HISTORY.md 72.7 KB
Newer Older
Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1 2
3.6.5 / 2017-09-22
==================
3 4

  * deps: debug@2.6.9
5 6
  * deps: finalhandler@1.0.6
    - deps: debug@2.6.9
7

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
8 9
3.6.4 / 2017-09-20
==================
10

11 12
  * deps: finalhandler@1.0.5
    - deps: parseurl@~1.3.2
13 14 15
  * deps: parseurl@~1.3.2
    - perf: reduce overhead for full URLs
    - perf: unroll the "fast-path" `RegExp`
16
  * deps: utils-merge@1.0.1
17

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
18 19
3.6.3 / 2017-08-03
==================
20 21

  * deps: debug@2.6.8
22 23
  * deps: finalhandler@1.0.4
    - deps: debug@2.6.8
24

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
25 26
3.6.2 / 2017-05-16
==================
27 28 29

  * deps: finalhandler@1.0.3
    - deps: debug@2.6.7
30 31
  * deps: debug@2.6.7
    - deps: ms@2.0.0
32

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
33 34
3.6.1 / 2017-04-19
==================
35 36 37

  * deps: debug@2.6.3
    - Fix `DEBUG_MAX_ARRAY_LENGTH`
38 39 40
  * deps: finalhandler@1.0.1
    - Fix missing `</html>` in HTML document
    - deps: debug@2.6.3
41

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
42 43
3.6.0 / 2017-02-17
==================
44 45 46 47 48 49 50

  * deps: debug@2.6.1
    - Allow colors in workers
    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
    - Fix error when running under React Native
    - Use same color for same namespace
    - deps: ms@0.7.2
51 52 53 54 55 56 57
  * deps: finalhandler@1.0.0
    - Fix exception when `err` cannot be converted to a string
    - Fully URL-encode the pathname in the 404
    - Only include the pathname in the 404 message
    - Send complete HTML document
    - Set `Content-Security-Policy: default-src 'self'` header
    - deps: debug@2.6.1
58

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
59 60
3.5.1 / 2017-02-12
==================
61 62 63 64 65 66 67

  * deps: finalhandler@0.5.1
    - Fix exception when `err.headers` is not an object
    - deps: statuses@~1.3.1
    - perf: hoist regular expressions
    - perf: remove duplicate validation path

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
68 69
3.5.0 / 2016-09-09
==================
70 71 72 73 74 75 76 77

  * deps: finalhandler@0.5.0
    - Change invalid or non-numeric status code to 500
    - Overwrite status message to match set status code
    - Prefer `err.statusCode` if `err.status` is invalid
    - Set response headers from `err.headers` object
    - Use `statuses` instead of `http` module for status messages

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
78 79
3.4.1 / 2016-01-23
==================
80 81 82

  * deps: finalhandler@0.4.1
    - deps: escape-html@~1.0.3
83 84
  * deps: parseurl@~1.3.1
    - perf: enable strict mode
85

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
86 87
3.4.0 / 2015-06-18
==================
88 89 90

  * deps: debug@~2.2.0
    - deps: ms@0.7.1
91 92 93 94
  * deps: finalhandler@0.4.0
    - Fix a false-positive when unpiping in Node.js 0.8
    - Support `statusCode` property on `Error` objects
    - Use `unpipe` module for unpiping requests
95
    - deps: debug@~2.2.0
96 97 98 99
    - deps: escape-html@1.0.2
    - deps: on-finished@~2.3.0
    - perf: enable strict mode
    - perf: remove argument reassignment
100
  * perf: enable strict mode
101
  * perf: remove argument reassignments
102

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
103 104
3.3.5 / 2015-03-16
==================
105 106 107 108 109 110 111

  * deps: debug@~2.1.3
    - Fix high intensity foreground color for bold
    - deps: ms@0.7.0
  * deps: finalhandler@0.3.4
    - deps: debug@~2.1.3

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
112 113
3.3.4 / 2015-01-07
==================
114 115 116 117 118 119

  * deps: debug@~2.1.1
  * deps: finalhandler@0.3.3
    - deps: debug@~2.1.1
    - deps: on-finished@~2.2.0

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
120 121
3.3.3 / 2014-11-09
==================
122 123 124

  * Correctly invoke async callback asynchronously

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
125 126
3.3.2 / 2014-10-28
==================
127 128 129

  * Fix handling of URLs containing `://` in the path

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
130 131
3.3.1 / 2014-10-22
==================
132 133 134 135

  * deps: finalhandler@0.3.2
    - deps: on-finished@~2.1.1

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
136 137
3.3.0 / 2014-10-17
==================
138 139 140 141 142 143 144 145

  * deps: debug@~2.1.0
    - Implement `DEBUG_FD` env variable support
  * deps: finalhandler@0.3.1
    - Terminate in progress response only on error
    - Use `on-finished` to determine request status
    - deps: debug@~2.1.0

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
146 147
3.2.0 / 2014-09-08
==================
148 149 150 151 152 153

  * deps: debug@~2.0.0
  * deps: finalhandler@0.2.0
    - Set `X-Content-Type-Options: nosniff` header
    - deps: debug@~2.0.0

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
154 155
3.1.1 / 2014-08-10
==================
156 157 158

  * deps: parseurl@~1.3.0

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
159 160
3.1.0 / 2014-07-22
==================
161 162 163 164 165 166 167 168 169

  * deps: debug@1.0.4
  * deps: finalhandler@0.1.0
    - Respond after request fully read
    - deps: debug@1.0.4
  * deps: parseurl@~1.2.0
    - Cache URLs based on original value
    - Remove no-longer-needed URL mis-parse work-around
    - Simplify the "fast-path" `RegExp`
170
  * perf: reduce executed logic in routing
171
  * perf: refactor location of `try` block
172

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
173 174
3.0.2 / 2014-07-10
==================
175 176 177

  * deps: debug@1.0.3
    - Add support for multiple wildcards in namespaces
178 179
  * deps: parseurl@~1.1.3
    - faster parsing of href-only URLs
180

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
181 182
3.0.1 / 2014-06-19
==================
183

184
  * use `finalhandler` for final response handling
185
  * deps: debug@1.0.2
186

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
187 188 189 190 191
3.0.0 / 2014-05-29
==================

  * No changes

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
192 193
3.0.0-rc.2 / 2014-05-04
=======================
194

195 196 197 198 199
  * Call error stack even when response has been sent
  * Prevent default 404 handler after response sent
  * dep: debug@0.8.1
  * encode stack in HTML for default error handler
  * remove `proto` export
200

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
201 202
3.0.0-rc.1 / 2014-03-06
=======================
Jonathan Ong's avatar
Jonathan Ong committed
203

204 205 206 207 208 209 210 211
  * move middleware to separate repos
  * remove docs
  * remove node patches
  * remove connect(middleware...)
  * remove the old `connect.createServer()` method
  * remove various private `connect.utils` functions
  * drop node.js 0.8 support

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
212 213
2.30.2 / 2015-07-31
===================
214

215 216
  * deps: body-parser@~1.13.3
    - deps: type-is@~1.6.6
217 218 219 220
  * deps: compression@~1.5.2
    - deps: accepts@~1.2.12
    - deps: compressible@~2.0.5
    - deps: vary@~1.0.1
221 222
  * deps: errorhandler@~1.4.2
    - deps: accepts@~1.2.12
223
  * deps: method-override@~2.3.5
224
    - deps: vary@~1.0.1
225
    - perf: enable strict mode
226 227 228
  * deps: serve-index@~1.7.2
    - deps: accepts@~1.2.12
    - deps: mime-types@~2.1.4
229 230
  * deps: type-is@~1.6.6
    - deps: mime-types@~2.1.4
231 232 233
  * deps: vhost@~3.0.1
    - perf: enable strict mode

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
234 235
2.30.1 / 2015-07-05
===================
236

237 238 239 240 241
  * deps: body-parser@~1.13.2
    - deps: iconv-lite@0.4.11
    - deps: qs@4.0.0
    - deps: raw-body@~2.1.2
    - deps: type-is@~1.6.4
242 243 244
  * deps: compression@~1.5.1
    - deps: accepts@~1.2.10
    - deps: compressible@~2.0.4
245 246
  * deps: errorhandler@~1.4.1
    - deps: accepts@~1.2.10
247 248 249
  * deps: qs@4.0.0
    - Fix dropping parameters like `hasOwnProperty`
    - Fix various parsing edge cases
250 251
  * deps: morgan@~1.6.1
    - deps: basic-auth@~1.0.3
252 253 254 255
  * deps: pause@0.1.0
    - Re-emit events with all original arguments
    - Refactor internals
    - perf: enable strict mode
256 257 258
  * deps: serve-index@~1.7.1
    - deps: accepts@~1.2.10
    - deps: mime-types@~2.1.2
259 260 261 262
  * deps: type-is@~1.6.4
    - deps: mime-types@~2.1.2
    - perf: enable strict mode
    - perf: remove argument reassignment
263

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
264 265
2.30.0 / 2015-06-18
===================
266

267
  * deps: body-parser@~1.13.1
268 269 270 271 272 273 274 275 276 277 278 279 280
    - Add `statusCode` property on `Error`s, in addition to `status`
    - Change `type` default to `application/json` for JSON parser
    - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser
    - Provide static `require` analysis
    - Use the `http-errors` module to generate errors
    - deps: bytes@2.1.0
    - deps: iconv-lite@0.4.10
    - deps: on-finished@~2.3.0
    - deps: raw-body@~2.1.1
    - deps: type-is@~1.6.3
    - perf: enable strict mode
    - perf: remove argument reassignment
    - perf: remove delete call
281 282 283
  * deps: bytes@2.1.0
    - Slight optimizations
    - Units no longer case sensitive when parsing
284 285 286 287 288 289 290 291 292
  * deps: compression@~1.5.0
    - Fix return value from `.end` and `.write` after end
    - Improve detection of zero-length body without `Content-Length`
    - deps: accepts@~1.2.9
    - deps: bytes@2.1.0
    - deps: compressible@~2.0.3
    - perf: enable strict mode
    - perf: remove flush reassignment
    - perf: simplify threshold detection
293 294
  * deps: cookie@0.1.3
    - Slight optimizations
295 296
  * deps: cookie-parser@~1.3.5
    - deps: cookie@0.1.3
297 298 299 300
  * deps: csurf@~1.8.3
    - Add `sessionKey` option
    - deps: cookie@0.1.3
    - deps: csrf@~3.0.0
301 302 303 304 305
  * deps: errorhandler@~1.4.0
    - Add charset to the `Content-Type` header
    - Support `statusCode` property on `Error` objects
    - deps: accepts@~1.2.9
    - deps: escape-html@1.0.2
306 307 308 309 310 311 312
  * deps: express-session@~1.11.3
    - Support an array in `secret` option for key rotation
    - deps: cookie@0.1.3
    - deps: crc@3.3.0
    - deps: debug@~2.2.0
    - deps: depd@~1.0.1
    - deps: uid-safe@~2.0.0
313 314 315 316 317 318 319 320
  * deps: finalhandler@0.4.0
    - Fix a false-positive when unpiping in Node.js 0.8
    - Support `statusCode` property on `Error` objects
    - Use `unpipe` module for unpiping requests
    - deps: escape-html@1.0.2
    - deps: on-finished@~2.3.0
    - perf: enable strict mode
    - perf: remove argument reassignment
321 322
  * deps: fresh@0.3.0
    - Add weak `ETag` matching support
323 324 325 326 327 328 329 330 331 332 333 334 335 336 337
  * deps: morgan@~1.6.0
    - Add `morgan.compile(format)` export
    - Do not color 1xx status codes in `dev` format
    - Fix `response-time` token to not include response latency
    - Fix `status` token incorrectly displaying before response in `dev` format
    - Fix token return values to be `undefined` or a string
    - Improve representation of multiple headers in `req` and `res` tokens
    - Use `res.getHeader` in `res` token
    - deps: basic-auth@~1.0.2
    - deps: on-finished@~2.3.0
    - pref: enable strict mode
    - pref: reduce function closure scopes
    - pref: remove dynamic compile on every request for `dev` format
    - pref: remove an argument reassignment
    - pref: skip function call without `skip` option
338 339 340 341 342 343 344
  * deps: serve-favicon@~2.3.0
    - Send non-chunked response for `OPTIONS`
    - deps: etag@~1.7.0
    - deps: fresh@0.3.0
    - perf: enable strict mode
    - perf: remove argument reassignment
    - perf: remove bitwise operations
345 346 347 348 349 350 351 352 353 354
  * deps: serve-index@~1.7.0
    - Accept `function` value for `template` option
    - Send non-chunked response for `OPTIONS`
    - Stat parent directory when necessary
    - Use `Date.prototype.toLocaleDateString` to format date
    - deps: accepts@~1.2.9
    - deps: escape-html@1.0.2
    - deps: mime-types@~2.1.1
    - perf: enable strict mode
    - perf: remove argument reassignment
355 356 357 358 359 360 361 362 363
  * deps: serve-static@~1.10.0
    - Add `fallthrough` option
    - Fix reading options from options prototype
    - Improve the default redirect response headers
    - Malformed URLs now `next()` instead of 400
    - deps: escape-html@1.0.2
    - deps: send@0.13.0
    - perf: enable strict mode
    - perf: remove argument reassignment
364 365 366 367
  * deps: type-is@~1.6.3
    - deps: mime-types@~2.1.1
    - perf: reduce try block size
    - perf: remove bitwise operations
368

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
369 370
2.29.2 / 2015-05-14
===================
371

372
  * deps: body-parser@~1.12.4
373
    - Slight efficiency improvement when not debugging
374
    - deps: debug@~2.2.0
375 376
    - deps: depd@~1.0.1
    - deps: iconv-lite@0.4.8
377 378 379 380
    - deps: on-finished@~2.2.1
    - deps: qs@2.4.2
    - deps: raw-body@~2.0.1
    - deps: type-is@~1.6.2
381 382 383
  * deps: compression@~1.4.4
    - deps: accepts@~1.2.7
    - deps: debug@~2.2.0
384 385
  * deps: connect-timeout@~1.6.2
    - deps: debug@~2.2.0
386 387
    - deps: ms@0.7.1
  * deps: debug@~2.2.0
388
    - deps: ms@0.7.1
389
  * deps: depd@~1.0.1
390 391
  * deps: errorhandler@~1.3.6
    - deps: accepts@~1.2.7
392 393 394
  * deps: finalhandler@0.3.6
    - deps: debug@~2.2.0
    - deps: on-finished@~2.2.1
395 396
  * deps: method-override@~2.3.3
    - deps: debug@~2.2.0
397 398 399 400 401
  * deps: morgan@~1.5.3
    - deps: basic-auth@~1.0.1
    - deps: debug@~2.2.0
    - deps: depd@~1.0.1
    - deps: on-finished@~2.2.1
402 403
  * deps: qs@2.4.2
   - Fix allowing parameters like `constructor`
404 405
  * deps: response-time@~2.3.1
    - deps: depd@~1.0.1
406 407 408
  * deps: serve-favicon@~2.2.1
    - deps: etag@~1.6.0
    - deps: ms@0.7.1
409 410 411 412
  * deps: serve-index@~1.6.4
    - deps: accepts@~1.2.7
    - deps: debug@~2.2.0
    - deps: mime-types@~2.0.11
413 414
  * deps: serve-static@~1.9.3
    - deps: send@0.12.3
415 416
  * deps: type-is@~1.6.2
    - deps: mime-types@~2.0.11
417

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
418 419
2.29.1 / 2015-03-16
===================
420

421
  * deps: body-parser@~1.12.2
422
    - deps: debug@~2.1.3
423
    - deps: qs@2.4.1
424
    - deps: type-is@~1.6.1
425 426 427 428
  * deps: compression@~1.4.3
    - Fix error when code calls `res.end(str, encoding)`
    - deps: accepts@~1.2.5
    - deps: debug@~2.1.3
429 430
  * deps: connect-timeout@~1.6.1
    - deps: debug@~2.1.3
431 432 433
  * deps: debug@~2.1.3
    - Fix high intensity foreground color for bold
    - deps: ms@0.7.0
434 435
  * deps: errorhandler@~1.3.5
    - deps: accepts@~1.2.5
436 437
  * deps: express-session@~1.10.4
    - deps: debug@~2.1.3
438 439
  * deps: finalhandler@0.3.4
    - deps: debug@~2.1.3
440 441
  * deps: method-override@~2.3.2
    - deps: debug@~2.1.3
442 443
  * deps: morgan@~1.5.2
    - deps: debug@~2.1.3
444 445
  * deps: qs@2.4.1
    - Fix error when parameter `hasOwnProperty` is present
446 447 448 449 450 451
  * deps: serve-index@~1.6.3
    - Properly escape file names in HTML
    - deps: accepts@~1.2.5
    - deps: debug@~2.1.3
    - deps: escape-html@1.0.1
    - deps: mime-types@~2.0.10
452 453
  * deps: serve-static@~1.9.2
    - deps: send@0.12.2
454 455
  * deps: type-is@~1.6.1
    - deps: mime-types@~2.0.10
456

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
457 458
2.29.0 / 2015-02-17
===================
459

460
  * Use `content-type` to parse `Content-Type` headers
461 462 463 464 465 466 467 468
  * deps: body-parser@~1.12.0
    - add `debug` messages
    - accept a function for the `type` option
    - make internal `extended: true` depth limit infinity
    - use `content-type` to parse `Content-Type` headers
    - deps: iconv-lite@0.4.7
    - deps: raw-body@1.3.3
    - deps: type-is@~1.6.0
469 470 471
  * deps: compression@~1.4.1
    - Prefer `gzip` over `deflate` on the server
    - deps: accepts@~1.2.4
472 473
  * deps: connect-timeout@~1.6.0
    - deps: http-errors@~1.3.1
474 475
  * deps: cookie-parser@~1.3.4
    - deps: cookie-signature@1.0.6
476
  * deps: cookie-signature@1.0.6
477 478 479 480 481 482
  * deps: csurf@~1.7.0
    - Accept `CSRF-Token` and `XSRF-Token` request headers
    - Default `cookie.path` to `'/'`, if using cookies
    - deps: cookie-signature@1.0.6
    - deps: csrf@~2.0.6
    - deps: http-errors@~1.3.1
483 484
  * deps: errorhandler@~1.3.4
    - deps: accepts@~1.2.4
485 486 487
  * deps: express-session@~1.10.3
    - deps: cookie-signature@1.0.6
    - deps: uid-safe@1.1.0
488 489 490 491
  * deps: http-errors@~1.3.1
    - Construct errors using defined constructors from `createError`
    - Fix error names that are not identifiers
    - Set a meaningful `name` property on constructed errors
492 493
  * deps: response-time@~2.3.0
    - Add function argument to support recording of response time
494 495 496 497
  * deps: serve-index@~1.6.2
    - deps: accepts@~1.2.4
    - deps: http-errors@~1.3.1
    - deps: mime-types@~2.0.9
498 499
  * deps: serve-static@~1.9.1
    - deps: send@0.12.1
500 501 502 503 504
  * deps: type-is@~1.6.0
    - fix argument reassignment
    - fix false-positives in `hasBody` `Transfer-Encoding` check
    - support wildcard for both type and subtype (`*/*`)
    - deps: mime-types@~2.0.9
505

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
506 507
2.28.3 / 2015-01-31
===================
508

509 510 511
  * deps: compression@~1.3.1
    - deps: accepts@~1.2.3
    - deps: compressible@~2.0.2
512 513
  * deps: csurf@~1.6.6
    - deps: csrf@~2.0.5
514 515
  * deps: errorhandler@~1.3.3
    - deps: accepts@~1.2.3
516 517
  * deps: express-session@~1.10.2
    - deps: uid-safe@1.0.3
518 519 520
  * deps: serve-index@~1.6.1
    - deps: accepts@~1.2.3
    - deps: mime-types@~2.0.8
521 522
  * deps: type-is@~1.5.6
    - deps: mime-types@~2.0.8
523

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
524 525
2.28.2 / 2015-01-20
===================
526

527 528 529
  * deps: body-parser@~1.10.2
    - deps: iconv-lite@0.4.6
    - deps: raw-body@1.3.2
530 531 532 533 534
  * deps: serve-static@~1.8.1
    - Fix redirect loop in Node.js 0.11.14
    - Fix root path disclosure
    - deps: send@0.11.1

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
535 536
2.28.1 / 2015-01-08
===================
537 538 539

  * deps: csurf@~1.6.5
    - deps: csrf@~2.0.4
540 541
  * deps: express-session@~1.10.1
    - deps: uid-safe@~1.0.2
542

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
543 544
2.28.0 / 2015-01-05
===================
545

546 547 548 549
  * deps: body-parser@~1.10.1
    - Make internal `extended: true` array limit dynamic
    - deps: on-finished@~2.2.0
    - deps: type-is@~1.5.5
550 551 552 553
  * deps: compression@~1.3.0
    - Export the default `filter` function for wrapping
    - deps: accepts@~1.2.2
    - deps: debug@~2.1.1
554 555 556 557
  * deps: connect-timeout@~1.5.0
    - deps: debug@~2.1.1
    - deps: http-errors@~1.2.8
    - deps: ms@0.7.0
558
  * deps: csurf@~1.6.4
559 560
    - deps: csrf@~2.0.3
    - deps: http-errors@~1.2.8
561
  * deps: debug@~2.1.1
562 563 564 565
  * deps: errorhandler@~1.3.2
    - Add `log` option
    - Fix heading content to not include stack
    - deps: accepts@~1.2.2
566 567 568 569
  * deps: express-session@~1.10.0
    - Add `store.touch` interface for session stores
    - Fix `MemoryStore` expiration with `resave: false`
    - deps: debug@~2.1.1
570 571 572
  * deps: finalhandler@0.3.3
    - deps: debug@~2.1.1
    - deps: on-finished@~2.2.0
573 574 575
  * deps: method-override@~2.3.1
    - deps: debug@~2.1.1
    - deps: methods@~1.1.1
576 577 578 579 580 581 582
  * deps: morgan@~1.5.1
    - Add multiple date formats `clf`, `iso`, and `web`
    - Deprecate `buffer` option
    - Fix date format in `common` and `combined` formats
    - Fix token arguments to accept values with `"`
    - deps: debug@~2.1.1
    - deps: on-finished@~2.2.0
583 584 585 586
  * deps: serve-favicon@~2.2.0
    - Support query string in the URL
    - deps: etag@~1.5.1
    - deps: ms@0.7.0
587 588 589 590 591 592
  * deps: serve-index@~1.6.0
    - Add link to root directory
    - deps: accepts@~1.2.2
    - deps: batch@0.5.2
    - deps: debug@~2.1.1
    - deps: mime-types@~2.0.7
593 594 595
  * deps: serve-static@~1.8.0
    - Fix potential open redirect when mounted at root
    - deps: send@0.11.0
596 597
  * deps: type-is@~1.5.5
    - deps: mime-types@~2.0.7
598

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
599 600
2.27.6 / 2014-12-10
===================
601 602 603 604 605 606

  * deps: serve-index@~1.5.3
    - deps: accepts@~1.1.4
    - deps: http-errors@~1.2.8
    - deps: mime-types@~2.0.4

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
607 608
2.27.5 / 2014-12-10
===================
609 610 611 612

  * deps: compression@~1.2.2
    - Fix `.end` to only proxy to `.end`
    - deps: accepts@~1.1.4
613 614
  * deps: express-session@~1.9.3
    - Fix error when `req.sessionID` contains a non-string value
615 616 617
  * deps: http-errors@~1.2.8
    - Fix stack trace from exported function
    - Remove `arguments.callee` usage
618 619
  * deps: serve-index@~1.5.2
    - Fix icon name background alignment on mobile view
620 621
  * deps: type-is@~1.5.4
    - deps: mime-types@~2.0.4
622

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
623 624
2.27.4 / 2014-11-23
===================
625

626 627 628 629 630
  * deps: body-parser@~1.9.3
    - deps: iconv-lite@0.4.5
    - deps: qs@2.3.3
    - deps: raw-body@1.3.1
    - deps: type-is@~1.5.3
631 632
  * deps: compression@~1.2.1
    - deps: accepts@~1.1.3
633 634
  * deps: errorhandler@~1.2.3
    - deps: accepts@~1.1.3
635 636
  * deps: express-session@~1.9.2
    - deps: crc@3.2.1
637 638
  * deps: qs@2.3.3
    - Fix `arrayLimit` behavior
639 640
  * deps: serve-favicon@~2.1.7
    - Avoid errors from enumerables on `Object.prototype`
641
  * deps: serve-index@~1.5.1
642 643
    - deps: accepts@~1.1.3
    - deps: mime-types@~2.0.3
644 645
  * deps: type-is@~1.5.3
    - deps: mime-types@~2.0.3
646

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
647 648
2.27.3 / 2014-11-09
===================
649 650

  * Correctly invoke async callback asynchronously
651 652 653
  * deps: csurf@~1.6.3
    - bump csrf
    - bump http-errors
654

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
655 656
2.27.2 / 2014-10-28
===================
657

658
  * Fix handling of URLs containing `://` in the path
659 660
  * deps: body-parser@~1.9.2
    - deps: qs@2.3.2
661 662 663
  * deps: qs@2.3.2
    - Fix parsing of mixed objects and values

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
664 665
2.27.1 / 2014-10-22
===================
666

667 668 669 670
  * deps: body-parser@~1.9.1
    - deps: on-finished@~2.1.1
    - deps: qs@2.3.0
    - deps: type-is@~1.5.2
671 672
  * deps: express-session@~1.9.1
    - Remove unnecessary empty write call
673 674
  * deps: finalhandler@0.3.2
    - deps: on-finished@~2.1.1
675 676
  * deps: morgan@~1.4.1
    - deps: on-finished@~2.1.1
677 678
  * deps: qs@2.3.0
    - Fix parsing of mixed implicit and explicit arrays
679 680
  * deps: serve-static@~1.7.1
    - deps: send@0.10.1
681

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
682 683
2.27.0 / 2014-10-16
===================
684

685
  * Use `http-errors` module for creating errors
686
  * Use `utils-merge` module for merging objects
687 688 689 690
  * deps: body-parser@~1.9.0
    - include the charset in "unsupported charset" error message
    - include the encoding in "unsupported content encoding" error message
    - deps: depd@~1.0.0
691 692
  * deps: compression@~1.2.0
    - deps: debug@~2.1.0
693 694 695
  * deps: connect-timeout@~1.4.0
    - Create errors with `http-errors`
    - deps: debug@~2.1.0
696 697
  * deps: debug@~2.1.0
    - Implement `DEBUG_FD` env variable support
698
  * deps: depd@~1.0.0
699 700 701
  * deps: express-session@~1.9.0
    - deps: debug@~2.1.0
    - deps: depd@~1.0.0
702
  * deps: finalhandler@0.3.1
703 704
    - Terminate in progress response only on error
    - Use `on-finished` to determine request status
705
    - deps: debug@~2.1.0
706 707
  * deps: method-override@~2.3.0
    - deps: debug@~2.1.0
708 709 710
  * deps: morgan@~1.4.0
    - Add `debug` messages
    - deps: depd@~1.0.0
711 712 713 714 715
  * deps: response-time@~2.2.0
    - Add `header` option for custom header name
    - Add `suffix` option
    - Change `digits` argument to an `options` argument
    - deps: depd@~1.0.0
716 717
  * deps: serve-favicon@~2.1.6
    - deps: etag@~1.5.0
718
  * deps: serve-index@~1.5.0
719 720
    - Add `dir` argument to `filter` function
    - Add icon for mkv files
721
    - Create errors with `http-errors`
722 723 724
    - Fix incorrect 403 on Windows and Node.js 0.11
    - Lookup icon by mime type for greater icon support
    - Support using tokens multiple times
725
    - deps: accepts@~1.1.2
726 727
    - deps: debug@~2.1.0
    - deps: mime-types@~2.0.2
728 729
  * deps: serve-static@~1.7.0
    - deps: send@0.10.0
730

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
731 732
2.26.6 / 2014-10-15
===================
733

734 735 736
  * deps: compression@~1.1.2
    - deps: accepts@~1.1.2
    - deps: compressible@~2.0.1
737 738 739
  * deps: csurf@~1.6.2
    - bump http-errors
    - fix cookie name when using `cookie: true`
740 741 742
  * deps: errorhandler@~1.2.2
    - deps: accepts@~1.1.2

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
743 744
2.26.5 / 2014-10-08
===================
745

746
  * Fix accepting non-object arguments to `logger`
747 748 749
  * deps: serve-static@~1.6.4
    - Fix redirect loop when index file serving disabled

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
750 751
2.26.4 / 2014-10-02
===================
752 753 754

  * deps: morgan@~1.3.2
    - Fix `req.ip` integration when `immediate: false`
755 756
  * deps: type-is@~1.5.2
    - deps: mime-types@~2.0.2
757

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
758 759
2.26.3 / 2014-09-24
===================
760

761 762
  * deps: body-parser@~1.8.4
    - fix content encoding to be case-insensitive
763 764
  * deps: serve-favicon@~2.1.5
    - deps: etag@~1.4.0
765 766
  * deps: serve-static@~1.6.3
    - deps: send@0.9.3
767

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
768 769
2.26.2 / 2014-09-19
===================
770 771 772

  * deps: body-parser@~1.8.3
    - deps: qs@2.2.4
773 774
  * deps: qs@2.2.4
    - Fix issue with object keys starting with numbers truncated
775

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
776 777
2.26.1 / 2014-09-15
===================
778

779 780
  * deps: body-parser@~1.8.2
    - deps: depd@0.4.5
781
  * deps: depd@0.4.5
782 783 784
  * deps: express-session@~1.8.2
    - Use `crc` instead of `buffer-crc32` for speed
    - deps: depd@0.4.5
785 786 787
  * deps: morgan@~1.3.1
    - Remove un-used `bytes` dependency
    - deps: depd@0.4.5
788
  * deps: serve-favicon@~2.1.4
789 790
    - Fix content headers being sent in 304 response
    - deps: etag@~1.3.1
791 792
  * deps: serve-static@~1.6.2
    - deps: send@0.9.2
793

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
794 795
2.26.0 / 2014-09-08
===================
796

797
  * deps: body-parser@~1.8.1
798 799 800 801
    - add `parameterLimit` option to `urlencoded` parser
    - change `urlencoded` extended array limit to 100
    - make empty-body-handling consistent between chunked requests
    - respond with 415 when over `parameterLimit` in `urlencoded`
802
    - deps: media-typer@0.3.0
803
    - deps: qs@2.2.3
804
    - deps: type-is@~1.5.1
805 806 807 808
  * deps: compression@~1.1.0
    - deps: accepts@~1.1.0
    - deps: compressible@~2.0.0
    - deps: debug@~2.0.0
809 810
  * deps: connect-timeout@~1.3.0
    - deps: debug@~2.0.0
811 812
  * deps: cookie-parser@~1.3.3
    - deps: cookie-signature@1.0.5
813
  * deps: cookie-signature@1.0.5
814 815 816 817 818
  * deps: csurf@~1.6.1
    - add `ignoreMethods` option
    - bump cookie-signature
    - csrf-tokens -> csrf
    - set `code` property on CSRF token errors
819
  * deps: debug@~2.0.0
820 821 822
  * deps: errorhandler@~1.2.0
    - Display error using `util.inspect` if no other representation
    - deps: accepts@~1.1.0
823
  * deps: express-session@~1.8.1
824
    - Do not resave already-saved session at end of request
825
    - Prevent session prototype methods from being overwritten
826 827
    - deps: cookie-signature@1.0.5
    - deps: debug@~2.0.0
828 829 830
  * deps: finalhandler@0.2.0
    - Set `X-Content-Type-Options: nosniff` header
    - deps: debug@~2.0.0
831
  * deps: fresh@0.2.4
832 833
  * deps: media-typer@0.3.0
    - Throw error when parameter format invalid on parse
834 835
  * deps: method-override@~2.2.0
    - deps: debug@~2.0.0
836 837
  * deps: morgan@~1.3.0
    - Assert if `format` is not a function or string
838 839
  * deps: qs@2.2.3
    - Fix issue where first empty value in array is discarded
840
  * deps: serve-favicon@~2.1.3
841 842
    - Accept string for `maxAge` (converted by `ms`)
    - Use `etag` to generate `ETag` header
843
    - deps: fresh@0.2.4
844 845 846 847
  * deps: serve-index@~1.2.1
    - Add `debug` messages
    - Resolve relative paths at middleware setup
    - deps: accepts@~1.1.0
848
  * deps: serve-static@~1.6.1
849
    - Add `lastModified` option
850
    - deps: send@0.9.1
851
  * deps: type-is@~1.5.1
852
    - fix `hasbody` to be true for `content-length: 0`
853 854
    - deps: media-typer@0.3.0
    - deps: mime-types@~2.0.1
855
  * deps: vhost@~3.0.0
856

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
857 858
2.25.10 / 2014-09-04
====================
859 860 861 862

  * deps: serve-static@~1.5.4
    - deps: send@0.8.5

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
863 864
2.25.9 / 2014-08-29
===================
865

866 867
  * deps: body-parser@~1.6.7
    - deps: qs@2.2.2
868 869
  * deps: qs@2.2.2

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
870 871
2.25.8 / 2014-08-27
===================
872

873 874
  * deps: body-parser@~1.6.6
    - deps: qs@2.2.0
875
  * deps: csurf@~1.4.1
876 877 878
  * deps: qs@2.2.0
    - Array parsing fix
    - Performance improvements
879

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
880 881
2.25.7 / 2014-08-18
===================
882 883 884

  * deps: body-parser@~1.6.5
    - deps: on-finished@2.1.0
885 886
  * deps: express-session@~1.7.6
    - Fix exception on `res.end(null)` calls
887 888
  * deps: morgan@~1.2.3
    - deps: on-finished@2.1.0
889 890
  * deps: serve-static@~1.5.3
    - deps: send@0.8.3
891

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
892 893
2.25.6 / 2014-08-14
===================
894

895 896
  * deps: body-parser@~1.6.4
    - deps: qs@1.2.2
897
  * deps: qs@1.2.2
898 899 900
  * deps: serve-static@~1.5.2
    - deps: send@0.8.2

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
901 902
2.25.5 / 2014-08-11
===================
903 904 905

  * Fix backwards compatibility in `logger`

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
906 907
2.25.4 / 2014-08-10
===================
908 909 910

  * Fix `query` middleware breaking with argument
    - It never really took one in the first place
911 912
  * deps: body-parser@~1.6.3
    - deps: qs@1.2.1
913 914 915
  * deps: compression@~1.0.11
    - deps: on-headers@~1.0.0
    - deps: parseurl@~1.3.0
916 917
  * deps: connect-timeout@~1.2.2
    - deps: on-headers@~1.0.0
918 919 920 921
  * deps: express-session@~1.7.5
    - Fix parsing original URL
    - deps: on-headers@~1.0.0
    - deps: parseurl@~1.3.0
922
  * deps: method-override@~2.1.3
923
  * deps: on-headers@~1.0.0
924
  * deps: parseurl@~1.3.0
925
  * deps: qs@1.2.1
926 927
  * deps: response-time@~2.0.1
    - deps: on-headers@~1.0.0
928 929
  * deps: serve-index@~1.1.6
    - Fix URL parsing
930 931 932 933
  * deps: serve-static@~1.5.1
    - Fix parsing of weird `req.originalUrl` values
    - deps: parseurl@~1.3.0
    = deps: utils-merge@1.0.0
934

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
935 936
2.25.3 / 2014-08-07
===================
937 938 939 940

  * deps: multiparty@3.3.2
    - Fix potential double-callback

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
941 942
2.25.2 / 2014-08-07
===================
943

944 945
  * deps: body-parser@~1.6.2
    - deps: qs@1.2.0
946 947 948
  * deps: qs@1.2.0
    - Fix parsing array of objects

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
949 950
2.25.1 / 2014-08-06
===================
951 952 953

  * deps: body-parser@~1.6.1
    - deps: qs@1.1.0
954 955 956
  * deps: qs@1.1.0
    - Accept urlencoded square brackets
    - Accept empty values in implicit array notation
957

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
958 959
2.25.0 / 2014-08-05
===================
960

961 962
  * deps: body-parser@~1.6.0
    - deps: qs@1.0.2
963 964 965
  * deps: compression@~1.0.10
    - Fix upper-case Content-Type characters prevent compression
    - deps: compressible@~1.1.1
966 967 968
  * deps: csurf@~1.4.0
    - Support changing `req.session` after `csurf` middleware
    - Calling `res.csrfToken()` after `req.session.destroy()` will now work
969 970 971
  * deps: express-session@~1.7.4
    - Fix `res.end` patch to call correct upstream `res.write`
    - Fix response end delay for non-chunked responses
972 973 974 975 976
  * deps: qs@1.0.2
    - Complete rewrite
    - Limits array length to 20
    - Limits object depth to 5
    - Limits parameters to 1,000
977 978 979
  * deps: serve-static@~1.5.0
    - Add `extensions` option
    - deps: send@0.8.1
980

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
981 982
2.24.3 / 2014-08-04
===================
983

984 985 986
  * deps: serve-index@~1.1.5
    - Fix Content-Length calculation for multi-byte file names
    - deps: accepts@~1.0.7
987 988 989 990
  * deps: serve-static@~1.4.4
    - Fix incorrect 403 on Windows and Node.js 0.11
    - deps: send@0.7.4

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
991 992
2.24.2 / 2014-07-27
===================
993

994
  * deps: body-parser@~1.5.2
995 996
  * deps: depd@0.4.4
    - Work-around v8 generating empty stack traces
997
  * deps: express-session@~1.7.2
998
  * deps: morgan@~1.2.2
999
  * deps: serve-static@~1.4.2
1000

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1001 1002
2.24.1 / 2014-07-26
===================
1003

1004
  * deps: body-parser@~1.5.1
1005 1006
  * deps: depd@0.4.3
    - Fix exception when global `Error.stackTraceLimit` is too low
1007
  * deps: express-session@~1.7.1
1008
  * deps: morgan@~1.2.1
1009
  * deps: serve-index@~1.1.4
1010
  * deps: serve-static@~1.4.1
1011

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1012 1013
2.24.0 / 2014-07-22
===================
1014

1015 1016 1017 1018
  * deps: body-parser@~1.5.0
    - deps: depd@0.4.2
    - deps: iconv-lite@0.4.4
    - deps: raw-body@1.3.0
1019
    - deps: type-is@~1.3.2
1020 1021 1022
  * deps: compression@~1.0.9
    - Add `debug` messages
    - deps: accepts@~1.0.7
1023
  * deps: connect-timeout@~1.2.1
1024
    - Accept string for `time` (converted by `ms`)
1025
    - deps: debug@1.0.4
1026
  * deps: debug@1.0.4
1027 1028 1029 1030 1031
  * deps: depd@0.4.2
    - Add `TRACE_DEPRECATION` environment variable
    - Remove non-standard grey color from color output
    - Support `--no-deprecation` argument
    - Support `--trace-deprecation` argument
1032 1033 1034 1035
  * deps: express-session@~1.7.0
    - Improve session-ending error handling
    - deps: debug@1.0.4
    - deps: depd@0.4.2
1036 1037 1038
  * deps: finalhandler@0.1.0
    - Respond after request fully read
    - deps: debug@1.0.4
1039 1040 1041
  * deps: method-override@~2.1.2
    - deps: debug@1.0.4
    - deps: parseurl@~1.2.0
1042 1043 1044 1045 1046
  * deps: morgan@~1.2.0
    - Add `:remote-user` token
    - Add `combined` log format
    - Add `common` log format
    - Remove non-standard grey color from `dev` format
1047
  * deps: multiparty@3.3.1
1048 1049 1050 1051
  * deps: parseurl@~1.2.0
    - Cache URLs based on original value
    - Remove no-longer-needed URL mis-parse work-around
    - Simplify the "fast-path" `RegExp`
1052 1053 1054 1055
  * deps: serve-static@~1.4.0
    - Add `dotfiles` option
    - deps: parseurl@~1.2.0
    - deps: send@0.7.0
1056

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1057 1058
2.23.0 / 2014-07-10
===================
1059

1060 1061
  * deps: debug@1.0.3
    - Add support for multiple wildcards in namespaces
1062
  * deps: express-session@~1.6.4
1063 1064 1065 1066
  * deps: method-override@~2.1.0
    - add simple debug output
    - deps: methods@1.1.0
    - deps: parseurl@~1.1.3
1067 1068
  * deps: parseurl@~1.1.3
    - faster parsing of href-only URLs
1069 1070
  * deps: serve-static@~1.3.1
    - deps: parseurl@~1.1.3
1071

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1072 1073
2.22.0 / 2014-07-03
===================
1074

1075 1076
  * deps: csurf@~1.3.0
    - Fix `cookie.signed` option to actually sign cookie
1077 1078 1079 1080
  * deps: express-session@~1.6.1
    - Fix `res.end` patch to return correct value
    - Fix `res.end` patch to handle multiple `res.end` calls
    - Reject cookies with missing signatures
1081 1082 1083
  * deps: multiparty@3.3.0
    - Always emit close after all parts ended
    - Fix callback hang in node.js 0.8 on errors
1084 1085 1086 1087 1088
  * deps: serve-static@~1.3.0
    - Accept string for `maxAge` (converted by `ms`)
    - Add `setHeaders` option
    - Include HTML link in redirect response
    - deps: send@0.5.0
1089

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1090 1091
2.21.1 / 2014-06-26
===================
1092

1093 1094
  * deps: cookie-parser@1.3.2
    - deps: cookie-signature@1.0.4
1095 1096
  * deps: cookie-signature@1.0.4
    - fix for timing attacks
1097 1098
  * deps: express-session@~1.5.2
    - deps: cookie-signature@1.0.4
1099 1100
  * deps: type-is@~1.3.2
    - more mime types
1101

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1102 1103
2.21.0 / 2014-06-20
===================
1104

1105
  * deprecate `connect(middleware)` -- use `app.use(middleware)` instead
1106
  * deprecate `connect.createServer()` -- use `connect()` instead
1107
  * fix `res.setHeader()` patch to work with get -> append -> set pattern
1108
  * deps: compression@~1.0.8
1109
  * deps: errorhandler@~1.1.1
1110 1111 1112 1113 1114 1115
  * deps: express-session@~1.5.0
    - Deprecate integration with `cookie-parser` middleware
    - Deprecate looking for secret in `req.secret`
    - Directly read cookies; `cookie-parser` no longer required
    - Directly set cookies; `res.cookie` no longer required
    - Generate session IDs with `uid-safe`, faster and even less collisions
1116
  * deps: serve-index@~1.1.3
1117

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1118 1119
2.20.2 / 2014-06-19
===================
1120 1121 1122 1123

  * deps: body-parser@1.4.3
    - deps: type-is@1.3.1

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1124 1125
2.20.1 / 2014-06-19
===================
1126 1127 1128 1129

  * deps: type-is@1.3.1
    - fix global variable leak

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1130 1131
2.20.0 / 2014-06-19
===================
1132

1133 1134
  * deprecate `verify` option to `json` -- use `body-parser` npm module instead
  * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
1135
  * deprecate things with `depd` module
1136
  * use `finalhandler` for final response handling
1137
  * use `media-typer` to parse `content-type` for charset
1138
  * deps: body-parser@1.4.2
1139 1140 1141 1142 1143 1144 1145
    - check accepted charset in content-type (accepts utf-8)
    - check accepted encoding in content-encoding (accepts identity)
    - deprecate `urlencoded()` without provided `extended` option
    - lazy-load urlencoded parsers
    - support gzip and deflate bodies
    - set `inflate: false` to turn off
    - deps: raw-body@1.2.2
1146
    - deps: type-is@1.3.0
1147
    - Support all encodings from `iconv-lite`
1148 1149
  * deps: connect-timeout@1.1.1
    - deps: debug@1.0.2
1150 1151 1152 1153
  * deps: cookie-parser@1.3.1
    - export parsing functions
    - `req.cookies` and `req.signedCookies` are now plain objects
    - slightly faster parsing of many cookies
1154
  * deps: csurf@1.2.2
1155 1156 1157 1158 1159 1160 1161
  * deps: errorhandler@1.1.0
    - Display error on console formatted like `throw`
    - Escape HTML in stack trace
    - Escape HTML in title
    - Fix up edge cases with error sent in response
    - Set `X-Content-Type-Options: nosniff` header
    - Use accepts for negotiation
1162 1163 1164 1165 1166
  * deps: express-session@1.4.0
    - Add `genid` option to generate custom session IDs
    - Add `saveUninitialized` option to control saving uninitialized sessions
    - Add `unset` option to control unsetting `req.session`
    - Generate session IDs with `rand-token` by default; reduce collisions
1167
    - Integrate with express "trust proxy" by default
1168
    - deps: buffer-crc32@0.2.3
1169
    - deps: debug@1.0.2
1170
  * deps: multiparty@3.2.9
1171 1172
  * deps: serve-index@1.1.2
    - deps: batch@0.5.1
1173 1174
  * deps: type-is@1.3.0
    - improve type parsing
1175 1176 1177 1178
  * deps: vhost@2.0.0
    - Accept `RegExp` object for `hostname`
    - Provide `req.vhost` object
    - Support IPv6 literal in `Host` header
1179

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1180 1181
2.19.6 / 2014-06-11
===================
1182

1183 1184
  * deps: body-parser@1.3.1
    - deps: type-is@1.2.1
1185 1186 1187 1188
  * deps: compression@1.0.7
    - use vary module for better `Vary` behavior
    - deps: accepts@1.0.3
    - deps: compressible@1.1.0
1189
  * deps: debug@1.0.2
1190 1191
  * deps: serve-index@1.1.1
    - deps: accepts@1.0.3
1192 1193 1194
  * deps: serve-static@1.2.3
    - Do not throw un-catchable error on file open race condition
    - deps: send@0.4.3
1195

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1196 1197
2.19.5 / 2014-06-09
===================
1198 1199 1200

  * deps: csurf@1.2.1
    - refactor to use csrf-tokens@~1.0.2
1201
  * deps: debug@1.0.1
1202 1203 1204
  * deps: serve-static@1.2.2
    - fix "event emitter leak" warnings
    - deps: send@0.4.2
1205 1206
  * deps: type-is@1.2.1
    - Switch dependency from `mime` to `mime-types@1.0.0`
1207

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1208 1209
2.19.4 / 2014-06-05
===================
1210

1211
  * deps: errorhandler@1.0.2
1212
    - Pass on errors from reading error files
1213 1214
  * deps: method-override@2.0.2
    - use vary module for better `Vary` behavior
1215 1216 1217
  * deps: serve-favicon@2.0.1
    - Reduce byte size of `ETag` header

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1218 1219
2.19.3 / 2014-06-03
===================
1220 1221 1222 1223 1224 1225

  * deps: compression@1.0.6
    - fix listeners for delayed stream creation
    - fix regression for certain `stream.pipe(res)` situations
    - fix regression when negotiation fails

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1226 1227
2.19.2 / 2014-06-03
===================
1228 1229 1230 1231 1232 1233

  * deps: compression@1.0.4
    - fix adding `Vary` when value stored as array
    - fix back-pressure behavior
    - fix length check for `res.end`

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1234 1235
2.19.1 / 2014-06-02
===================
1236 1237 1238

  * fix deprecated `utils.escape`

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1239 1240
2.19.0 / 2014-06-02
===================
1241

1242
  * deprecate `methodOverride()` -- use `method-override` npm module instead
1243 1244
  * deps: body-parser@1.3.0
    - add `extended` option to urlencoded parser
1245
  * deps: method-override@2.0.1
1246
    - set `Vary` header
1247
    - deps: methods@1.0.1
1248
  * deps: multiparty@3.2.8
1249 1250 1251 1252 1253
  * deps: response-time@2.0.0
    - add `digits` argument
    - do not override existing `X-Response-Time` header
    - timer not subject to clock drift
    - timer resolution down to nanoseconds
1254 1255 1256 1257
  * deps: serve-static@1.2.1
    - send max-age in Cache-Control in correct format
    - use `escape-html` for escaping
    - deps: send@0.4.1
1258

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1259 1260
2.18.0 / 2014-05-29
===================
1261

1262
  * deps: compression@1.0.3
1263
  * deps: serve-index@1.1.0
1264 1265 1266 1267 1268
    - Fix content negotiation when no `Accept` header
    - Properly support all HTTP methods
    - Support vanilla node.js http servers
    - Treat `ENAMETOOLONG` as code 414
    - Use accepts for negotiation
1269 1270 1271 1272 1273 1274 1275
  * deps: serve-static@1.2.0
    - Calculate ETag with md5 for reduced collisions
    - Fix wrong behavior when index file matches directory
    - Ignore stream errors after request ends
    - Skip directories in index file search
    - deps: send@0.4.0

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1276 1277
2.17.3 / 2014-05-27
===================
1278 1279 1280 1281

  * deps: express-session@1.2.1
    - Fix `resave` such that `resave: true` works

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1282 1283
2.17.2 / 2014-05-27
===================
1284

1285
  * deps: body-parser@1.2.2
1286
    - invoke `next(err)` after request fully read
1287
    - deps: raw-body@1.1.6
1288 1289 1290 1291
  * deps: method-override@1.0.2
    - Handle `req.body` key referencing array or object
    - Handle multiple HTTP headers

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1292 1293
2.17.1 / 2014-05-21
===================
1294 1295 1296

  * fix `res.charset` appending charset when `content-type` has one

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1297 1298
2.17.0 / 2014-05-20
===================
1299

1300 1301
  * deps: express-session@1.2.0
    - Add `resave` option to control saving unmodified sessions
1302
  * deps: morgan@1.1.1
1303 1304 1305 1306 1307 1308
    - "dev" format will use same tokens as other formats
    - `:response-time` token is now empty when immediate used
    - `:response-time` token is now monotonic
    - `:response-time` token has precision to 1 μs
    - fix `:status` + immediate output in node.js 0.8
    - improve `buffer` option to prevent indefinite event loop holding
1309
    - simplify method to get remote address
1310
    - deps: bytes@1.0.0
1311 1312
  * deps: serve-index@1.0.3
    - Fix error from non-statable files in HTML view
1313

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1314 1315
2.16.2 / 2014-05-18
===================
1316

1317
  * fix edge-case in `res.appendHeader` that would append in wrong order
1318 1319
  * deps: method-override@1.0.1

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1320 1321
2.16.1 / 2014-05-17
===================
1322 1323 1324

  * remove usages of `res.headerSent` from core

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1325 1326
2.16.0 / 2014-05-17
===================
1327

1328
  * deprecate `res.headerSent` -- use `res.headersSent`
1329
  * deprecate `res.on("header")` -- use on-headers module instead
1330
  * fix `connect.version` to reflect the actual version
1331
  * json: use body-parser
1332 1333 1334
    - add `type` option
    - fix repeated limit parsing with every request
    - improve parser speed
1335
  * urlencoded: use body-parser
1336 1337
    - add `type` option
    - fix repeated limit parsing with every request
1338 1339
  * dep: bytes@1.0.0
    * add negative support
1340 1341
  * dep: cookie-parser@1.1.0
    - deps: cookie@0.1.2
1342 1343
  * dep: csurf@1.2.0
    - add support for double-submit cookie
1344 1345 1346
  * dep: express-session@1.1.0
    - Add `name` option; replacement for `key` option
    - Use `setImmediate` in MemoryStore for node.js >= 0.10
1347

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
1348 1349
2.15.0 / 2014-05-04
===================