is now empty when immediate used
|
|
- `:response-time` token is now monotonic
|
|
- `:response-time` token has precision to 1 μs
|
|
- fix `:status` + immediate output in node.js 0.8
|
|
- improve `buffer` option to prevent indefinite event loop holding
|
|
- simplify method to get remote address
|
|
- deps: bytes@1.0.0
|
|
* deps: serve-index@1.0.3
|
|
- Fix error from non-statable files in HTML view
|
|
|
|
2.16.2 / 2014-05-18
|
|
===================
|
|
|
|
* fix edge-case in `res.appendHeader` that would append in wrong order
|
|
* deps: method-override@1.0.1
|
|
|
|
2.16.1 / 2014-05-17
|
|
===================
|
|
|
|
* remove usages of `res.headerSent` from core
|
|
|
|
2.16.0 / 2014-05-17
|
|
===================
|
|
|
|
* deprecate `res.headerSent` -- use `res.headersSent`
|
|
* deprecate `res.on("header")` -- use on-headers module instead
|
|
* fix `connect.version` to reflect the actual version
|
|
* json: use body-parser
|
|
- add `type` option
|
|
- fix repeated limit parsing with every request
|
|
- improve parser speed
|
|
* urlencoded: use body-parser
|
|
- add `type` option
|
|
- fix repeated limit parsing with every request
|
|
* dep: bytes@1.0.0
|
|
* add negative support
|
|
* dep: cookie-parser@1.1.0
|
|
- deps: cookie@0.1.2
|
|
* dep: csurf@1.2.0
|
|
- add support for double-submit cookie
|
|
* dep: express-session@1.1.0
|
|
- Add `name` option; replacement for `key` option
|
|
- Use `setImmediate` in MemoryStore for node.js >= 0.10
|
|
|
|
2.15.0 / 2014-05-04
|
|
===================
|
|
|
|
* Add simple `res.cookie` support
|
|
* Add `res.appendHeader`
|
|
* Call error stack even when response has been sent
|
|
* Patch `res.headerSent` to return Boolean
|
|
* Patch `res.headersSent` for node.js 0.8
|
|
* Prevent default 404 handler after response sent
|
|
* dep: compression@1.0.2
|
|
* support headers given to `res.writeHead`
|
|
* deps: bytes@0.3.0
|
|
* deps: negotiator@0.4.3
|
|
* dep: connect-timeout@1.1.0
|
|
* Add `req.timedout` property
|
|
* Add `respond` option to constructor
|
|
* Clear timer on socket destroy
|
|
* deps: debug@0.8.1
|
|
* dep: debug@^0.8.0
|
|
* add `enable()` method
|
|
* change from stderr to stdout
|
|
* dep: errorhandler@1.0.1
|
|
* Clean up error CSS
|
|
* Do not respond after headers sent
|
|
* dep: express-session@1.0.4
|
|
* Remove import of `setImmediate`
|
|
* Use `res.cookie()` instead of `res.setHeader()`
|
|
* deps: cookie@0.1.2
|
|
* deps: debug@0.8.1
|
|
* dep: morgan@1.0.1
|
|
* Make buffer unique per morgan instance
|
|
* deps: bytes@0.3.0
|
|
* dep: serve-favicon@2.0.0
|
|
* Accept `Buffer` of icon as first argument
|
|
* Non-GET and HEAD requests are denied
|
|
* Send valid max-age value
|
|
* Support conditional requests
|
|
* Support max-age=0
|
|
* Support OPTIONS method
|
|
* Throw if `path` argument is directory
|
|
* dep: serve-index@1.0.2
|
|
* Add stylesheet option
|
|
* deps: negotiator@0.4.3
|
|
|
|
2.14.5 / 2014-04-24
|
|
===================
|
|
|
|
* dep: raw-body@1.1.4
|
|
* allow true as an option
|
|
* deps: bytes@0.3.0
|
|
* dep: serve-static@1.1.0
|
|
* Accept options directly to `send` module
|
|
* deps: send@0.3.0
|
|
|
|
2.14.4 / 2014-04-07
|
|
===================
|
|
|
|
* dep: bytes@0.3.0
|
|
* added terabyte support
|
|
* dep: csurf@1.1.0
|
|
* add constant-time string compare
|
|
* dep: serve-static@1.0.4
|
|
* Resolve relative paths at middleware setup
|
|
* Use parseurl to parse the URL from request
|
|
* fix node.js 0.8 compatibility with memory session
|
|
|
|
2.14.3 / 2014-03-18
|
|
===================
|
|
|
|
* dep: static-favicon@1.0.2
|
|
* Fixed content of default icon
|
|
|
|
2.14.2 / 2014-03-11
|
|
===================
|
|
|
|
* dep: static-favicon@1.0.1
|
|
* Fixed path to default icon
|
|
|
|
2.14.1 / 2014-03-06
|
|
===================
|
|
|
|
* dep: fresh@0.2.2
|
|
* no real changes
|
|
* dep: serve-index@1.0.1
|
|
* deps: negotiator@0.4.2
|
|
* dep: serve-static@1.0.2
|
|
* deps: send@0.2.0
|
|
|
|
2.14.0 / 2014-03-05
|
|
===================
|
|
|
|
* basicAuth: use basic-auth-connect
|
|
* cookieParser: use cookie-parser
|
|
* compress: use compression
|
|
* csrf: use csurf
|
|
* dep: cookie-signature@1.0.3
|
|
* directory: use serve-index
|
|
* errorHandler: use errorhandler
|
|
* favicon: use static-favicon
|
|
* logger: use morgan
|
|
* methodOverride: use method-override
|
|
* responseTime: use response-time
|
|
* session: use express-session
|
|
* static: use serve-static
|
|
* timeout: use connect-timeout
|
|
* vhost: use vhost
|
|
|
|
2.13.1 / 2014-03-05
|
|
===================
|
|
|
|
* cookieSession: compare full value rather than crc32
|
|
* deps: raw-body@1.1.3
|
|
|
|
2.13.0 / 2014-02-14
|
|
===================
|
|
|
|
* fix typo in memory store warning #974 @rvagg
|
|
* compress: use compressible
|
|
* directory: add template option #990 @gottaloveit @Earl-Brown
|
|
* csrf: prevent deprecated warning with old sessions
|
|
|
|
2.12.0 / 2013-12-10
|
|
===================
|
|
|
|
* bump qs
|
|
* directory: sort folders before files
|
|
* directory: add folder icons
|
|
* directory: de-duplicate icons, details/mobile views #968 @simov
|
|
* errorHandler: end default 404 handler with a newline #972 @rlidwka
|
|
* session: remove long cookie expire check #870 @undoZen
|
|
|
|
2.11.2 / 2013-12-01
|
|
===================
|
|
|
|
* bump raw-body
|
|
|
|
2.11.1 / 2013-11-27
|
|
===================
|
|
|
|
* bump raw-body
|
|
* errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma
|
|
|
|
2.11.0 / 2013-10-29
|
|
===================
|
|
|
|
* update bytes
|
|
* update uid2
|
|
* update negotiator
|
|
* sessions: add rolling session option #944 @ilmeo
|
|
* sessions: property set cookies when given FQDN
|
|
* cookieSessions: properly set cookies when given FQDN #948 @bmancini55
|
|
* proto: fix FQDN mounting when multiple handlers #945 @bmancini55
|
|
|
|
2.10.1 / 2013-10-23
|
|
===================
|
|
|
|
* fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson)
|
|
|
|
2.10.0 / 2013-10-22
|
|
===================
|
|
|
|
* fixed: set headers written by writeHead before emitting 'header'
|
|
* fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson)
|
|
* fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson)
|
|
* fixed: fix static directory redirect for mount's root #937 (@dougwilson)
|
|
* fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123)
|
|
* bodyParser: optional verify function for urlencoded and json parsers for signing request bodies
|
|
* compress: compress checks content-length to check threshold
|
|
* compress: expose `res.flush()` for flushing responses
|
|
* cookieParser: pass options into node-cookie #803 (@cauldrath)
|
|
* errorHandler: replace `\n`s with `<br/>`s in error handler
|
|
|
|
2.9.2 / 2013-10-18
|
|
==================
|
|
|
|
* warn about multiparty and limit middleware deprecation for v3
|
|
* fix fully qualified domain name mounting. #920 (@dougwilson)
|
|
* directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson)
|
|
* logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson)
|
|
|
|
2.9.1 / 2013-10-15
|
|
==================
|
|
|
|
* update multiparty
|
|
* compress: Set vary header only if Content-Type passes filter #904
|
|
* directory: Fix directory middleware URI escaping #917 (@dougwilson)
|
|
* directory: Fix directory seperators for Windows #914 (@dougwilson)
|
|
* directory: Keep query string intact during directory redirect #913 (@dougwilson)
|
|
* directory: Fix paths in links #730 (@JacksonTian)
|
|
* errorHandler: Don't escape text/plain as HTML #875 (@johan)
|
|
* logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson)
|
|
* logger: Log even when connections are aborted #760 (@dylanahsmith)
|
|
* methodOverride: Check req.body is an object #907 (@kbjr)
|
|
* multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson)
|
|
* multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce)
|
|
|
|
2.9.0 / 2013-09-07
|
|
==================
|
|
|
|
* multipart: add docs regarding tmpfiles
|
|
* multipart: add .name back to file parts
|
|
* multipart: use multiparty instead of formidable
|
|
|
|
2.8.8 / 2013-09-02
|
|
==================
|
|
|
|
* csrf: change to math.random() salt and remove csrfToken() callback
|
|
|
|
2.8.7 / 2013-08-28
|
|
==================
|
|
|
|
* csrf: prevent salt generation on every request, and add async req.csrfToken(fn)
|
|
|
|
2.8.6 / 2013-08-28
|
|
==================
|
|
|
|
* csrf: refactor to use HMAC tokens (BREACH attack)
|
|
* compress: add compression of SVG and common font files by default.
|
|
|
|
2.8.5 / 2013-08-11
|
|
==================
|
|
|
|
* add: compress Dart source files by default
|
|
* update fresh
|
|
|
|
2.8.4 / 2013-07-08
|
|
==================
|
|
|
|
* update send
|
|
|
|
2.8.3 / 2013-07-04
|
|
==================
|
|
|
|
* add a name back to static middleware ("staticMiddleware")
|
|
* fix .hasBody() utility to require transfer-encoding or content-length
|
|
|
|
2.8.2 / 2013-07-03
|
|
==================
|
|
|
|
* update send
|
|
* update cookie dep.
|
|
* add better debug() for middleware
|
|
* add whitelisting of supported methods to methodOverride()
|
|
|
|
2.8.1 / 2013-06-27
|
|
==================
|
|
|
|
* fix: escape req.method in 404 response
|
|
|
|
2.8.0 / 2013-06-26
|
|
==================
|
|
|
|
* add `threshold` option to `compress()` to prevent compression of small responses
|
|
* add support for vendor JSON mime types in json()
|
|
* add X-Forwarded-Proto initial https proxy support
|
|
* change static redirect to 303
|
|
* change octal escape sequences for strict mode
|
|
* change: replace utils.uid() with uid2 lib
|
|
* remove other "static" function name. Fixes #794
|
|
* fix: hasBody() should return false if Content-Length: 0
|
|
|
|
2.7.11 / 2013-06-02
|
|
==================
|
|
|
|
* update send
|
|
|
|
2.7.10 / 2013-05-21
|
|
==================
|
|
|
|
* update qs
|
|
* update formidable
|
|
* fix: write/end to noop() when request aborted
|
|
|
|
2.7.9 / 2013-05-07
|
|
==================
|
|
|
|
* update qs
|
|
* drop support for node < v0.8
|
|
|
|
2.7.8 / 2013-05-03
|
|
==================
|
|
|
|
* update qs
|
|
|
|
2.7.7 / 2013-04-29
|
|
==================
|
|
|
|
* update qs dependency
|
|
* remove "static" function name. Closes #794
|
|
* update node-formidable
|
|
* update buffer-crc32
|
|
|
|
2.7.6 / 2013-04-15
|
|
==================
|
|
|
|
* revert cookie signature which was creating session race conditions
|
|
|
|
2.7.5 / 2013-04-12
|
|
==================
|
|
|
|
* update cookie-signature
|
|
* limit: do not consume request in node 0.10.x
|
|
|
|
2.7.4 / 2013-04-01
|
|
==================
|
|
|
|
* session: add long expires check and prevent excess set-cookie
|
|
* session: add console.error() of session#save() errors
|
|
|
|
2.7.3 / 2013-02-19
|
|
==================
|
|
|
|
* add name to compress middleware
|
|
* add appending Accept-Encoding to Vary when set but missing
|
|
* add tests for csrf middleware
|
|
* add 'next' support for connect() server handler
|
|
* change utils.uid() to return url-safe chars. Closes #753
|
|
* fix treating '.' as a regexp in vhost()
|
|
* fix duplicate bytes dep in package.json. Closes #743
|
|
* fix #733 - parse x-forwarded-proto in a more generally compatibly way
|
|
* revert "add support for `next(status[, msg])`"; makes composition hard
|
|
|
|
2.7.2 / 2013-01-04
|
|
==================
|
|
|
|
* add support for `next(status[, msg])` back
|
|
* add utf-8 meta tag to support foreign characters in filenames/directories
|
|
* change `timeout()` 408 to 503
|
|
* replace 'node-crc' with 'buffer-crc32', fixes licensing
|
|
* fix directory.html IE support
|
|
|
|
2.7.1 / 2012-12-05
|
|
==================
|
|
|
|
* add directory() tests
|
|
* add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely)
|
|
* fix errorHandler signature
|
|
|
|
2.7.0 / 2012-11-13
|
|
==================
|
|
|
|
* add support for leading JSON whitespace
|
|
* add logging of `req.ip` when present
|
|
* add basicAuth support for `:`-delimited string
|
|
* update cookie module. Closes #688
|
|
|
|
2.6.2 / 2012-11-01
|
|
==================
|
|
|
|
* add `debug()` for disconnected session store
|
|
* fix session regeneration bug. Closes #681
|
|
|
|
2.6.1 / 2012-10-25
|
|
==================
|
|
|
|
* add passing of `connect.timeout()` errors to `next()`
|
|
* replace signature utils with cookie-signature module
|
|
|
|
2.6.0 / 2012-10-09
|
|
==================
|
|
|
|
* add `defer` option to `multipart()` [Blake Miner]
|
|
* fix mount path case sensitivity. Closes #663
|
|
* fix default of ascii encoding from `logger()`, now utf8. Closes #293
|
|
|
|
2.5.0 / 2012-09-27
|
|
==================
|
|
|
|
* add `err.status = 400` to multipart() errors
|
|
* add double-encoding protection to `compress()`. Closes #659
|
|
* add graceful handling cookie parsing errors [shtylman]
|
|
* fix typo X-Response-time to X-Response-Time
|
|
|
|
2.4.6 / 2012-09-18
|
|
==================
|
|
|
|
* update qs
|
|
|
|
2.4.5 / 2012-09-03
|
|
==================
|
|
|
|
* add session store "connect" / "disconnect" support [louischatriot]
|
|
* fix `:url` log token
|
|
|
|
2.4.4 / 2012-08-21
|
|
==================
|
|
|
|
* fix `static()` pause regression from "send" integration
|
|
|
|
2.4.3 / 2012-08-07
|
|
==================
|
|
|
|
* fix `.write()` encoding for zlib inconstancy. Closes #561
|
|
|
|
2.4.2 / 2012-07-25
|
|
==================
|
|
|
|
* remove limit default from `urlencoded()`
|
|
* remove limit default from `json()`
|
|
* remove limit default from `multipart()`
|
|
* fix `cookieSession()` clear cookie path / domain bug. Closes #636
|
|
|
|
2.4.1 / 2012-07-24
|
|
==================
|
|
|
|
* fix `options` mutation in `static()`
|
|
|
|
2.4.0 / 2012-07-23
|
|
==================
|
|
|
|
* add `connect.timeout()`
|
|
* add __GET__ / __HEAD__ check to `directory()`. Closes #634
|
|
* add "pause" util dep
|
|
* update send dep for normalization bug
|
|
|
|
2.3.9 / 2012-07-16
|
|
==================
|
|
|
|
* add more descriptive invalid json error message
|
|
* update send dep for root normalization regression
|
|
* fix staticCache fresh dep
|
|
|
|
2.3.8 / 2012-07-12
|
|
==================
|
|
|
|
* fix `connect.static()` 404 regression, pass `next()`. Closes #629
|
|
|
|
2.3.7 / 2012-07-05
|
|
==================
|
|
|
|
* add `json()` utf-8 illustration test. Closes #621
|
|
* add "send" dependency
|
|
* change `connect.static()` internals to use "send"
|
|
* fix `session()` req.session generation with pathname mismatch
|
|
* fix `cookieSession()` req.session generation with pathname mismatch
|
|
* fix mime export. Closes #618
|
|
|
|
2.3.6 / 2012-07-03
|
|
==================
|
|
|
|
* Fixed cookieSession() with cookieParser() secret regression. Closes #602
|
|
* Fixed set-cookie header fields on cookie.path mismatch. Closes #615
|
|
|
|
2.3.5 / 2012-06-28
|
|
==================
|
|
|
|
* Remove `logger()` mount check
|
|
* Fixed `staticCache()` dont cache responses with set-cookie. Closes #607
|
|
* Fixed `staticCache()` when Cookie is present
|
|
|
|
2.3.4 / 2012-06-22
|
|
==================
|
|
|
|
* Added `err.buf` to urlencoded() and json()
|
|
* Update cookie to 0.0.4. Closes #604
|
|
* Fixed: only send 304 if original response in 2xx or 304 [timkuijsten]
|
|
|
|
2.3.3 / 2012-06-11
|
|
==================
|
|
|
|
* Added ETags back to `static()` [timkuijsten]
|
|
* Replaced `utils.parseRange()` with `range-parser` module
|
|
* Replaced `utils.parseBytes()` with `bytes` module
|
|
* Replaced `utils.modified()` with `fresh` module
|
|
* Fixed `cookieSession()` regression with invalid cookie signing [shtylman]
|
|
|
|
2.3.2 / 2012-06-08
|
|
==================
|
|
|
|
* expose mime module
|
|
* Update crc dep (which bundled nodeunit)
|
|
|
|
2.3.1 / 2012-06-06
|
|
==================
|
|
|
|
* Added `secret` option to `cookieSession` middleware [shtylman]
|
|
* Added `secret` option to `session` middleware [shtylman]
|
|
* Added `req.remoteUser` back to `basicAuth()` as alias of `req.user`
|
|
* Performance: improve signed cookie parsing
|
|
* Update `cookie` dependency [shtylman]
|
|
|
|
2.3.0 / 2012-05-20
|
|
==================
|
|
|
|
* Added limit option to `json()`
|
|
* Added limit option to `urlencoded()`
|
|
* Added limit option to `multipart()`
|
|
* Fixed: remove socket error event listener on callback
|
|
* Fixed __ENOTDIR__ error on `static` middleware
|
|
|
|
2.2.2 / 2012-05-07
|
|
==================
|
|
|
|
* Added support to csrf middle for pre-flight CORS requests
|
|
* Updated `engines` to allow newer version of node
|
|
* Removed duplicate repo prop. Closes #560
|
|
|
|
2.2.1 / 2012-04-28
|
|
==================
|
|
|
|
* Fixed `static()` redirect when mounted. Closes #554
|
|
|
|
2.2.0 / 2012-04-25
|
|
==================
|
|
|
|
* Added `make benchmark`
|
|
* Perf: memoize url parsing (~20% increase)
|
|
* Fixed `connect(fn, fn2, ...)`. Closes #549
|
|
|
|
2.1.3 / 2012-04-20
|
|
==================
|
|
|
|
* Added optional json() `reviver` function to be passed to JSON.parse [jed]
|
|
* Fixed: emit drain in compress middleware [nsabovic]
|
|
|
|
2.1.2 / 2012-04-11
|
|
==================
|
|
|
|
* Fixed cookieParser() `req.cookies` regression
|
|
|
|
2.1.1 / 2012-04-11
|
|
==================
|
|
|
|
* Fixed `session()` browser-session length cookies & examples
|
|
* Fixed: make `query()` "self-aware" [jed]
|
|
|
|
2.1.0 / 2012-04-05
|
|
==================
|
|
|
|
* Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`)
|
|
* Added `urlencoded()` support for GET
|
|
* Added `json()` support for GET. Closes #497
|
|
* Added `strict` option to `json()`
|
|
* Changed: `session()` only set-cookie when modified
|
|
* Removed `Session#lastAccess` property. Closes #399
|
|
|
|
2.0.3 / 2012-03-20
|
|
==================
|
|
|
|
* Added: `cookieSession()` only sets cookie on change. Closes #442
|
|
* Added `connect:dispatcher` debug() probes
|
|
|
|
2.0.2 / 2012-03-04
|
|
==================
|
|
|
|
* Added test for __ENAMETOOLONG__ now that node is fixed
|
|
* Fixed static() index "/" check on windows. Closes #498
|
|
* Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]
|
|
|
|
2.0.1 / 2012-02-29
|
|
==================
|
|
|
|
* Added test coverage for `vhost()` middleware
|
|
* Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov]
|
|
* Fixed `static()` Range: respond with 416 when unsatisfiable
|
|
* Fixed `vhost()` middleware. Closes #494
|
|
|
|
2.0.0 / 2011-10-05
|
|
==================
|
|
|
|
* Added `cookieSession()` middleware for cookie-only sessions
|
|
* Added `compress()` middleware for gzip / deflate support
|
|
* Added `session()` "proxy" setting to trust `X-Forwarded-Proto`
|
|
* Added `json()` middleware to parse "application/json"
|
|
* Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded"
|
|
* Added `multipart()` middleware to parse "multipart/form-data"
|
|
* Added `cookieParser(secret)` support so anything using this middleware may access signed cookies
|
|
* Added signed cookie support to `cookieParser()`
|
|
* Added support for JSON-serialized cookies to `cookieParser()`
|
|
* Added `err.status` support in Connect's default end-point
|
|
* Added X-Cache MISS / HIT to `staticCache()`
|
|
* Added public `res.headerSent` checking nodes `res._headerSent` until node does
|
|
* Changed `basicAuth()` req.remoteUser to req.user
|
|
* Changed: default `session()` to a browser-session cookie. Closes #475
|
|
* Changed: no longer lowercase cookie names
|
|
* Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()`
|
|
* Changed: `errorHandler()` is now a development-only middleware
|
|
* Changed middleware to `next()` errors when possible so applications can unify logging / handling
|
|
* Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https
|
|
* Removed `.createServer()` (use `connect()`)
|
|
* Removed `secret` option from `session()`, use `cookieParser(secret)`
|
|
* Removed `connect.session.ignore` array support
|
|
* Removed `router()` middleware. Closes #262
|
|
* Fixed: set-cookie only once for browser-session cookies
|
|
* Fixed FQDN support. dont add leading "/"
|
|
* Fixed 404 XSS attack vector. Closes #473
|
|
* Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point
|
|
|
|
1.8.5 / 2011-12-22
|
|
==================
|
|
|
|
* Fixed: actually allow empty body for json
|
|
|
|
1.8.4 / 2011-12-22
|
|
==================
|
|
|
|
* Changed: allow empty body for json/urlencoded requests. Backport for #443
|
|
|
|
1.8.3 / 2011-12-16
|
|
==================
|
|
|
|
* Fixed `static()` _index.html_ support on windows
|
|
|
|
1.8.2 / 2011-12-03
|
|
==================
|
|
|
|
* Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]
|
|
|
|
1.8.1 / 2011-11-21
|
|
==================
|
|
|
|
* Added nesting support for _multipart/form-data_ [jackyz]
|
|
|
|
1.8.0 / 2011-11-17
|
|
==================
|
|
|
|
* Added _multipart/form-data_ support to `bodyParser()` using formidable
|
|
|
|
1.7.3 / 2011-11-11
|
|
==================
|
|
|
|
* Fixed `req.body`, always default to {}
|
|
* Fixed HEAD support for 404s and 500s
|
|
|
|
1.7.2 / 2011-10-24
|
|
==================
|
|
|
|
* "node": ">= 0.4.1 < 0.7.0"
|
|
* Added `static()` redirect option. Closes #398
|
|
* Changed `limit()`: respond with 413 when content-length exceeds the limit
|
|
* Removed socket error listener in static(). Closes #389
|
|
* Fixed `staticCache()` Age header field
|
|
* Fixed race condition causing errors reported in #329.
|
|
|
|
1.7.1 / 2011-09-12
|
|
==================
|
|
|
|
* Added: make `Store` inherit from `EventEmitter`
|
|
* Added session `Store#load(sess, fn)` to fetch a `Session` instance
|
|
* Added backpressure support to `staticCache()`
|
|
* Changed `res.socket.destroy()` to `req.socket.destroy()`
|
|
|
|
1.7.0 / 2011-08-31
|
|
==================
|
|
|
|
* Added `staticCache()` middleware, a memory cache for `static()`
|
|
* Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this)
|
|
* Changed: ignore error handling middleware when header is sent
|
|
* Changed: dispatcher errors after header is sent destroy the sock
|
|
|
|
1.6.4 / 2011-08-26
|
|
==================
|
|
|
|
* Revert "Added double-next reporting"
|
|
|
|
1.6.3 / 2011-08-26
|
|
==================
|
|
|
|
* Added double-`next()` reporting
|
|
* Added `immediate` option to `logger()`. Closes #321
|
|
* Dependency `qs >= 0.3.1`
|
|
|
|
1.6.2 / 2011-08-11
|
|
==================
|
|
|
|
* Fixed `connect.static()` null byte vulnerability
|
|
* Fixed `connect.directory()` null byte vulnerability
|
|
* Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289
|
|
|
|
1.6.1 / 2011-08-03
|
|
==================
|
|
|
|
* Added: allow retval `== null` from logger callback to ignore line
|
|
* Added `getOnly` option to `connect.static.send()`
|
|
* Added response "header" event allowing augmentation
|
|
* Added `X-CSRF-Token` header field check
|
|
* Changed dep `qs >= 0.3.0`
|
|
* Changed: persist csrf token. Closes #322
|
|
* Changed: sort directory middleware files alphabetically
|
|
|
|
1.6.0 / 2011-07-10
|
|
==================
|
|
|
|
* Added :response-time to "dev" logger format
|
|
* Added simple `csrf()` middleware. Closes #315
|
|
* Fixed `res._headers` logger regression. Closes #318
|
|
* Removed support for multiple middleware being passed to `.use()`
|
|
|
|
1.5.2 / 2011-07-06
|
|
==================
|
|
|
|
* Added `filter` function option to `directory()` [David Rio Deiros]
|
|
* Changed: re-write of the `logger()` middleware, with extensible tokens and formats
|
|
* Changed: `static.send()` ".." in path without root considered malicious
|
|
* Fixed quotes in docs. Closes #312
|
|
* Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison]
|
|
|
|
|
|
1.5.1 / 2011-06-20
|
|
==================
|
|
|
|
* Added malicious path check to `directory()` middleware
|
|
* Added `utils.forbidden(res)`
|
|
* Added `connect.query()` middleware
|
|
|
|
1.5.0 / 2011-06-20
|
|
==================
|
|
|
|
* Added `connect.directory()` middleware for serving directory listings
|
|
|
|
1.4.6 / 2011-06-18
|
|
==================
|
|
|
|
* Fixed `connect.static()` root with `..`
|
|
* Fixed `connect.static()` __EBADF__
|
|
|
|
1.4.5 / 2011-06-17
|
|
==================
|
|
|
|
* Fixed EBADF in `connect.static()`. Closes #297
|
|
|
|
1.4.4 / 2011-06-16
|
|
==================
|
|
|
|
* Changed `connect.static()` to check resolved dirname. Closes #294
|
|
|
|
1.4.3 / 2011-06-06
|
|
==================
|
|
|
|
* Fixed fd leak in `connect.static()` when the socket is closed
|
|
* Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285
|
|
|
|
1.4.2 / 2011-05-27
|
|
==================
|
|
|
|
* Changed to `devDependencies`
|
|
* Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen]
|
|
* Fixed Win32 support for `static()`
|
|
* Fixed monkey-patch issue. Closes #261
|
|
|
|
1.4.1 / 2011-05-08
|
|
==================
|
|
|
|
* Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251
|
|
* Fixed `errorHandler` middleware for missing stack traces. [aseemk]
|
|
#274
|
|
|
|
1.4.0 / 2011-04-25
|
|
==================
|
|
|
|
* Added route-middleware `next('route')` support to jump passed the route itself
|
|
* Added Content-Length support to `limit()`
|
|
* Added route-specific middleware support (used to be in express)
|
|
* Changed; refactored duplicate session logic
|
|
* Changed; prevent redefining `store.generate` per request
|
|
* Fixed; `static()` does not set Content-Type when explicitly set [nateps]
|
|
* Fixed escape `errorHandler()` {error} contents
|
|
* NOTE: `router` will be removed in 2.0
|
|
|
|
|
|
1.3.0 / 2011-04-06
|
|
==================
|
|
|
|
* Added `router.remove(path[, method])` to remove a route
|
|
|
|
1.2.3 / 2011-04-05
|
|
==================
|
|
|
|
* Fixed basicAuth realm issue when passing strings. Closes #253
|
|
|
|
1.2.2 / 2011-04-05
|
|
==================
|
|
|
|
* Added `basicAuth(username, password)` support
|
|
* Added `errorHandler.title` defaulting to "Connect"
|
|
* Changed `errorHandler` css
|
|
|
|
1.2.1 / 2011-03-30
|
|
==================
|
|
|
|
* Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl]
|
|
|
|
1.2.0 / 2011-03-30
|
|
==================
|
|
|
|
* Added `router.lookup(path[, method])`
|
|
* Added `router.match(url[, method])`
|
|
* Added basicAuth async support. Closes #223
|
|
|
|
1.1.5 / 2011-03-27
|
|
==================
|
|
|
|
* Added; allow `logger()` callback function to return an empty string to ignore logging
|
|
* Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245
|
|
|
|
1.1.4 / 2011-03-23
|
|
==================
|
|
|
|
* Added `logger()` support for format function
|
|
* Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x
|
|
|
|
1.1.3 / 2011-03-21
|
|
==================
|
|
|
|
* Changed; `limit()` now calls `req.destroy()`
|
|
|
|
1.1.2 / 2011-03-21
|
|
==================
|
|
|
|
* Added request "limit" event to `limit()` middleware
|
|
* Changed; `limit()` middleware will `next(err)` on failure
|
|
|
|
1.1.1 / 2011-03-18
|
|
==================
|
|
|
|
* Fixed session middleware for HTTPS. Closes #241 [reported by mt502]
|
|
|
|
1.1.0 / 2011-03-17
|
|
==================
|
|
|
|
* Added `Session#reload(fn)`
|
|
|
|
1.0.6 / 2011-03-09
|
|
==================
|
|
|
|
* Fixed `res.setHeader()` patch, preserve casing
|
|
|
|
1.0.5 / 2011-03-09
|
|
==================
|
|
|
|
* Fixed; `logger()` using `req.originalUrl` instead of `req.url`
|
|
|
|
1.0.4 / 2011-03-09
|
|
==================
|
|
|
|
* Added `res.charset`
|
|
* Added conditional sessions example
|
|
* Added support for `session.ignore` to be replaced. Closes #227
|
|
* Fixed `Cache-Control` delimiters. Closes #228
|
|
|
|
1.0.3 / 2011-03-03
|
|
==================
|
|
|
|
* Fixed; `static.send()` invokes callback with connection error
|
|
|
|
1.0.2 / 2011-03-02
|
|
==================
|
|
|
|
* Fixed exported connect function
|
|
* Fixed package.json; node ">= 0.4.1 < 0.5.0"
|
|
|
|
1.0.1 / 2011-03-02
|
|
==================
|
|
|
|
* Added `Session#save(fn)`. Closes #213
|
|
* Added callback support to `connect.static.send()` for express
|
|
* Added `connect.static.send()` "path" option
|
|
* Fixed content-type in `static()` for _index.html_
|
|
|
|
1.0.0 / 2011-03-01
|
|
==================
|
|
|
|
* Added `stack`, `message`, and `dump` errorHandler option aliases
|
|
* Added `req.originalMethod` to methodOverride
|
|
* Added `favicon()` maxAge option support
|
|
* Added `connect()` alternative to `connect.createServer()`
|
|
* Added new [documentation](http://senchalabs.github.com/connect)
|
|
* Added Range support to `static()`
|
|
* Added HTTPS support
|
|
* Rewrote session middleware. The session API now allows for
|
|
session-specific cookies, so you may alter each individually.
|
|
Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html).
|
|
* Added middleware self-awareness. This helps prevent
|
|
middleware breakage when used within mounted servers.
|
|
For example `cookieParser()` will not parse cookies more
|
|
than once even when within a mounted server.
|
|
* Added new examples in the `./examples` directory
|
|
* Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware
|
|
* Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware
|
|
* Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware
|
|
* Renamed `staticProvider` to `static`
|
|
* Renamed `bodyDecoder` to `bodyParser`
|
|
* Renamed `cookieDecoder` to `cookieParser`
|
|
* Fixed ETag quotes. [reported by papandreou]
|
|
* Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
|
|
* Fixed; only set req.originalUrl once. Closes #124
|
|
* Fixed symlink support for `static()`. Closes #123
|
|
|
|
0.5.10 / 2011-02-14
|
|
==================
|
|
|
|
* Fixed SID space issue. Closes #196
|
|
* Fixed; proxy `res.end()` to commit session data
|
|
* Fixed directory traversal attack in `staticProvider`. Closes #198
|
|
|
|
0.5.9 / 2011-02-09
|
|
==================
|
|
|
|
* qs >= 0.0.4
|
|
|
|
0.5.8 / 2011-02-04
|
|
==================
|
|
|
|
* Added `qs` dependency
|
|
* Fixed router race-condition causing possible failure
|
|
when `next()`ing to one or more routes with parallel
|
|
requests
|
|
|
|
0.5.7 / 2011-02-01
|
|
==================
|
|
|
|
* Added `onvhost()` call so Express (and others) can know when they are
|
|
* Revert "Added stylus support" (use the middleware which ships with stylus)
|
|
* Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly
|
|
* Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
|
|
* Fixed `utils.uid()` length error [Jxck]
|
|
mounted
|
|
|
|
0.5.6 / 2011-01-23
|
|
==================
|
|
|
|
* Added stylus support to `compiler`
|
|
* _favicon.js_ cleanup
|
|
* _compiler.js_ cleanup
|
|
* _bodyDecoder.js_ cleanup
|
|
|
|
0.5.5 / 2011-01-13
|
|
==================
|
|
|
|
* Changed; using sha256 HMAC instead of md5. [Paul Querna]
|
|
* Changed; generated a longer random UID, without time influence. [Paul Querna]
|
|
* Fixed; session middleware throws when secret is not present. [Paul Querna]
|
|
|
|
0.5.4 / 2011-01-07
|
|
==================
|
|
|
|
* Added; throw when router path or callback is missing
|
|
* Fixed; `next(err)` on cookie parse exception instead of ignoring
|
|
* Revert "Added utils.pathname(), memoized url.parse(str).pathname"
|
|
|
|
0.5.3 / 2011-01-05
|
|
==================
|
|
|
|
* Added _docs/api.html_
|
|
* Added `utils.pathname()`, memoized url.parse(str).pathname
|
|
* Fixed `session.id` issue. Closes #183
|
|
* Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179
|
|
* Removed bad outdated docs, we need something new / automated eventually
|
|
|
|
0.5.2 / 2010-12-28
|
|
==================
|
|
|
|
* Added default __OPTIONS__ support to _router_ middleware
|
|
|
|
0.5.1 / 2010-12-28
|
|
==================
|
|
|
|
* Added `req.session.id` mirroring `req.sessionID`
|
|
* Refactored router, exposing `connect.router.methods`
|
|
* Exclude non-lib files from npm
|
|
* Removed imposed headers `X-Powered-By`, `Server`, etc
|
|
|
|
0.5.0 / 2010-12-06
|
|
==================
|
|
|
|
* Added _./index.js_
|
|
* Added route segment precondition support and example
|
|
* Added named capture group support to router
|
|
|
|
0.4.0 / 2010-11-29
|
|
==================
|
|
|
|
* Added `basicAuth` middleware
|
|
* Added more HTTP methods to the `router` middleware
|
|
|
|
0.3.0 / 2010-07-21
|
|
==================
|
|
|
|
* Added _staticGzip_ middleware
|
|
* Added `connect.utils` to expose utils
|
|
* Added `connect.session.Session`
|
|
* Added `connect.session.Store`
|
|
* Added `connect.session.MemoryStore`
|
|
* Added `connect.middleware` to expose the middleware getters
|
|
* Added `buffer` option to _logger_ for performance increase
|
|
* Added _favicon_ middleware for serving your own favicon or the connect default
|
|
* Added option support to _staticProvider_, can now pass _root_ and _lifetime_.
|
|
* Added; mounted `Server` instances now have the `route` property exposed for reflection
|
|
* Added support for callback as first arg to `Server#use()`
|
|
* Added support for `next(true)` in _router_ to bypass match attempts
|
|
* Added `Server#listen()` _host_ support
|
|
* Added `Server#route` when `Server#use()` is called with a route on a `Server` instance
|
|
* Added _methodOverride_ X-HTTP-Method-Override support
|
|
* Refactored session internals, adds _secret_ option
|
|
* Renamed `lifetime` option to `maxAge` in _staticProvider_
|
|
* Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark)
|
|
* Removed connect(1) dependency on examples, they can all now run with node(1)
|
|
* Remove a typo that was leaking a global.
|
|
* Removed `Object.prototype` forEach() and map() methods
|
|
* Removed a few utils not used
|
|
* Removed `connect.createApp()`
|
|
* Removed `res.simpleBody()`
|
|
* Removed _format_ middleware
|
|
* Removed _flash_ middleware
|
|
* Removed _redirect_ middleware
|
|
* Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc)
|
|
* Removed _pubsub_ middleware
|
|
* Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array
|
|
* Changed; _compiler_ no longer 404s
|
|
* Changed; _router_ signature now matches connect middleware signature
|
|
* Fixed a require in _session_ for default `MemoryStore`
|
|
* Fixed nasty request body bug in _router_. Closes #54
|
|
* Fixed _less_ support in _compiler_
|
|
* Fixed bug preventing proper bubbling of exceptions in mounted servers
|
|
* Fixed bug in `Server#use()` preventing `Server` instances as the first arg
|
|
* Fixed **ENOENT** special case, is now treated as any other exception
|
|
* Fixed spark env support
|
|
|
|
0.2.1 / 2010-07-09
|
|
==================
|
|
|
|
* Added support for _router_ `next()` to continue calling matched routes
|
|
* Added mime type for _cache.manifest_ files.
|
|
* Changed _compiler_ middleware to use async require
|
|
* Changed session api, stores now only require `#get()`, and `#set()`
|
|
* Fixed _cacheManifest_ by adding `utils.find()` back
|
|
|
|
0.2.0 / 2010-07-01
|
|
==================
|
|
|
|
* Added calls to `Session()` casts the given object as a `Session` instance
|
|
* Added passing of `next()` to _router_ callbacks. Closes #46
|
|
* Changed; `MemoryStore#destroy()` removes `req.session`
|
|
* Changed `res.redirect("back")` to default to "/" when Referr?er is not present
|
|
* Fixed _staticProvider_ urlencoded paths issue. Closes #47
|
|
* Fixed _staticProvider_ middleware responding to **GET** requests
|
|
* Fixed _jsonrpc_ middleware `Accept` header check. Closes #43
|
|
* Fixed _logger_ format option
|
|
* Fixed typo in _compiler_ middleware preventing the _dest_ option from working
|
|
|
|
0.1.0 / 2010-06-25
|
|
==================
|
|
|
|
* Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu)
|
|
* Added [extended api docs](http://extjs.github.com/Connect/api.html)
|
|
* Added docs for several more middleware layers
|
|
* Added `connect.Server#use()`
|
|
* Added _compiler_ middleware which provides arbitrary static compilation
|
|
* Added `req.originalUrl`
|
|
* Removed _blog_ example
|
|
* Removed _sass_ middleware (use _compiler_)
|
|
* Removed _less_ middleware (use _compiler_)
|
|
* Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc.
|
|
* Fixed `req.url` mutation bug when matching `connect.Server#use()` routes
|
|
* Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39
|
|
* Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies
|
|
* `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries
|
|
|
|
0.0.6 / 2010-06-22
|
|
==================
|
|
|
|
* Added _static_ middleware usage example
|
|
* Added support for regular expressions as paths for _router_
|
|
* Added `util.merge()`
|
|
* Increased performance of _static_ by ~ 200 rps
|
|
* Renamed the _rest_ middleware to _router_
|
|
* Changed _rest_ api to accept a callback function
|
|
* Removed _router_ middleware
|
|
* Removed _proto.js_, only `Object#forEach()` remains
|
|
|
|
0.0.5 / 2010-06-21
|
|
==================
|
|
|
|
* Added Server#use() which contains the Layer normalization logic
|
|
* Added documentation for several middleware
|
|
* Added several new examples
|
|
* Added _less_ middleware
|
|
* Added _repl_ middleware
|
|
* Added _vhost_ middleware
|
|
* Added _flash_ middleware
|
|
* Added _cookie_ middleware
|
|
* Added _session_ middleware
|
|
* Added `utils.htmlEscape()`
|
|
* Added `utils.base64Decode()`
|
|
* Added `utils.base64Encode()`
|
|
* Added `utils.uid()`
|
|
* Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
|
|
* Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()`
|
|
* Renamed req.redirect() to res.redirect(). Closes #29
|
|
* Fixed _sass_ 404 on **ENOENT**
|
|
* Fixed +new Date duplication. Closes #24
|
|
|
|
0.0.4 / 2010-06-16
|
|
==================
|
|
|
|
* Added workerPidfile() to bin/connect
|
|
* Added --workers support to bin/connect stop and status commands
|
|
* Added _redirect_ middleware
|
|
* Added better --config support to bin/connect. All flags can be utilized
|
|
* Added auto-detection of _./config.js_
|
|
* Added config example
|
|
* Added `net.Server` support to bin/connect
|
|
* Writing worker pids relative to `env.pidfile`
|
|
* s/parseQuery/parse/g
|
|
* Fixed npm support
|
|
|
|
0.0.3 / 2010-06-16
|
|
==================
|
|
|
|
* Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__
|
|
|
|
0.0.2 / 2010-06-15
|
|
==================
|
|
|
|
* Added `-V, --version` to bin/connect
|
|
* Added `utils.parseCookie()`
|
|
* Added `utils.serializeCookie()`
|
|
* Added `utils.toBoolean()`
|
|
* Added _sass_ middleware
|
|
* Added _cookie_ middleware
|
|
* Added _format_ middleware
|
|
* Added _lint_ middleware
|
|
* Added _rest_ middleware
|
|
* Added _./package.json_ (npm install connect)
|
|
* Added `handleError()` support
|
|
* Added `process.connectEnv`
|
|
* Added custom log format support to _log_ middleware
|
|
* Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
|
|
* Added -w, --workers to bin/connect
|
|
* Added bin/connect support for --user NAME and --group NAME
|
|
* Fixed url re-writing support
|
|
|
|
0.0.1 / 2010-06-03
|
|
==================
|
|
|
|
* Initial release
|
|
|